Java tutorial
// Description: Java 8 Security Manager Change Password Servlet /* * Code Factory Asterisk 11 Configuration Model * * Copyright (c) 2014-2015 Mark Sobkow * * This program is available as free software under the GNU GPL v3, or * under a commercial license from Mark Sobkow. For commercial licensing * details, please contact msobkow@sasktel.net. * * Under the terms of the GPL: * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. * */ package net.sourceforge.msscodefactory.cfasterisk.v2_4.CFAsteriskSMWar; import java.io.IOException; import java.io.PrintWriter; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Calendar; import java.util.Date; import java.util.Iterator; import java.util.Properties; import java.util.UUID; import javax.mail.*; import javax.mail.internet.*; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.*; import org.apache.commons.codec.binary.Base64; import net.sourceforge.msscodefactory.cflib.v2_3.CFLib.CFLib; import net.sourceforge.msscodefactory.cfsecurity.v2_4.CFSecurity.*; import net.sourceforge.msscodefactory.cfinternet.v2_4.CFInternet.*; import net.sourceforge.msscodefactory.cfasterisk.v2_4.CFAsterisk.*; import net.sourceforge.msscodefactory.cfsecurity.v2_4.CFSecurityObj.*; import net.sourceforge.msscodefactory.cfinternet.v2_4.CFInternetObj.*; import net.sourceforge.msscodefactory.cfasterisk.v2_4.CFAsteriskObj.*; /** * Servlet implementation class CFAsteriskSMWarChangePasswordHtml */ @WebServlet("/CFAsteriskSMWarChangePasswordHtml") public class CFAsteriskSMWarChangePasswordHtml extends HttpServlet { private static final long serialVersionUID = 1L; /** * @see HttpServlet#HttpServlet() */ public CFAsteriskSMWarChangePasswordHtml() { super(); } /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { final String S_ProcName = "doGet"; ICFAsteriskSchemaObj schemaObj; HttpSession sess = request.getSession(false); if (sess == null) { sess = request.getSession(true); schemaObj = new CFAsteriskSchemaPooledObj(); sess.setAttribute("SchemaObj", schemaObj); } else { schemaObj = (ICFAsteriskSchemaObj) sess.getAttribute("SchemaObj"); if (schemaObj == null) { schemaObj = new CFAsteriskSchemaPooledObj(); sess.setAttribute("SchemaObj", schemaObj); } } ICFAsteriskSchema dbSchema = null; try { CFSecurityAuthorization auth = schemaObj.getAuthorization(); if (auth == null) { response.sendRedirect("CFAsteriskSMWarLoginHtml"); return; } dbSchema = (ICFAsteriskSchema) CFAsteriskSchemaPool.getSchemaPool().getInstance(); schemaObj.setBackingStore(dbSchema); schemaObj.beginTransaction(); ICFSecuritySecUserObj secUser = schemaObj.getSecUserTableObj().readSecUserByIdIdx(auth.getSecUserId()); if (secUser == null) { throw CFLib.getDefaultExceptionFactory().newNullArgumentException(getClass(), S_ProcName, 0, "secUser"); } ICFSecurityClusterObj secCluster = schemaObj.getClusterTableObj() .readClusterByIdIdx(auth.getSecClusterId()); if (secCluster == null) { throw CFLib.getDefaultExceptionFactory().newNullArgumentException(getClass(), S_ProcName, 0, "secCluster"); } String clusterDescription = secCluster.getRequiredDescription(); response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\">"); out.println("<HTML>"); out.println("<BODY>"); out.println("<form method=\"post\" formaction=\"CFAsteriskSMWarChangePasswordHtml\">"); out.println("<H1 style=\"text-align:center\">" + clusterDescription + " Security Manager</H1>"); out.println("<H2 style=\"text-align:center\">Change Password for " + secUser.getRequiredEMailAddress() + "</H2>"); out.println("<p>"); out.println("<center>"); out.println("<table style=\"width:75%\">"); out.println( "<tr><th style=\"text-align:left\">Login Id:</th><td><input