com.sapienter.jbilling.server.user.validator.NoUserInfoInPasswordValidator.java Source code

Java tutorial

  1. HOME
  2. Java
  3. com.sapienter.jbilling.server.user.validator.NoUserInfoInPasswordValidator.java

Introduction

Here is the source code for com.sapienter.jbilling.server.user.validator.NoUserInfoInPasswordValidator.java

Source

/*
jBilling - The Enterprise Open Source Billing System
Copyright (C) 2003-2009 Enterprise jBilling Software Ltd. and Emiliano Conde
    
This file is part of jbilling.
    
jbilling is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
    
jbilling is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.
    
You should have received a copy of the GNU Affero General Public License
along with jbilling.  If not, see <http://www.gnu.org/licenses/>.
*/
package com.sapienter.jbilling.server.user.validator;

import java.lang.reflect.Method;

import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;

import org.apache.commons.validator.Field;
import org.apache.commons.validator.GenericValidator;
import org.apache.commons.validator.ValidatorAction;
import org.apache.commons.validator.util.ValidatorUtils;
import org.apache.log4j.Logger;
import org.apache.struts.action.ActionErrors;
import org.apache.struts.validator.Resources;

import com.sapienter.jbilling.client.util.Constants;
import com.sapienter.jbilling.server.user.ContactDTOEx;
import com.sapienter.jbilling.server.user.IUserSessionBean;
import com.sapienter.jbilling.server.util.Context;

public class NoUserInfoInPasswordValidator {

    private static final Logger LOG = Logger.getLogger(NoUserInfoInPasswordValidator.class);

    /**
     * This method verifies that the password passed as parameter does not
     * contain any user information as retrieved from the user contact
     * record.
     * @param userId User ID of the user whose password is being verified.
     * @param password the new password that is being validated.
     * @return <code>true</code> if the password passes the verification,
     * otherwise returns <code>false</code>.
     */
    public static boolean basicValidation(Object dto, String password) {
        boolean retVal = true;
        try {
            if (dto == null) {
                retVal = false;
            } else {
                // Check all the fields against the password by using reflection.
                Class cl = dto.getClass();
                Method m[] = cl.getMethods();
                for (int i = 0; i < m.length && retVal == true; i++) {
                    // We're interested only in the getter methods
                    // that return a String value.
                    if (m[i].getReturnType() != String.class || !m[i].getName().startsWith("get")) {
                        continue;
                    }

                    // We can now invoke the method via reflection to retrieve
                    // the value.
                    String temp = (String) m[i].invoke(dto);
                    if (temp == null) {
                        continue;
                    }

                    // Now check the value against the provided password.
                    if (temp.equalsIgnoreCase(password)) {
                        retVal = false;
                        break;
                    }
                    /*
                     * Now, break up the returned values into words and check
                     * those. This intercepts a case where, for example, the
                     * contact's name is "John Michael Doe" and the password
                     * is set to be only "michael".
                     */
                    String te[] = temp.split(" ");
                    for (int j = 0; j < te.length; j++) {
                        if (te[j].equalsIgnoreCase(password)) {
                            retVal = false;
                            break;
                        }
                    }
                }
            }
        } catch (Exception e) {
            LOG.error("Exception validating for contact in password ", e);
            retVal = false;
        }
        return retVal;
    }

    /**
     * Struts validator. This method retrieves the parameters necessary for
     * validating the password passed and calls basicValidation() to verify
     * the value. As such, it only represents a struts wrapper to
     * the core validation routine.
     * @return
     */
    public static boolean validateNoUserInfo(Object bean, ValidatorAction va, Field field, ActionErrors errors,
            HttpServletRequest request, ServletContext application) {

        boolean retVal = true;

        try {

            String value = ValidatorUtils.getValueAsString(bean, field.getProperty());

            if (!GenericValidator.isBlankOrNull(value)) {
                IUserSessionBean user = (IUserSessionBean) Context.getBean(Context.Name.USER_SESSION);
                ContactDTOEx dto = user.getPrimaryContactDTO(
                        (Integer) request.getSession().getAttribute(Constants.SESSION_USER_ID));
                if (dto != null) {
                    retVal = basicValidation(dto, value);
                }
            }

        } catch (Exception e) {
            retVal = false;
        }
        if (retVal == false) {
            errors.add(field.getKey(), Resources.getActionError(request, va, field));
        }
        return retVal;
    }
}