Java tutorial
/* Copyright 2008-2012 Josh Drummond This file is part of WebPasswordSafe. WebPasswordSafe is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. WebPasswordSafe is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with WebPasswordSafe; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ package net.webpasswordsafe.server.service; import java.util.ArrayList; import java.util.Arrays; import java.util.Date; import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; import javax.annotation.Resource; import net.webpasswordsafe.client.remote.LoginService; import net.webpasswordsafe.common.model.User; import net.webpasswordsafe.common.util.Constants; import net.webpasswordsafe.common.util.Constants.Function; import net.webpasswordsafe.server.ServerSessionUtil; import net.webpasswordsafe.server.dao.UserDAO; import net.webpasswordsafe.server.plugin.audit.AuditLogger; import net.webpasswordsafe.server.plugin.authentication.Authenticator; import net.webpasswordsafe.server.plugin.authentication.RoleRetriever; import net.webpasswordsafe.server.plugin.authorization.Authorizer; import net.webpasswordsafe.server.report.ReportConfig; import org.apache.log4j.Logger; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Propagation; import org.springframework.transaction.annotation.Transactional; import com.google.gwt.user.server.rpc.XsrfProtectedServiceServlet; /** * Implementation of Login Service * * @author Josh Drummond * */ @Service("loginService") public class LoginServiceImpl extends XsrfProtectedServiceServlet implements LoginService { private static final long serialVersionUID = 185624826328067937L; private static Logger LOG = Logger.getLogger(LoginServiceImpl.class); @Resource private Authenticator authenticator; @Autowired private UserDAO userDAO; @Autowired private ReportConfig reportConfig; @Resource private AuditLogger auditLogger; @Resource private RoleRetriever roleRetriever; @Resource private Authorizer authorizer; /* (non-Javadoc) * @see net.webpasswordsafe.client.LoginService#getLogin() */ @Override @Transactional(propagation = Propagation.REQUIRED, readOnly = true) public User getLogin() { String username = ServerSessionUtil.getUsername(); User user = userDAO.findActiveUserByUsername(username); if (null != user) { user.setRoles(ServerSessionUtil.getRoles()); } LOG.debug("logged in user=" + ((null == user) ? "null" : user.getUsername())); return user; } /* (non-Javadoc) * @see net.webpasswordsafe.client.LoginService#login(java.lang.String, java.lang.String) */ @Override @Transactional(propagation = Propagation.REQUIRED) public boolean login(String username, String password) { boolean isValidLogin = false; Date now = new Date(); String message = ""; username = trimUsername(username); if (authenticator.authenticate(username, password)) { User user = userDAO.findActiveUserByUsername(username); if (null != user) { isValidLogin = true; user.setLastLogin(now); userDAO.makePersistent(user); ServerSessionUtil.setUsername(username); ServerSessionUtil.setRoles(roleRetriever.retrieveRoles(user)); } else { message = "user not found"; } } else { message = "authentication failed"; } auditLogger.log(now, username, ServerSessionUtil.getIP(), "login", "", isValidLogin, message); return isValidLogin; } private String trimUsername(String username) { if ((null != username) && (username.length() > User.LENGTH_USERNAME)) { return username.substring(0, User.LENGTH_USERNAME); } else { return username; } } /* (non-Javadoc) * @see net.webpasswordsafe.client.LoginService#logout() */ @Override public boolean logout() { auditLogger.log(new Date(), ServerSessionUtil.getUsername(), ServerSessionUtil.getIP(), "logout", "", true, ""); ServerSessionUtil.setUsername(null); ServerSessionUtil.setRoles(null); ServerSessionUtil.invalidateSession(); return true; } /* (non-Javadoc) * @see net.webpasswordsafe.client.remote.LoginService#getLoginAuthorizations(java.util.Set) */ @Override @Transactional(propagation = Propagation.REQUIRED, readOnly = true) public Map<Function, Boolean> getLoginAuthorizations(Set<Function> functions) { LOG.debug("inside getLoginAuthorizations"); User loggedInUser = getLogin(); // if passed null, load everything if (null == functions) { LOG.debug("functions was passed null"); functions = new HashSet<Function>(Arrays.asList(Function.values())); } LOG.debug("functions=" + functions.toString()); Map<Function, Boolean> authzMap = new HashMap<Function, Boolean>(functions.size()); for (Function function : functions) { authzMap.put(function, authorizer.isAuthorized(loggedInUser, function.name())); } LOG.debug("authzMap=" + authzMap.toString()); return authzMap; } @Override public boolean ping() { ServerSessionUtil.initCsrfSession(); return true; } @Override @Transactional(propagation = Propagation.REQUIRED, readOnly = true) public List<Map<String, Object>> getLoginReports() { LOG.debug("inside getLoginReports"); User loggedInUser = getLogin(); List<Map<String, Object>> reportList = new ArrayList<Map<String, Object>>(); for (Map<String, Object> report : reportConfig.getReports()) { if (authorizer.isAuthorized(loggedInUser, Constants.VIEW_REPORT_PREFIX + (String) report.get(Constants.NAME))) { reportList.add(report); } } return reportList; } }