type=\"text\" name=\"LoginId\" readonly=\"true\" value=\"" + secUser.getRequiredEMailAddress() + "\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">Old Password:</th><td><input type=\"password\" name=\"OldPassword\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">New Password:</th><td><input type=\"password\" name=\"Password\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">Confirm New Password:</th><td><input type=\"password\" name=\"ConfirmPassword\"/></td></tr>"); out.println( "<tr><td colspan=\"2\" style=\"text-align:center\"><button type=\"submit\" name=\"Ok\"\">Ok</button></td></tr>"); out.println( "<tr><td colSpan=\"2\" style=\"text-align:center\"><A HRef=\"CFAsteriskSMWarLoginHtml\">Take me to the " + secCluster.getRequiredDescription() + " Security Manager Login</A></td></tr>"); out.println("</table>"); out.println("</center>"); out.println("</form>"); out.println("</BODY>"); out.println("</HTML>"); } catch (RuntimeException e) { throw CFLib.getDefaultExceptionFactory().newRuntimeException(getClass(), S_ProcName, "Caught RuntimeException -- " + e.getMessage(), e); } finally { if (dbSchema != null) { try { if (schemaObj.isTransactionOpen()) { schemaObj.rollback(); } } catch (RuntimeException e) { } schemaObj.setBackingStore(null); CFAsteriskSchemaPool.getSchemaPool().releaseInstance(dbSchema); } } } /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { final String S_ProcName = "doPost"; ICFAsteriskSchemaObj schemaObj; HttpSession sess = request.getSession(false); if (sess == null) { sess = request.getSession(true); schemaObj = new CFAsteriskSchemaPooledObj(); sess.setAttribute("SchemaObj", schemaObj); } else { schemaObj = (ICFAsteriskSchemaObj) sess.getAttribute("SchemaObj"); if (schemaObj == null) { throw CFLib.getDefaultExceptionFactory().newNullArgumentException(getClass(), S_ProcName, 0, "schemaObj"); } } ICFAsteriskSchema dbSchema = null; try { CFSecurityAuthorization auth = schemaObj.getAuthorization(); if (auth == null) { response.sendRedirect("CFAsteriskSMWarLoginHtml"); return; } dbSchema = (ICFAsteriskSchema) CFAsteriskSchemaPool.getSchemaPool().getInstance(); schemaObj.setBackingStore(dbSchema); schemaObj.beginTransaction(); ICFSecuritySecUserObj systemUser = schemaObj.getSecUserTableObj().readSecUserByULoginIdx("system"); String passwordHash = systemUser.getRequiredPasswordHash(); if ((passwordHash == null) || (passwordHash.length() <= 0) || passwordHash.equals("bootstrap")) { response.sendRedirect("CFAsteriskSMWarSetSystemPasswordHtml"); } ICFSecuritySecUserObj secUser = schemaObj.getSecUserTableObj().readSecUserByIdIdx(auth.getSecUserId()); if (secUser == null) { throw CFLib.getDefaultExceptionFactory().newNullArgumentException(getClass(), S_ProcName, 0, "secUser"); } ICFSecurityClusterObj secCluster = schemaObj.getClusterTableObj() .readClusterByIdIdx(auth.getSecClusterId()); if (secCluster == null) { throw CFLib.getDefaultExceptionFactory().newNullArgumentException(getClass(), S_ProcName, 0, "secCluster"); } String clusterDescription = secCluster.getRequiredDescription(); String oldPassword = (String) request.getParameter("OldPassword"); if ((oldPassword == null) || (oldPassword.length() <= 0)) { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\">"); out.println("<HTML>"); out.println("<BODY>"); out.println("<form method=\"post\" formaction=\"CFAsteriskSMWarChangePasswordHtml\">"); out.println("<H1 style=\"text-align:center\">" + clusterDescription + " Security Manager</H1>"); out.println("<H2 style=\"text-align:center\">ERROR</H2>"); out.println("<p style=\"text-align:center\">"); out.println("Old Password must be