[tmp/jakarta-migration.git] /

/**\r
 * Copyright 2009 University of California at Berkeley\r
 */\r
package org.collectionspace.authentication;\r
\r
import java.lang.reflect.Constructor;\r
import java.security.Principal;\r
import java.security.acl.Group;\r
import java.sql.Connection;\r
import java.sql.DriverManager;\r
import java.sql.PreparedStatement;\r
import java.sql.ResultSet;\r
import java.sql.SQLException;\r
\r
import java.util.HashMap;\r
import javax.naming.InitialContext;\r
import javax.security.auth.login.FailedLoginException;\r
import javax.security.auth.login.LoginException;\r
import org.jboss.security.SimpleGroup;\r
import org.jboss.security.SimplePrincipal;\r
import org.jboss.security.auth.spi.DatabaseServerLoginModule;\r
import org.slf4j.Logger;\r
import org.slf4j.LoggerFactory;\r
\r
public class CSpaceDBLoginModule extends DatabaseServerLoginModule {\r
\r
    //disabled due to classloading problem\r
    //private Logger logger = LoggerFactory.getLogger(CSpaceDBLoginModule.class);\r
    private boolean log = true;\r
\r
    private void log(String str) {\r
        System.out.println(str);\r
    }\r
\r
    protected String getUsersPassword() throws LoginException {\r
        \r
        String username = getUsername();\r
        String password = null;\r
        Connection conn = null;\r
        PreparedStatement ps = null;\r
        ResultSet rs = null;\r
        InitialContext ctx = null;\r
        try{\r
//            Properties env = new Properties();\r
//            env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");\r
//            env.setProperty(Context.PROVIDER_URL, "jnp://localhost:1199/");\r
//            env.setProperty(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");\r
//            ctx = new InitialContext(env);\r
////            ctx = new InitialContext();\r
//            DataSource ds = (DataSource) ctx.lookup(dsJndiName);\r
//            if(ds == null){\r
//                throw new IllegalArgumentException("datasource not found: " + dsJndiName);\r
//            }\r
//            conn = ds.getConnection();\r
            Class.forName("com.mysql.jdbc.Driver");\r
            conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/cspace", "test", "test");\r
\r
            // Get the password\r
            if(log){\r
                log("Excuting query: " + principalsQuery + ", with username: " + username);\r
            }\r
            ps = conn.prepareStatement(principalsQuery);\r
            ps.setString(1, username);\r
            rs = ps.executeQuery();\r
            if(rs.next() == false){\r
                if(log){\r
                    log("Query returned no matches from db");\r
                }\r
                throw new FailedLoginException("No matching username found");\r
            }\r
\r
            password = rs.getString(1);\r
            password = convertRawPassword(password);\r
            if(log){\r
                log("Obtained user password");\r
            }\r
//        }catch(NamingException ex){\r
//            LoginException le = new LoginException("Error looking up DataSource from: " + dsJndiName);\r
//            le.initCause(ex);\r
//            throw le;\r
        }catch(SQLException ex){\r
            LoginException le = new LoginException("Query failed");\r
            le.initCause(ex);\r
            throw le;\r
        }catch(Exception ex){\r
            LoginException le = new LoginException("Unknown Exception");\r
            le.initCause(ex);\r
            throw le;\r
        }finally{\r
            if(rs != null){\r
                try{\r
                    rs.close();\r
                }catch(SQLException e){\r
                }\r
            }\r
            if(ps != null){\r
                try{\r
                    ps.close();\r
                }catch(SQLException e){\r
                }\r
            }\r
            if(conn != null){\r
                try{\r
                    conn.close();\r
                }catch(SQLException ex){\r
                }\r
            }\r
            if(ctx != null){\r
                try{\r
                    ctx.close();\r
                }catch(Exception e){\r
                }\r
            }\r
        }\r
        return password;\r
    }\r
\r
    /** Execute the rolesQuery against the dsJndiName to obtain the roles for\r
    the authenticated user.\r
\r
    @return Group[] containing the sets of roles\r
     */\r
    protected Group[] getRoleSets() throws LoginException {\r
        String username = getUsername();\r
        if(log){\r
            log("getRoleSets using rolesQuery: " + rolesQuery + ", username: " + username);\r
        }\r
\r
        Connection conn = null;\r
