/*
* Created on Aug 27, 2004
*
* TODO To change the template for this generated file go to
* Window - Preferences - Java - Code Style - Code Templates
*/
package net.reliableresponse.notification.broker.impl.sql;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
import net.reliableresponse.notification.broker.AuthorizationBroker;
import net.reliableresponse.notification.broker.BrokerFactory;
import net.reliableresponse.notification.usermgmt.Member;
import net.reliableresponse.notification.usermgmt.Roles;
/**
* @author drig
*
* Copyright 2004 - David Rudder
*/
public abstract class GenericSQLAuthorizationBroker implements
AuthorizationBroker {
public abstract Connection getConnection();
/*
* (non-Javadoc)
*
* @see net.reliableresponse.notification.broker.AuthorizationBroker#isUserInRole(net.reliableresponse.notification.usermgmt.Member,
* java.lang.String)
*/
public boolean isUserInRole(Member member, String role) {
String sql = "SELECT * FROM authorizationinfo WHERE member=? AND role=?";
PreparedStatement stmt = null;
Connection connection = getConnection();
ResultSet rs = null;
try {
stmt = connection.prepareStatement(sql);BrokerFactory.getLoggingBroker().logDebug("sql="+(sql));
stmt.setString(1, member.getUuid());
stmt.setString(2, role);
rs = stmt.executeQuery();
if (rs.next()) {
return true;
}
} catch (SQLException e) {
BrokerFactory.getLoggingBroker().logError(e);
} finally {
try {
if (rs != null)
rs.close();
if (stmt != null)
stmt.close();
if (connection != null)
connection.close();
} catch (SQLException e1) {
BrokerFactory.getLoggingBroker().logError(e1);
}
}
return false;
}
public String[] getRoles() {
Vector roles = new Vector();
String sql = "SELECT DISTINCT(role) FROM authorizationinfo";
PreparedStatement stmt = null;
Connection connection = getConnection();
ResultSet rs = null;
try {
stmt = connection.prepareStatement(sql);
rs = stmt.executeQuery();
while (rs.next()) {
roles.addElement(rs.getString(1));
}
} catch (SQLException e) {
BrokerFactory.getLoggingBroker().logError(e);
} finally {
try {
if (rs != null)
rs.close();
if (stmt != null)
stmt.close();
if (connection != null)
connection.close();
} catch (SQLException e1) {
BrokerFactory.getLoggingBroker().logError(e1);
}
}
return (String[])roles.toArray(new String[0]);
}
public Member[] getMembersInRole(String role) {
Vector members = new Vector();
String sql = "SELECT member FROM authorizationinfo WHERE role=?";
PreparedStatement stmt = null;
Connection connection = getConnection();
ResultSet rs = null;
try {
stmt = connection.prepareStatement(sql);
stmt.setString(1, role);
rs = stmt.executeQuery();
while (rs.next()) {
String uuid = rs.getString(1);
if (uuid != null) {
Member member = BrokerFactory.getUserMgmtBroker().getUserByUuid(uuid);
if (member == null) {
member = BrokerFactory.getGroupMgmtBroker().getGroupByUuid(uuid);
}
if (member != null)
members.addElement(member);
}
}
} catch (SQLException e) {
BrokerFactory.getLoggingBroker().logError(e);
} finally {
try {
if (rs != null)
rs.close();
if (stmt != null)
stmt.close();
if (connection != null)
connection.close();
} catch (SQLException e1) {
BrokerFactory.getLoggingBroker().logError(e1);
}
}
return (Member[])members.toArray(new Member[0]);
}
/*
* (non-Javadoc)
*
* @see net.reliableresponse.notification.broker.AuthorizationBroker#addUserToRole(net.reliableresponse.notification.usermgmt.Member,
* java.lang.String)
*/
public void addUserToRole(Member member, String role) {
String sql = "INSERT INTO authorizationinfo(member, role) VALUES (?,?)";
PreparedStatement stmt = null;
Connection connection = getConnection();
ResultSet rs = null;
try {
stmt = connection.prepareStatement(sql);BrokerFactory.getLoggingBroker().logDebug("sql="+(sql));
stmt.setString(1, member.getUuid());
stmt.setString(2, role);
stmt.executeUpdate();
} catch (SQLException e) {
BrokerFactory.getLoggingBroker().logError(e);
} finally {
try {
if (rs != null)
rs.close();
if (stmt != null)
stmt.close();
if (connection != null)
connection.close();
} catch (SQLException e1) {
BrokerFactory.getLoggingBroker().logError(e1);
}
}
}
/*
* (non-Javadoc)
*
* @see net.reliableresponse.notification.broker.AuthorizationBroker#removeUserFromRole(net.reliableresponse.notification.usermgmt.Member,
* java.lang.String)
*/
public void removeMemberFromRole(Member member, String role) {
String sql = "DELETE FROM authorizationinfo WHERE member=? AND role=?";
PreparedStatement stmt = null;
Connection connection = getConnection();
ResultSet rs = null;
try {
stmt = connection.prepareStatement(sql);BrokerFactory.getLoggingBroker().logDebug("sql="+(sql));
stmt.setString(1, member.getUuid());
stmt.setString(2, role);
stmt.executeUpdate();
} catch (SQLException e) {
BrokerFactory.getLoggingBroker().logError(e);
} finally {
try {
if (rs != null)
rs.close();
if (stmt != null)
stmt.close();
if (connection != null)
connection.close();
} catch (SQLException e1) {
BrokerFactory.getLoggingBroker().logError(e1);
}
}
}
/*
* (non-Javadoc)
*
* @see net.reliableresponse.notification.broker.AuthorizationBroker#isResourceAllowed(java.lang.Object,
* net.reliableresponse.notification.usermgmt.Member)
*/
public boolean isResourceAllowed(Object resource, Member member) {
BrokerFactory.getLoggingBroker().logDebug("generic authz member = "+member);
if (resource instanceof HttpServletRequest) {
HttpServletRequest request = (HttpServletRequest) resource;
if (member == null) {
String requestURI = request.getRequestURI();
String page = request.getParameter("page");
if (page == null) page = "";
if ((page.equals("/register.jsp")) ||
(page.equals("/eula.jsp")) ){
return true;
}
if ((requestURI.indexOf("login.jsp") > 0)
|| (requestURI.endsWith(".jws"))
|| (requestURI.endsWith(".css"))
|| (requestURI.endsWith("login.wml"))
|| (requestURI.endsWith("addAccount.jsp"))
|| (requestURI.endsWith("license.jsp"))
|| (requestURI.indexOf("LicenseServlet")>=0)
|| (requestURI.indexOf("/images/")>=0)
|| (requestURI.indexOf("/noauth/")>=0)
|| (requestURI.indexOf("register.jsp")>=0)
|| (requestURI.indexOf("processRegister.jsp")>=0)
|| (requestURI.indexOf("beta.jsp")>=0)
|| (requestURI.indexOf("eula.jsp")>=0)
|| (requestURI.indexOf("ForgotPasswordServlet")>=0)
|| (requestURI.indexOf("IPNServlet")>=0)
|| (requestURI.indexOf("AttachmentServlet")>=0)
|| (requestURI.indexOf("AuthenticationServlet") > 0)) {
return true;
} else {
return false;
}
}
if (isUserInRole(member, Roles.ADMINISTRATOR)) {
BrokerFactory.getLoggingBroker().logDebug(
"isResourceAllowed: User is in role");
return true;
}
// TODO: What else do we do?
// TODO: This is not very secure
return true;
}
// TODO: What else do we do?
// TODO: This is not very secure
return true;
}
}