specified."); out.println("<p>"); out.println("<center>"); out.println("<table style=\"width:75%\">"); out.println( "<tr><th style=\"text-align:left\">Login Id:</th><td><input type=\"text\" name=\"LoginId\" readonly=\"true\" value=\"" + secUser.getRequiredEMailAddress() + "\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">Old Password:</th><td><input type=\"password\" name=\"OldPassword\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">New Password:</th><td><input type=\"password\" name=\"Password\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">Confirm New Password:</th><td><input type=\"password\" name=\"ConfirmPassword\"/></td></tr>"); out.println( "<tr><td colspan=\"2\" style=\"text-align:center\"><button type=\"submit\" name=\"Ok\"\">Ok</button></td></tr>"); out.println( "<tr><td colSpan=\"2\" style=\"text-align:center\"><A HRef=\"CFAsteriskSMWarLoginHtml\">Take me to the " + secCluster.getRequiredDescription() + " Security Manager Login</A></td></tr>"); out.println("</table>"); out.println("</center>"); out.println("</form>"); out.println("</BODY>"); out.println("</HTML>"); return; } String password = (String) request.getParameter("Password"); if ((password == null) || (password.length() <= 0)) { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\">"); out.println("<HTML>"); out.println("<BODY>"); out.println("<form method=\"post\" formaction=\"CFAsteriskSMWarChangePasswordHtml\">"); out.println("<H1 style=\"text-align:center\">" + clusterDescription + " Security Manager</H1>"); out.println("<H2 style=\"text-align:center\">ERROR</H2>"); out.println("<p style=\"text-align:center\">"); out.println("New Password must be specified."); out.println("<p>"); out.println("<center>"); out.println("<table style=\"width:75%\">"); out.println( "<tr><th style=\"text-align:left\">Login Id:</th><td><input type=\"text\" name=\"LoginId\" readonly=\"true\" value=\"" + secUser.getRequiredEMailAddress() + "\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">Old Password:</th><td><input type=\"password\" name=\"OldPassword\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">New Password:</th><td><input type=\"password\" name=\"Password\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">Confirm New Password:</th><td><input type=\"password\" name=\"ConfirmPassword\"/></td></tr>"); out.println( "<tr><td colspan=\"2\" style=\"text-align:center\"><button type=\"submit\" name=\"Ok\"\">Ok</button></td></tr>"); out.println( "<tr><td colSpan=\"2\" style=\"text-align:center\"><A HRef=\"CFAsteriskSMWarLoginHtml\">Take me to the " + secCluster.getRequiredDescription() + " Security Manager Login</A></td></tr>"); out.println("</table>"); out.println("</center>"); out.println("</form>"); out.println("</BODY>"); out.println("</HTML>"); return; } String confirmPassword = (String) request.getParameter("ConfirmPassword"); if ((confirmPassword == null) || (confirmPassword.length() <= 0)) { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\">"); out.println("<HTML>"); out.println("<BODY>"); out.println("<form method=\"post\" formaction=\"CFAsteriskSMWarChangePasswordHtml\">"); out.println("<H1 style=\"text-align:center\">" + clusterDescription + " Security Manager</H1>"); out.println("<H2 style=\"text-align:center\">ERROR</H2>"); out.println("<p style=\"text-align:center\">"); out.println("Confirm New Password must be specified."); out.println("<p>"); out.println("<center>"); out.println("<table style=\"width:75%\">"); out.println( "<tr><th style=\"text-align:left\">Login Id:</th><td><input type=\"text\" name=\"LoginId\" readonly=\"true\" value=\"" + secUser.getRequiredEMailAddress() + "\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">Old