Java tutorial
/*L * Copyright Ekagra Software Technologies Ltd. * Copyright SAIC, SAIC-Frederick * * Distributed under the OSI-approved BSD 3-Clause License. * See http://ncip.github.com/common-security-module/LICENSE.txt for details. */ package gov.nih.nci.security.upt.util; import gov.nih.nci.security.authorization.domainobjects.FilterClause; import gov.nih.nci.security.exceptions.CSConfigurationException; import gov.nih.nci.security.exceptions.CSException; import gov.nih.nci.security.upt.constants.DisplayConstants; import gov.nih.nci.security.util.FileLoader; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.DataInputStream; import java.io.IOException; import java.io.InputStream; import java.lang.reflect.Array; import java.util.ArrayList; import java.util.Enumeration; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Set; import java.util.StringTokenizer; import javax.servlet.http.HttpSession; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import org.apache.log4j.Appender; import org.apache.log4j.Logger; import org.apache.log4j.SimpleLayout; import org.apache.log4j.WriterAppender; import org.directwebremoting.WebContextFactory; import org.hibernate.Criteria; import org.hibernate.Session; import org.hibernate.SessionFactory; import org.hibernate.cache.CacheException; import org.hibernate.cfg.Configuration; import org.hibernate.criterion.Expression; import org.hibernate.criterion.Projections; import org.hibernate.engine.SessionFactoryImplementor; import org.hibernate.metadata.ClassMetadata; import org.hibernate.persister.entity.AbstractEntityPersister; import org.hibernate.type.AssociationType; import org.hibernate.type.Type; import org.w3c.dom.Document; public class HibernateHelper { public static SessionFactory loadSessionFactory(String fileName, HttpSession sess) throws CSConfigurationException { FileLoader fileLoader = FileLoader.getInstance(); InputStream stream = fileLoader.getFileAsStream(fileName); SessionFactory sessionFactory = null; try { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); DocumentBuilder db = dbf.newDocumentBuilder(); Document doc = db.parse(stream); //File file = new File(url.toURI()); //AnnotationConfiguration configuration = new AnnotationConfiguration().configure(doc); Configuration configuration = new Configuration().configure(doc); if (configuration.getProperty("hibernate.cache.use_second_level_cache") == null || configuration.getProperty("cache.use_second_level_cache") == null) { configuration.setProperty("hibernate.cache.use_second_level_cache", "false"); configuration.setProperty("cache.use_second_level_cache", "false"); } JDBCHelper.testConnectionHibernate(configuration); sessionFactory = configuration.buildSessionFactory(); } catch (CacheException e) { e.printStackTrace(); ClassPathLoader.releaseJarsFromClassPath(sess); throw new CSConfigurationException( "Error in loading the Session Factory from the Hibernate File." + e.getMessage()); } catch (Exception exception) { exception.printStackTrace(); throw new CSConfigurationException( "Error in loading the Session Factory from the Hibernate File." + exception.getMessage()); } if (null == sessionFactory) throw new CSConfigurationException("Error in loading the Session Factory from the Hibernate File"); else { Session session = null; try { session = sessionFactory.openSession(); } catch (Exception exception) { exception.printStackTrace(); throw new CSConfigurationException("Error in creating a Session from the Loaded Session Factory"); } if (null == session) throw new CSConfigurationException("Error in creating a Session from the Loaded Session Factory"); } return sessionFactory; } public static List getAllClassNames(SessionFactory sessionFactory) { Map map = sessionFactory.getAllClassMetadata(); Set<String> set = map.keySet(); ArrayList<String> list = new ArrayList(); for (String className : set) { list.add(className); } return list; } public static HashMap getAssociatedClasses(String className) throws CSException { System.out.println("className " + className); boolean isParentClass = false; HttpSession session = WebContextFactory.get().getHttpServletRequest().getSession(); if (session.isNew() || (session.getAttribute(DisplayConstants.LOGIN_OBJECT) == null)) { throw new CSException("Session Expired - Please Relogin!"); } if (className.contains(" - self")) { throw new CSException("No Associations allowed for direct security filter clause."); } SessionFactory sessionFactory = (SessionFactory) session .getAttribute(DisplayConstants.HIBERNATE_SESSIONFACTORY); HashMap map = new HashMap(); if (!