Java tutorial
// Description: Java 8 Security Manager Set System Password Servlet /* * Code Factory Asterisk 11 Configuration Model * * Copyright (c) 2014-2015 Mark Sobkow * * This program is available as free software under the GNU GPL v3, or * under a commercial license from Mark Sobkow. For commercial licensing * details, please contact msobkow@sasktel.net. * * Under the terms of the GPL: * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. * */ package net.sourceforge.msscodefactory.cfasterisk.v2_4.CFAsteriskSMWar; import java.io.IOException; import java.io.PrintWriter; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Calendar; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.commons.codec.binary.Base64; import net.sourceforge.msscodefactory.cflib.v2_3.CFLib.CFLib; import net.sourceforge.msscodefactory.cfsecurity.v2_4.CFSecurity.*; import net.sourceforge.msscodefactory.cfinternet.v2_4.CFInternet.*; import net.sourceforge.msscodefactory.cfasterisk.v2_4.CFAsterisk.*; import net.sourceforge.msscodefactory.cfsecurity.v2_4.CFSecurityObj.*; import net.sourceforge.msscodefactory.cfinternet.v2_4.CFInternetObj.*; import net.sourceforge.msscodefactory.cfasterisk.v2_4.CFAsteriskObj.*; /** * Servlet implementation class CFAsteriskSMWarSetSystemPasswordHtml */ @WebServlet("/CFAsteriskSMWarSetSystemPasswordHtml") public class CFAsteriskSMWarSetSystemPasswordHtml extends HttpServlet { private static final long serialVersionUID = 1L; /** * @see HttpServlet#HttpServlet() */ public CFAsteriskSMWarSetSystemPasswordHtml() { super(); } /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { final String S_ProcName = "doGet"; ICFAsteriskSchemaObj schemaObj; HttpSession sess = request.getSession(false); if (sess == null) { sess = request.getSession(true); schemaObj = new CFAsteriskSchemaPooledObj(); sess.setAttribute("SchemaObj", schemaObj); } else { schemaObj = (ICFAsteriskSchemaObj) sess.getAttribute("SchemaObj"); if (schemaObj == null) { response.sendRedirect("CFAsteriskSMWarLoginHtml"); return; } } ICFAsteriskSchema dbSchema = null; try { CFSecurityAuthorization auth = schemaObj.getAuthorization(); if (auth != null) { response.sendRedirect("CFAsteriskSMWarSecurityMainHtml"); } else { dbSchema = (ICFAsteriskSchema) CFAsteriskSchemaPool.getSchemaPool().getInstance(); schemaObj.setBackingStore(dbSchema); schemaObj.beginTransaction(); ICFSecuritySecUserObj systemUser = schemaObj.getSecUserTableObj().readSecUserByULoginIdx("system"); String passwordHash = systemUser.getRequiredPasswordHash(); if ((passwordHash != null) && (passwordHash.length() > 0) && (!passwordHash.equals("bootstrap"))) { response.sendRedirect("CFAsteriskSMWarLoginHtml"); } else { ICFSecurityClusterObj resolvedCluster; String resolvedClusterDescription; ICFSecuritySysClusterObj sysCluster = schemaObj.getSysClusterTableObj().readSysClusterByIdIdx(1, false); if (sysCluster == null) { resolvedCluster = null; resolvedClusterDescription = null; } else { resolvedCluster = sysCluster.getRequiredContainerCluster(); if (resolvedCluster == null) { throw CFLib.getDefaultExceptionFactory().newNullArgumentException(getClass(), S_ProcName, "resolvedCluster"); } resolvedClusterDescription = resolvedCluster.getRequiredDescription(); } response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\">"); out.println("<HTML>"); out.println("<BODY>"); out.println("<form method=\"post\" formaction=\"CFAsteriskSMWarSetSystemPasswordHtml\">"); out.println("<H1 style=\"text-align:center\">" + ((resolvedClusterDescription == null) ? "" : resolvedClusterDescription) + " Security Manager</H1>"); out.println( "<H2 style=\"text-align:center\">Please initialize the \"system\" password and cluster details.</H2>"); out.println("<p>"); out.println("<center>"); out.println("<table style=\"width:60%\">"); out.println( "<tr><th style=\"text-align:left\">Password:</th><td><input type=\"password\" name=\"Password\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">Confirm Password:</th><td><input type=\"password\" name=\"ConfirmPassword\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">Cluster Domain Name:</th><td><input name=\"ClusterDomainName\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">Cluster Description:</th><td><input name=\"ClusterDescription\"/></td></tr>"); out.println( "<tr><td colspan=\"2\" style=\"text-align:center\"><button type=\"submit\" name=\"Ok\"\">Ok</button></td></tr>"); out.println("</table>"); out.println("</center>"); out.println("</form>"); out.println("</BODY>"); out.println("</HTML>"); } } } catch (RuntimeException e) { throw CFLib.getDefaultExceptionFactory().newRuntimeException(getClass(), S_ProcName, "Caught RuntimeException -- " + e.getMessage(), e); } finally { if (dbSchema != null) { try { if (schemaObj.isTransactionOpen()) { schemaObj.rollback(); } } catch (RuntimeException e) { } schemaObj.setBackingStore(null); CFAsteriskSchemaPool.getSchemaPool().releaseInstance(dbSchema); } } } /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { final String S_ProcName = "doPost"; ICFAsteriskSchemaObj schemaObj; HttpSession sess = request.getSession(false); if (sess == null) { sess = request.getSession(true); schemaObj = new CFAsteriskSchemaPooledObj(); sess.setAttribute("SchemaObj", schemaObj); } else { schemaObj = (ICFAsteriskSchemaObj) sess.getAttribute("SchemaObj"); if (schemaObj == null) { response.sendRedirect("CFAsteriskSMWarLoginHtml"); return; } } ICFAsteriskSchema dbSchema = null; try { CFSecurityAuthorization auth = schemaObj.getAuthorization(); if (auth != null) { response.sendRedirect("CFAsteriskSMWarSecurityMainHtml"); } else { dbSchema = (ICFAsteriskSchema) CFAsteriskSchemaPool.getSchemaPool().getInstance(); schemaObj.setBackingStore(dbSchema); schemaObj.beginTransaction(); ICFSecuritySecUserObj systemUser = schemaObj.getSecUserTableObj().readSecUserByULoginIdx("system"); String passwordHash = systemUser.getRequiredPasswordHash(); if ((passwordHash != null) && (passwordHash.length() > 0) && (!passwordHash.equals("bootstrap"))) { response.sendRedirect("CFAsteriskSMWarLoginHtml"); } else { ICFSecurityClusterObj resolvedCluster; String resolvedClusterDomainName; String resolvedClusterDescription; ICFSecuritySysClusterObj sysCluster = schemaObj.getSysClusterTableObj().readSysClusterByIdIdx(1, false); if (sysCluster == null) { resolvedCluster = null; resolvedClusterDomainName = (String) request.getParameter("ClusterDomainName"); resolvedClusterDescription = (String) request.getParameter("ClusterDescription"); } else { resolvedCluster = sysCluster.getRequiredContainerCluster(); if (resolvedCluster == null) { throw CFLib.getDefaultExceptionFactory().newNullArgumentException(getClass(), S_ProcName, "resolvedCluster"); } resolvedClusterDomainName = resolvedCluster.getRequiredFullDomainName(); resolvedClusterDescription = resolvedCluster.getRequiredDescription(); } String password = (String) request.getParameter("Password"); if (password == null) { password = ""; } String confirmPassword = (String) request.getParameter("ConfirmPassword"); if (confirmPassword == null) { confirmPassword = ""; } response.setContentType("text/html"); PrintWriter out = response.getWriter(); if (password.length() <= 0) { out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\">"); out.println("<HTML>"); out.println("<BODY>"); out.println("<form method=\"post\" formaction=\"CFAsteriskSMWarSetSystemPasswordHtml\">"); out.println("<H1 style=\"text-align:center\">" + ((resolvedClusterDescription == null) ? "" : resolvedClusterDescription) + " Security Manager</H1>"); out.println( "<H2 style=\"text-align:center\">Please initialize the \"system\" password and cluster details.</H2>"); out.println("<p>"); out.println("<center>"); out.println("<table style=\"width:60%\">"); out.println( "<tr><th style=\"text-align:left\">Password:</th><td><input type=\"password\" name=\"Password\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">Confirm Password:</th><td><input type=\"password\" name=\"ConfirmPassword\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">Cluster Domain Name:</th><td><input name=\"ClusterDomainName\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">Cluster Description:</th><td><input name=\"ClusterDescription\"/></td></tr>"); out.println( "<tr><td colspan=\"2\" style=\"text-align:center\"><button type=\"submit\" name=\"Ok\"\">Ok</button></td></tr>"); out.println("</table>"); out.println("</center>"); out.println("</form>"); out.println("</BODY>"); out.println("</HTML>"); } else if (!password.equals(confirmPassword)) { out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\">"); out.println("<HTML>"); out.println("<BODY>"); out.println("<form method=\"post\" formaction=\"CFAsteriskSMWarSetSystemPasswordHtml\">"); out.println("<H1 style=\"text-align:center\">" + ((resolvedClusterDescription == null) ? "" : resolvedClusterDescription) + " Security Manager</H1>"); out.println( "<H2 style=\"text-align:center\">Please initialize the \"system\" password and cluster details.