Password:</th><td><input type=\"password\" name=\"OldPassword\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">New Password:</th><td><input type=\"password\" name=\"Password\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">Confirm New Password:</th><td><input type=\"password\" name=\"ConfirmPassword\"/></td></tr>"); out.println( "<tr><td colspan=\"2\" style=\"text-align:center\"><button type=\"submit\" name=\"Ok\"\">Ok</button></td></tr>"); out.println( "<tr><td colSpan=\"2\" style=\"text-align:center\"><A HRef=\"CFAsteriskSMWarLoginHtml\">Take me to the " + secCluster.getRequiredDescription() + " Security Manager Login</A></td></tr>"); out.println("</table>"); out.println("</center>"); out.println("</form>"); out.println("</BODY>"); out.println("</HTML>"); return; } if (!confirmPassword.equals(password)) { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\">"); out.println("<HTML>"); out.println("<BODY>"); out.println("<form method=\"post\" formaction=\"CFAsteriskSMWarChangePasswordHtml\">"); out.println("<H1 style=\"text-align:center\">" + clusterDescription + " Security Manager</H1>"); out.println("<H2 style=\"text-align:center\">ERROR</H2>"); out.println("<p style=\"text-align:center\">"); out.println("New Password and Confirm New Password do not match."); out.println("<p>"); out.println("<center>"); out.println("<table style=\"width:75%\">"); out.println( "<tr><th style=\"text-align:left\">Login Id:</th><td><input type=\"text\" name=\"LoginId\" readonly=\"true\" value=\"" + secUser.getRequiredEMailAddress() + "\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">Old Password:</th><td><input type=\"password\" name=\"OldPassword\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">New Password:</th><td><input type=\"password\" name=\"Password\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">Confirm New Password:</th><td><input type=\"password\" name=\"ConfirmPassword\"/></td></tr>"); out.println( "<tr><td colspan=\"2\" style=\"text-align:center\"><button type=\"submit\" name=\"Ok\"\">Ok</button></td></tr>"); out.println( "<tr><td colSpan=\"2\" style=\"text-align:center\"><A HRef=\"CFAsteriskSMWarLoginHtml\">Take me to the " + secCluster.getRequiredDescription() + " Security Manager Login</A></td></tr>"); out.println("</table>"); out.println("</center>"); out.println("</form>"); out.println("</BODY>"); out.println("</HTML>"); return; } MessageDigest msgDigest = MessageDigest.getInstance("SHA-512"); msgDigest.update(oldPassword.getBytes("UTF-8")); byte[] hash = msgDigest.digest(); byte[] encodedHash = Base64.encodeBase64(hash); msgDigest.update(encodedHash); hash = msgDigest.digest(); encodedHash = Base64.encodeBase64(hash); String oldHashedAndEncodedPassword = new String(encodedHash); if (!oldHashedAndEncodedPassword.equals(secUser.getRequiredPasswordHash())) { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\">"); out.println("<HTML>"); out.println("<BODY>"); out.println("<form method=\"post\" formaction=\"CFAsteriskSMWarChangePasswordHtml\">"); out.println("<H1 style=\"text-align:center\">" + clusterDescription + " Security Manager</H1>"); out.println("<H2 style=\"text-align:center\">ERROR</H2>"); out.println("<p style=\"text-align:center\">"); out.println("Old Password is invalid."); out.println("<p>"); out.println("<center>"); out.println("<table style=\"width:75%\">"); out.println( "<tr><th style=\"text-align:left\">Login Id:</th><td><input type=\"text\" name=\"LoginId\" readonly=\"true\" value=\"" + secUser.getRequiredEMailAddress() + "\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">Old Password:</th><td><input