(className.contains(" - "))) { isParentClass = true; } else { className = className.substring(0, className.indexOf(" - ")); } System.out.println("className2 " + className); ClassMetadata classMetadata = sessionFactory.getClassMetadata(className); String[] properties = classMetadata.getPropertyNames(); for (int i = 0; i < properties.length; i++) { Type type = classMetadata.getPropertyType(properties[i]); if (type instanceof AssociationType) { try { AssociationType associationType = (AssociationType) type; map.put(properties[i], associationType.getAssociatedEntityName((SessionFactoryImplementor) sessionFactory) + " - " + properties[i]); } catch (Exception e) { throw new CSException("Hibernate Error: " + e.getMessage()); } } } System.out.println("isParentClass " + isParentClass); if (isParentClass) { map.put(className, className + " - self"); } if (map.size() == 0) throw new CSException("No associated Classes Found!"); System.out.println("map " + map); return map; } public static HashMap getAssociatedAttributes(String className) throws CSException { className = className.substring(0, className.indexOf(" - ")); HttpSession session = WebContextFactory.get().getHttpServletRequest().getSession(); if (session.isNew() || (session.getAttribute(DisplayConstants.LOGIN_OBJECT) == null)) { throw new CSException("Session Expired - Please Relogin!"); } SessionFactory sessionFactory = (SessionFactory) session .getAttribute(DisplayConstants.HIBERNATE_SESSIONFACTORY); HashMap map = new HashMap(); ClassMetadata classMetadata = sessionFactory.getClassMetadata(className); List propertiesList = new ArrayList(); String[] properties1 = classMetadata.getPropertyNames(); for (int count = 0; count < properties1.length; count++) { propertiesList.add(new String(properties1[count])); } propertiesList.add(new String(classMetadata.getIdentifierPropertyName())); Iterator propertiesIterator = propertiesList.iterator(); while (propertiesIterator.hasNext()) { String property = (String) propertiesIterator.next(); Type type = classMetadata.getPropertyType(property); if (!(type instanceof AssociationType)) { map.put(property + "-_-" + (type.getReturnedClass()).getName(), property); } } if (map.size() == 0) throw new CSException("No associated Classes Found!"); return map; } public static String getGeneratedSQL(FilterClause filterClause, SessionFactory sessionFactory, boolean isSecurityForGroup, String peiTableOrViewName) { Session session = sessionFactory.openSession(); Criteria queryCriteria = createCriterias(filterClause, session); String generatedSQL = generateSQL(filterClause, queryCriteria, session, isSecurityForGroup, peiTableOrViewName); if (isSecurityForGroup) filterClause.setGeneratedSQLForGroup(generatedSQL); else filterClause.setGeneratedSQLForUser(generatedSQL); return generatedSQL; } private static String generateSQL(FilterClause filterClause, Criteria criteria, Session session, boolean isSecurityForGroup, String peiTableOrViewName) { String capturedSQL = null; ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); Appender appender = new WriterAppender(new SimpleLayout(), byteArrayOutputStream); Logger logger = Logger.getLogger("org.hibernate.SQL"); Enumeration enumeration = logger.getAllAppenders(); logger.addAppender(appender); criteria.list(); DataInputStream dataInputStream = new DataInputStream( new ByteArrayInputStream(byteArrayOutputStream.toByteArray())); try { while (dataInputStream.available() != 0) { String line = dataInputStream.readLine(); if (line.startsWith("DEBUG - select this_")) { capturedSQL = line; } } } catch (IOException e) { e.printStackTrace(); } logger.removeAppender(appender); String filterSQL; if (isSecurityForGroup) { filterSQL = modifySQLForGroup(filterClause, capturedSQL, session, peiTableOrViewName); } else { filterSQL = modifySQLForUser(filterClause, capturedSQL, session, peiTableOrViewName); } return filterSQL; } private static Criteria createCriterias(FilterClause filterClause, Session session) { List<Criteria> criteriaList = new ArrayList(); criteriaList.add(0, session.createCriteria(filterClause.getClassName())); StringTokenizer stringTokenizer = new StringTokenizer(filterClause.getFilterChain(), ","); int count = 0; while (stringTokenizer.hasMoreTokens()) { String attributeName = stringTokenizer.nextToken(); if (attributeName.trim().equals(filterClause.getClassName())) break; count++; Criteria parentCriteria = criteriaList.get(count - 1); Criteria childCriteria = parentCriteria.createCriteria(attributeName.trim()); criteriaList.add(count, childCriteria); } Criteria targetCriteria = criteriaList.get(count); String attributeName = filterClause.getTargetClassAttributeName(); Class attributeType = null; Class IntegerType = null; try { attributeType = Class.forName(filterClause.getTargetClassAttributeType()); IntegerType = Class.forName("java.lang.Integer"); } catch (ClassNotFoundException e) { // TODO Auto-generated catch block e.printStackTrace(); } Object valueArray = Array.newInstance(attributeType, 1); try { if (attributeType.equals(IntegerType)) { Array.set(valueArray, 0, new Integer(0)); } else { Array.set(valueArray, 0, attributeType.newInstance()); } } catch (ArrayIndexOutOfBoundsException e) { e.printStackTrace(); } catch (IllegalArgumentException e) { e.printStackTrace(); } catch (InstantiationException e) { e.printStackTrace(); } catch (IllegalAccessException e) { e.printStackTrace(); } targetCriteria.add(Expression.in(attributeName, (Object[]) valueArray)); Criteria mainCriteria = (Criteria) criteriaList.get(0); mainCriteria.setProjection(Projections.id()); return mainCriteria; } private static String modifySQLForUser(FilterClause filterClause, String generatedSQL, Session session, String peiTableOrViewName) { String targetClassName = null; if (StringUtils.isBlank(filterClause.getTargetClassAlias())) targetClassName = filterClause.getTargetClassName().substring(0, filterClause.getTargetClassName().indexOf(" - ")); else targetClassName = filterClause.getTargetClassAlias(); String targetClassAttributeName = null; if (StringUtils.isBlank(filterClause.getTargetClassAttributeAlias())) targetClassAttributeName = filterClause.getTargetClassAttributeName(); else targetClassAttributeName = filterClause.getTargetClassAttributeAlias(); String CSM_QUERY = " select pe.attribute_value from " + "csm_protection_group pg, " + "csm_protection_element pe, " + "csm_pg_pe pgpe, " + "csm_user_group_role_pg ugrpg, " + "csm_user u, " + "csm_role_privilege rp, " + "csm_role r, " + "csm_privilege p " + "where ugrpg.role_id = r.role_id " + "and ugrpg.user_id = u.user_id and " + "ugrpg.protection_group_id = ANY " + "(select pg1.protection_group_id " + "from csm_protection_group pg1 " + "where pg1.protection_group_id = pg.protection_group_id " + "or pg1.protection_group_id = " + "(select pg2.parent_protection_group_id " + "from csm_protection_group pg2 " + "where pg2.protection_group_id = pg.protection_group_id)) " + "and pg.protection_group_id = pgpe.protection_group_id " + "and pgpe.protection_element_id = pe.protection_element_id " + "and r.role_id = rp.role_id " + "and rp.privilege_id = p.privilege_id " + "and pe.object_id= '" + targetClassName + "' " + "and pe.attribute='" + targetClassAttributeName + "' " + "and p.privilege_name='READ' " + "and u.login_name=:USER_NAME " + "and pe.application_id=:APPLICATION_ID"; String CSM_QUERY_2 = "select upei.attribute_value from " + peiTableOrViewName + " upei where " + "upei.login_name=:USER_NAME and upei.application_id =:APPLICATION_ID and upei.privilege_name='READ'"; StringBuffer result = new StringBuffer(); String query = generatedSQL.substring(generatedSQL.indexOf('-') + 1, generatedSQL.length()); query = query.trim(); query = query.substring(0, query.indexOf('?')); String delimiters = "+-*/(),. "; StringTokenizer st = new StringTokenizer(query, delimiters, true); while (st.hasMoreTokens()) { String w = st.nextToken(); if (w.equals("this_")) { result = result.append("table_name_csm_"); } else if (w.equals("y0_")) { result = result.append(""); } else if (w.equals("as")) { result = result.append(""); } else { result = result.append(w); } } SessionFactory sessionFactory = session.getSessionFactory(); ClassMetadata classMetadata = sessionFactory.getClassMetadata(filterClause.getClassName()); String columnName = null; if (classMetadata instanceof AbstractEntityPersister) { AbstractEntityPersister abstractEntityPersister = (AbstractEntityPersister) classMetadata; String Id = abstractEntityPersister.getIdentifierPropertyName(); String[] columns = abstractEntityPersister.getPropertyColumnNames(Id); columnName = columns[0]; } if (!StringUtils.isBlank(peiTableOrViewName)) { query = columnName + " in (" + result.toString() + CSM_QUERY_2 + "))"; } else { query = columnName + " in (" + result.toString() + CSM_QUERY + "))"; } return query.toString(); } private static String modifySQLForGroup(FilterClause filterClause, String generatedSQL, Session session, String peiTableOrViewName) { String targetClassName = null; if (StringUtils.isBlank(filterClause.getTargetClassAlias())) targetClassName = filterClause.getTargetClassName().substring(0, filterClause.getTargetClassName().indexOf(" - ")); else targetClassName = filterClause.getTargetClassAlias(); String targetClassAttributeName = null; if (StringUtils.isBlank(filterClause.getTargetClassAttributeAlias())) targetClassAttributeName = filterClause.getTargetClassAttributeName(); else targetClassAttributeName = filterClause.getTargetClassAttributeAlias(); String CSM_QUERY = "SELECT Distinct pe.attribute_value " + "FROM CSM_PROTECTION_GROUP pg, " + " CSM_PROTECTION_ELEMENT pe, " + " CSM_PG_PE pgpe," + " CSM_USER_GROUP_ROLE_PG ugrpg, " + " CSM_GROUP g, " + " CSM_ROLE_PRIVILEGE rp, " + " CSM_ROLE r, " + " CSM_PRIVILEGE p " + "WHERE ugrpg.role_id = r.role_id " + "AND ugrpg.group_id = g.group_id " + "AND ugrpg.protection_group_id = ANY " + "( select pg1.protection_group_id from csm_protection_group pg1 " + " where pg1.protection_group_id = pg.protection_group_id OR pg1.protection_group_id = " + " (select pg2.parent_protection_group_id from csm_protection_group pg2 where pg2.protection_group_id = pg.protection_group_id)" + " ) " + "AND pg.protection_group_id = pgpe.protection_group_id " + "AND pgpe.protection_element_id = pe.protection_element_id " + "AND r.role_id = rp.role_id " + "AND rp.privilege_id = p.privilege_id " + "AND pe.object_id= '" + targetClassName + "' " + "AND p.privilege_name='READ' " + "AND g.group_name IN (:GROUP_NAMES ) " + "AND pe.application_id=:APPLICATION_ID"; String CSM_QUERY_2 = "select upei.attribute_value from " + peiTableOrViewName + " upei where " + "upei.group_name IN (:GROUP_NAMES) and upei.application_id =:APPLICATION_ID and upei.privilege_name='READ'"; /*String CSM_QUERY = " select pe.attribute_value from " + "csm_protection_group pg, " + "csm_protection_element pe, " + "csm_pg_pe pgpe, " + "csm_user_group_role_pg ugrpg, " + "csm_user u, " + "csm_role_privilege rp, " + "csm_role r, " + "csm_privilege p " + "where ugrpg.role_id = r.role_id " + "and ugrpg.user_id = u.user_id and " + "ugrpg.protection_group_id = ANY " + "(select pg1.protection_group_id " + "from csm_protection_group pg1 " + "where pg1.protection_group_id = pg.protection_group_id " + "or pg1.protection_group_id = " + "(select pg2.parent_protection_group_id " + "from csm_protection_group pg2 " + "where pg2.protection_group_id = pg.protection_group_id)) " + "and pg.protection_group_id = pgpe.protection_group_id " + "and pgpe.protection_element_id = pe.protection_element_id " + "and r.role_id = rp.role_id " + "and rp.privilege_id = p.privilege_id " + "and pe.object_id= '" + targetClassName + "' " + "and pe.attribute='" + targetClassAttributeName + "' " + "and p.privilege_name='READ' " + "and u.login_name=:USER_NAME " + "and pe.application_id=:APPLICATION_ID" ; */ StringBuffer result = new StringBuffer(); String query = generatedSQL.substring(generatedSQL.indexOf('-') + 1, generatedSQL.length()); query = query.trim(); query = query.substring(0, query.indexOf('?')); String delimiters = "+-*/(),. "; StringTokenizer st = new StringTokenizer(query, delimiters, true); while (st.hasMoreTokens()) { String w = st.nextToken(); if (w.equals("this_")) { result = result.append("table_name_csm_"); } else if (w.equals("y0_")) { result = result.append(""); } else if (w.equals("as")) { result = result.append(""); } else { result = result.append(w); } } SessionFactory sessionFactory = session.getSessionFactory(); ClassMetadata classMetadata = sessionFactory.getClassMetadata(filterClause.getClassName()); String columnName = null; if (classMetadata instanceof AbstractEntityPersister) { AbstractEntityPersister abstractEntityPersister = (AbstractEntityPersister) classMetadata; String Id = abstractEntityPersister.getIdentifierPropertyName(); String[] columns = abstractEntityPersister.getPropertyColumnNames(Id); columnName = columns[0]; } if (!StringUtils.isBlank(peiTableOrViewName)) { query = columnName + " in (" + result.toString() + CSM_QUERY_2 + "))"; } else { query = columnName + " in (" + result.toString() + CSM_QUERY + "))"; } return query.toString(); } private static Appender startSQLCapture(ByteArrayOutputStream byteArrayOutputStream) { Appender appender = new WriterAppender(new SimpleLayout(), byteArrayOutputStream); Logger logger = Logger.getLogger("org.hibernate.SQL"); logger.addAppender(appender); return appender; } private static String stopSQLCapture(Appender appender, ByteArrayOutputStream byteArrayOutputStream) { Logger logger = Logger.getLogger("org.hibernate.SQL"); logger.removeAppender(appender); DataInputStream dataInputStream = new DataInputStream( new ByteArrayInputStream(byteArrayOutputStream.toByteArray())); try { while (dataInputStream.available() != 0) { String line = dataInputStream.readLine(); if (line.startsWith("DEBUG - select this_")) { return line; } } } catch (IOException e) { e.printStackTrace(); } return null; } }