31 |
31 |
|
32 |
32 |
public class MinimalUPassControllerV2 {
|
33 |
33 |
|
34 |
|
protected static Logger logger = Logger.getLogger(MinimalUPassControllerV2.class);
|
|
34 |
protected static Logger logger = Logger
|
|
35 |
.getLogger(MinimalUPassControllerV2.class);
|
35 |
36 |
protected static Map configurationMap = new HashMap();
|
36 |
37 |
private static boolean configFirstLoad = true;
|
37 |
|
protected VerifyStaticPasswordService verifyStaticPasswordService = new VerifyStaticPasswordService(this);
|
|
38 |
|
|
39 |
/**
|
|
40 |
* @see MinimalConstants#MIGRATION_PERIOD
|
|
41 |
*/
|
|
42 |
private boolean inMigrationPeriod = false;
|
|
43 |
|
|
44 |
protected VerifyStaticPasswordService verifyStaticPasswordService = new VerifyStaticPasswordService(
|
|
45 |
this);
|
38 |
46 |
protected CreateUserService createUserService = new CreateUserService(this);
|
39 |
47 |
protected ModifyUserService modifyUserService = new ModifyUserService(this);
|
40 |
48 |
protected AppAccessMgtService appAccessMgtService = new AppAccessMgtService();
|
41 |
|
protected ChangeStaticPasswordService changeStaticPasswordService = new ChangeStaticPasswordService(this);
|
|
49 |
protected ChangeStaticPasswordService changeStaticPasswordService = new ChangeStaticPasswordService(
|
|
50 |
this);
|
42 |
51 |
|
43 |
52 |
// for spring-ldap usage
|
44 |
53 |
private static final Object CONFIG_LOCK = new Object();
|
45 |
54 |
private static MaybankLdapDAO maybankLdapDAO;
|
46 |
55 |
|
47 |
56 |
public MinimalUPassControllerV2() {
|
|
57 |
this.setInMigrationPeriod( Config.getInstance().getProperty(MinimalConstants.MIGRATION_PERIOD).equals("Y"));
|
48 |
58 |
initializeConfigurations();
|
49 |
59 |
}
|
50 |
60 |
|
51 |
61 |
protected void initializeConfigurations() {
|
52 |
62 |
try {
|
53 |
|
ConfigurationDAO configurationDAO = MinimalDAOFactory.minimalInstance().getConfigurationDAO();
|
|
63 |
ConfigurationDAO configurationDAO = MinimalDAOFactory
|
|
64 |
.minimalInstance().getConfigurationDAO();
|
54 |
65 |
boolean isConfigChange = configurationDAO.isConfigChanged();
|
55 |
66 |
|
56 |
67 |
if (configFirstLoad || isConfigChange) {
|
57 |
68 |
|
58 |
69 |
logger.info("Refresh Configuration ....");
|
59 |
|
|
60 |
|
List configurations = configurationDAO.getConfigurationsFromStore();
|
|
70 |
|
|
71 |
|
|
72 |
List configurations = configurationDAO
|
|
73 |
.getConfigurationsFromStore();
|
61 |
74 |
ConfigurationBean configPojo;
|
62 |
75 |
ConfigBean configBean = null;
|
63 |
76 |
|
... | ... | |
67 |
80 |
configPojo = (ConfigurationBean) itr.next();
|
68 |
81 |
configType = configPojo.getApplicationId();
|
69 |
82 |
|
70 |
|
configBean = (ConfigBean) configurationMap.get(new Integer(configType));
|
|
83 |
configBean = (ConfigBean) configurationMap.get(new Integer(
|
|
84 |
configType));
|
71 |
85 |
if (configBean == null) {
|
72 |
86 |
configBean = new ConfigBean();
|
73 |
87 |
}
|
74 |
|
logger.info("COnfig Type:" + configType + "=config name:" + configPojo.getConfigName()
|
75 |
|
+ "=config Value:" + configPojo.getConfigValue());
|
76 |
|
configBean.setConfigBean(configPojo.getConfigName(), configPojo.getConfigValue());
|