type=\"password\" name=\"OldPassword\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">New Password:</th><td><input type=\"password\" name=\"Password\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">Confirm New Password:</th><td><input type=\"password\" name=\"ConfirmPassword\"/></td></tr>"); out.println( "<tr><td colspan=\"2\" style=\"text-align:center\"><button type=\"submit\" name=\"Ok\"\">Ok</button></td></tr>"); out.println( "<tr><td colSpan=\"2\" style=\"text-align:center\"><A HRef=\"CFAsteriskSMWarLoginHtml\">Take me to the " + secCluster.getRequiredDescription() + " Security Manager Login</A></td></tr>"); out.println("</table>"); out.println("</center>"); out.println("</form>"); out.println("</BODY>"); out.println("</HTML>"); return; } msgDigest.update(password.getBytes("UTF-8")); hash = msgDigest.digest(); encodedHash = Base64.encodeBase64(hash); msgDigest.update(encodedHash); hash = msgDigest.digest(); encodedHash = Base64.encodeBase64(hash); String newHashedAndEncodedPassword = new String(encodedHash); ICFSecurityClusterObj systemCluster = schemaObj.getClusterTableObj() .readClusterByUDomainNameIdx("system"); ICFSecurityTenantObj systemTenant = schemaObj.getTenantTableObj() .readTenantByUNameIdx(systemCluster.getRequiredId(), "system"); ICFSecuritySecSessionObj systemSession = schemaObj.getSecSessionTableObj().newInstance(); ICFSecuritySecSessionEditObj editSystemSession = (ICFSecuritySecSessionEditObj) systemSession .beginEdit(); editSystemSession.setRequiredContainerSecUser(systemUser); editSystemSession.setRequiredStart(Calendar.getInstance()); systemSession = editSystemSession.create(); editSystemSession.endEdit(); CFSecurityAuthorization oldAuth = schemaObj.getAuthorization(); auth = new CFSecurityAuthorization(); auth.setSecCluster(systemCluster); auth.setSecTenant(systemTenant); auth.setSecSession(systemSession); schemaObj.setAuthorization(auth); ICFSecuritySecUserEditObj editSecUser = secUser.beginEdit(); editSecUser.setRequiredPasswordHash(newHashedAndEncodedPassword); editSecUser.update(); editSecUser.endEdit(); editSystemSession = (ICFSecuritySecSessionEditObj) systemSession.beginEdit(); editSystemSession.setOptionalFinish(Calendar.getInstance()); editSystemSession.update(); editSystemSession.endEdit(); schemaObj.commit(); schemaObj.setAuthorization(oldAuth); response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\">"); out.println("<HTML>"); out.println("<BODY>"); out.println("<form method=\"post\" formaction=\"CFAsteriskSMWarChangePasswordHtml\">"); out.println("<H1 style=\"text-align:center\">" + clusterDescription + " Security Manager</H1>"); out.println("<H2 style=\"text-align:center\">Password Set.</H2>"); out.println("<p>"); out.println("<center>"); out.println("<table style=\"width:75%\">"); out.println( "<tr><td colSpan=\"2\" style=\"text-align:center\"><A HRef=\"CFAsteriskSMWarLoginHtml\">Take me back to the " + secCluster.getRequiredDescription() + " Security Manager Main page</A></td></tr>"); out.println("</table>"); out.println("</center>"); out.println("</form>"); out.println("</BODY>"); out.println("</HTML>"); } catch (NoSuchAlgorithmException e) { throw CFLib.getDefaultExceptionFactory().newRuntimeException(getClass(), S_ProcName, "Caught NoSuchAlgorithmException -- " + e.getMessage(), e); } catch (RuntimeException e) { throw CFLib.getDefaultExceptionFactory().newRuntimeException(getClass(), S_ProcName, "Caught RuntimeException -- " + e.getMessage(), e); } finally { if (dbSchema != null) { try { if (schemaObj.isTransactionOpen()) { schemaObj.rollback(); } } catch (RuntimeException e) { } schemaObj.setBackingStore(null); CFAsteriskSchemaPool.getSchemaPool().releaseInstance(dbSchema); } } } }