</H2>"); out.println("<p>"); out.println("<center>"); out.println("<table style=\"width:60%\">"); out.println( "<tr><th style=\"text-align:left\">Password:</th><td><input type=\"password\" name=\"Password\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">Confirm Password:</th><td><input type=\"password\" name=\"ConfirmPassword\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">Cluster Domain Name:</th><td><input name=\"ClusterDomainName\"/></td></tr>"); out.println( "<tr><th style=\"text-align:left\">Cluster Description:</th><td><input name=\"ClusterDescription\"/></td></tr>"); out.println( "<tr><td colspan=\"2\" style=\"text-align:center\"><button type=\"submit\" name=\"Ok\"\">Ok</button></td></tr>"); out.println("</table>"); out.println("</center>"); out.println("</form>"); out.println("</BODY>"); out.println("</HTML>"); } else { MessageDigest msgDigest = MessageDigest.getInstance("SHA-512"); msgDigest.update(password.getBytes("UTF-8")); byte[] hash = msgDigest.digest(); byte[] encodedHash = Base64.encodeBase64(hash); msgDigest.update(encodedHash); hash = msgDigest.digest(); encodedHash = Base64.encodeBase64(hash); String hashedAndEncodedPassword = new String(encodedHash); // Need to temporarily "log in" as system.system to set the password ICFSecurityClusterObj systemCluster = schemaObj.getClusterTableObj() .readClusterByUDomainNameIdx("system"); ICFSecurityTenantObj systemTenant = schemaObj.getTenantTableObj() .readTenantByUNameIdx(systemCluster.getRequiredId(), "system"); ICFSecuritySecSessionObj systemSession = schemaObj.getSecSessionTableObj().newInstance(); ICFSecuritySecSessionEditObj editSystemSession = (ICFSecuritySecSessionEditObj) systemSession .beginEdit(); editSystemSession.setRequiredContainerSecUser(systemUser); editSystemSession.setRequiredStart(Calendar.getInstance()); systemSession = editSystemSession.create(); editSystemSession.endEdit(); auth = new CFSecurityAuthorization(); auth.setSecCluster(systemCluster); auth.setSecTenant(systemTenant); auth.setSecSession(systemSession); schemaObj.setAuthorization(auth); if (resolvedCluster == null) { ICFSecurityClusterObj cluster = schemaObj.getClusterTableObj().newInstance(); ICFSecurityClusterEditObj editCluster = cluster.beginEdit(); editCluster.setRequiredFullDomainName(resolvedClusterDomainName); editCluster.setRequiredDescription(resolvedClusterDescription); cluster = editCluster.create(); editCluster.endEdit(); resolvedCluster = cluster; ICFSecurityTenantObj tenant = schemaObj.getTenantTableObj().newInstance(); ICFSecurityTenantEditObj editTenant = tenant.beginEdit(); editTenant.setRequiredContainerCluster(cluster); editTenant.setRequiredTenantName("system"); tenant = editTenant.create(); editTenant.endEdit(); sysCluster = schemaObj.getSysClusterTableObj().newInstance(); ICFSecuritySysClusterEditObj editSysCluster = sysCluster.beginEdit(); editSysCluster.setRequiredContainerCluster(resolvedCluster); editSysCluster.setRequiredSingletonId(1); sysCluster = editSysCluster.create(); editSysCluster.endEdit(); } ICFSecuritySecUserEditObj editSystemUser = (ICFSecuritySecUserEditObj) systemUser .beginEdit(); editSystemUser.setRequiredPasswordHash(hashedAndEncodedPassword); editSystemUser.update(); editSystemUser.endEdit(); editSystemSession = (ICFSecuritySecSessionEditObj) systemSession.beginEdit(); editSystemSession.setOptionalFinish(Calendar.getInstance()); editSystemSession.update(); editSystemSession.endEdit(); schemaObj.commit(); schemaObj.setAuthorization(null); out.println("<H1 style=\"text-align:center\">" + ((resolvedClusterDescription == null) ? "" : resolvedClusterDescription) + " Security Manager</H1>"); out.println("<H2 style=\"text-align:center\">Password set.</H2>"); out.println("<p style=\"text-align:center\">"); out.println( "You may now <A HRef=\"CFAsteriskSMWarLoginHtml\">log in to the security manager.</A>"); } } } } catch (NoSuchAlgorithmException e) { throw CFLib.getDefaultExceptionFactory().newRuntimeException(getClass(), S_ProcName, "Caught NoSuchAlgorithmException -- " + e.getMessage(), e); } catch (RuntimeException e) { throw CFLib.getDefaultExceptionFactory().newRuntimeException(getClass(), S_ProcName, "Caught RuntimeException -- " + e.getMessage(), e); } finally { if (dbSchema != null) { try { if (schemaObj.isTransactionOpen()) { schemaObj.rollback(); } } catch (RuntimeException e) { } schemaObj.setBackingStore(null); CFAsteriskSchemaPool.getSchemaPool().releaseInstance(dbSchema); } } } }