|
88 |
logger.info("COnfig Type:" + configType + "=config name:"
|
|
89 |
+ configPojo.getConfigName() + "=config Value:"
|
|
90 |
+ configPojo.getConfigValue());
|
|
91 |
configBean.setConfigBean(configPojo.getConfigName(),
|
|
92 |
configPojo.getConfigValue());
|
77 |
93 |
|
78 |
94 |
configurationMap.put(new Integer(configType), configBean);
|
79 |
95 |
|
80 |
|
configFirstLoad = false; // this value dictate for every instance restart to refresh the map. After
|
|
96 |
configFirstLoad = false; // this value dictate for every
|
|
97 |
// instance restart to refresh
|
|
98 |
// the map. After
|
81 |
99 |
// first load, turn it off
|
82 |
100 |
}
|
83 |
101 |
logger.info("Refresh Configuration Done ....");
|
... | ... | |
109 |
127 |
return configBean;
|
110 |
128 |
}
|
111 |
129 |
|
|
130 |
public boolean isInMigrationPeriod() {
|
|
131 |
return inMigrationPeriod;
|
|
132 |
}
|
|
133 |
|
|
134 |
public void setInMigrationPeriod(boolean inMigrationPeriod) {
|
|
135 |
this.inMigrationPeriod = inMigrationPeriod;
|
|
136 |
}
|
|
137 |
|
112 |
138 |
/**
|
113 |
139 |
* This method to add online users to the system
|
114 |
140 |
*
|
... | ... | |
123 |
149 |
* ERR_SYSTEM_NOT_READY<br/>
|
124 |
150 |
* ERR_USERALIAS_NOT_FOUND <br/>
|
125 |
151 |
* ERR_INVALID_STATE - admin not active or temporary suspended.<br/>
|
126 |
|
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/>
|
|
152 |
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the
|
|
153 |
* user type.<br/>
|
127 |
154 |
* ERR_EXCEED_MAX_TRIES<br/>
|
128 |
155 |
* ERR_INVALID_CREDENTIAL<br/>
|
129 |
156 |
* ERR_INVALID_INPUT - internal error.<br/>
|
130 |
157 |
* ERR_ALREADY_EXIST<br/>
|
131 |
|
* ERR_INVALID_USERALIAS - User alias does not match with defined pattern <br/>
|
132 |
|
* ERR_PASSWORD_SAMEAS_USERALIAS - password is same is user name error <br/>
|
|
158 |
* ERR_INVALID_USERALIAS - User alias does not match with defined
|
|
159 |
* pattern <br/>
|
|
160 |
* ERR_PASSWORD_SAMEAS_USERALIAS - password is same is user name
|
|
161 |
* error <br/>
|
133 |
162 |
*/
|
134 |
|
public int UA_AddUser(
|
135 |
|
String adminUserAlias, String adminUserPassword,
|
|
163 |
public int UA_AddUser(String adminUserAlias, String adminUserPassword,
|
136 |
164 |
String userAlias, String userDesc, String userPassword, int appId) {
|
137 |
165 |
|
138 |
166 |
// check if password is similar to user alias
|
... | ... | |
140 |
168 |
return MinimalConstants.ERR_PASSWORD_SAMEAS_USERALIAS;
|
141 |
169 |
}
|
142 |
170 |
int rc = verifyStaticPasswordService.verifyStaticPassword(
|
143 |
|
adminUserAlias, adminUserPassword, true, MinimalConstants.UTYPE_STATE_ADMIN);
|
|
171 |
adminUserAlias, adminUserPassword, true,
|
|
172 |
MinimalConstants.UTYPE_STATE_ADMIN);
|
144 |
173 |
|
145 |
174 |
if (rc != MinimalConstants.ERR_SUCCESS) {
|
146 |
175 |
return rc;
|
147 |
176 |
}
|
148 |
|
rc = createUserService.addUser(
|
149 |
|
userAlias, MinimalConstants.UTYPE_STATE_USER, userDesc,
|
150 |
|
userPassword, MinimalConstants.UID_STATE_ACTIVE, appId);
|
|
177 |
rc = createUserService.addUser(userAlias,
|
|
178 |
MinimalConstants.UTYPE_STATE_USER, userDesc, userPassword,