        HashMap setsMap = new HashMap();\r
        PreparedStatement ps = null;\r
        ResultSet rs = null;\r
\r
        try{\r
//         InitialContext ctx = new InitialContext();\r
//         DataSource ds = (DataSource) ctx.lookup(dsJndiName);\r
//         conn = ds.getConnection();\r
            conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/cspace", "test", "test");\r
            // Get the user role names\r
            if(log){\r
                log("Excuting query: " + rolesQuery + ", with username: " + username);\r
            }\r
\r
            ps =\r
                    conn.prepareStatement(rolesQuery);\r
            try{\r
                ps.setString(1, username);\r
            }catch(ArrayIndexOutOfBoundsException ignore){\r
                // The query may not have any parameters so just try it\r
            }\r
            rs = ps.executeQuery();\r
            if(rs.next() == false){\r
                if(log){\r
                    log("No roles found");\r
                }\r
//                if(aslm.getUnauthenticatedIdentity() == null){\r
//                    throw new FailedLoginException("No matching username found in Roles");\r
//                }\r
                /* We are running with an unauthenticatedIdentity so create an\r
                empty Roles set and return.\r
                 */\r
\r
                Group[] roleSets = {new SimpleGroup("Roles")};\r
                return roleSets;\r
            }\r
\r
            do{\r
                String name = rs.getString(1);\r
                String groupName = rs.getString(2);\r
                if(groupName == null || groupName.length() == 0){\r
                    groupName = "Roles";\r
                }\r
\r
                Group group = (Group) setsMap.get(groupName);\r
                if(group == null){\r
                    group = new SimpleGroup(groupName);\r
                    setsMap.put(groupName, group);\r
                }\r
\r
                try{\r
//                    Principal p = aslm.createIdentity(name);\r
                    Principal p = createIdentity(name);\r
                    if(log){\r
                        log("Assign user to role " + name);\r
                    }\r
\r
                    group.addMember(p);\r
                }catch(Exception e){\r
                    log("Failed to create principal: " + name + " " + e.toString());\r
                }\r
\r
            }while(rs.next());\r
        } //      catch(NamingException ex)\r
        //      {\r
        //         LoginException le = new LoginException("Error looking up DataSource from: "+dsJndiName);\r
        //         le.initCause(ex);\r
        //         throw le;\r
        //      }\r
        catch(SQLException ex){\r
            LoginException le = new LoginException("Query failed");\r
            le.initCause(ex);\r
            throw le;\r
        }finally{\r
            if(rs != null){\r
                try{\r
                    rs.close();\r
                }catch(SQLException e){\r
                }\r
            }\r
            if(ps != null){\r
                try{\r
                    ps.close();\r
                }catch(SQLException e){\r
                }\r
            }\r
            if(conn != null){\r
                try{\r
                    conn.close();\r
                }catch(Exception ex){\r
                }\r
            }\r
\r
        }\r
\r
        Group[] roleSets = new Group[setsMap.size()];\r
        setsMap.values().toArray(roleSets);\r
        return roleSets;\r
    }\r
\r
    /** Utility method to create a Principal for the given username. This\r
     * creates an instance of the principalClassName type if this option was\r
     * specified using the class constructor matching: ctor(String). If\r
     * principalClassName was not specified, a SimplePrincipal is created.\r
     *\r
     * @param username the name of the principal\r
     * @return the principal instance\r
     * @throws java.lang.Exception thrown if the custom principal type cannot be created.\r
     */\r
    protected Principal createIdentity(String username)\r
            throws Exception {\r
        Principal p = null;\r
        if(principalClassName == null){\r
            p = new SimplePrincipal(username);\r
        }else{\r
            ClassLoader loader = Thread.currentThread().getContextClassLoader();\r
            Class clazz = loader.loadClass(principalClassName);\r
            Class[] ctorSig = {String.class};\r
            Constructor ctor = clazz.getConstructor(ctorSig);\r
            Object[] ctorArgs = {username};\r
            p =\r
                    (Principal) ctor.newInstance(ctorArgs);\r
        }\r
\r
        return p;\r
    }\r
}