|
|
179 |
MinimalConstants.UID_STATE_ACTIVE, appId);
|
151 |
180 |
|
152 |
|
logger.info("UA_AddUser - user alias: [" + userAlias + "] Return: " + rc);
|
|
181 |
logger.info("UA_AddUser - user alias: [" + userAlias + "] Return: "
|
|
182 |
+ rc);
|
153 |
183 |
return rc;
|
154 |
184 |
}
|
155 |
185 |
|
156 |
|
public int addUser(
|
157 |
|
String appAccessId, String hashedSecretKey, MinimalUserBean user,
|
158 |
|
char accessType, Session txSession) {
|
|
186 |
public int addUser(String appAccessId, String hashedSecretKey,
|
|
187 |
MinimalUserBean user, char accessType, Session txSession) {
|
159 |
188 |
|
160 |
|
return addUser(appAccessId, hashedSecretKey, user, accessType, txSession, true);
|
|
189 |
return addUser(appAccessId, hashedSecretKey, user, accessType,
|
|
190 |
txSession, true);
|
161 |
191 |
}
|
162 |
192 |
|
163 |
193 |
/**
|
164 |
194 |
* This methods identifies the target app using <code>appAccessId</code>,
|
165 |
195 |
* hence meant for {@link ClientApp}s
|
166 |
196 |
*
|
167 |
|
* @see #addUser(String, String, MinimalUserBean, char, int, Session, boolean)
|
|
197 |
* @see #addUser(String, String, MinimalUserBean, char, int, Session,
|
|
198 |
* boolean)
|
168 |
199 |
*/
|
169 |
|
public int addUser(
|
170 |
|
String appAccessId, String hashedSecretKey, MinimalUserBean user,
|
171 |
|
char accessType, Session txSession, boolean checkPassword) {
|
|
200 |
public int addUser(String appAccessId, String hashedSecretKey,
|
|
201 |
MinimalUserBean user, char accessType, Session txSession,
|
|
202 |
boolean checkPassword) {
|
172 |
203 |
|
173 |
204 |
final String userAlias = user.getUserAlias();
|
174 |
205 |
final String doubleHashedPassword = user.getPcipherText();
|
... | ... | |
179 |
210 |
}
|
180 |
211 |
int rc;
|
181 |
212 |
try {
|
182 |
|
AccessCheckResult checkResult = checkAppAccess(appAccessId, hashedSecretKey, txSession);
|
|
213 |
AccessCheckResult checkResult = checkAppAccess(appAccessId,
|
|
214 |
hashedSecretKey, txSession);
|
183 |
215 |
|
184 |
216 |
final Integer appId = checkResult.invokerAppId;
|
185 |
217 |
if (appId == null && !checkResult.hasUPassAdminAccess()) {
|
... | ... | |
189 |
221 |
} else {
|
190 |
222 |
user.setUserType(MinimalConstants.UTYPE_STATE_USER);
|
191 |
223 |
user.setPstate(MinimalConstants.UID_STATE_ACTIVE);
|
192 |
|
rc = createUserAndGrantAccessToApp(
|
193 |
|
user, appId.intValue(), accessType, txSession, checkPassword);
|
|
224 |
rc = createUserAndGrantAccessToApp(user, appId.intValue(),
|
|
225 |
accessType, txSession, checkPassword);
|
194 |
226 |
}
|
195 |
227 |
|
196 |
228 |
} catch (UPassException e) {
|
... | ... | |
205 |
237 |
return rc;
|
206 |
238 |
}
|
207 |
239 |
|
208 |
|
private int createUserAndGrantAccessToApp(
|
209 |
|
MinimalUserBean user, int appId, char accessType,
|
210 |
|
Session txSession, boolean checkPassword) {
|
|
240 |
private int createUserAndGrantAccessToApp(MinimalUserBean user, int appId,
|
|
241 |
char accessType, Session txSession, boolean checkPassword) {
|
211 |
242 |
|
212 |
243 |
int rc;
|
213 |
|
CreateUserService.ReturnBundle creationResult =
|
214 |
|
createUserService.addUser(user, txSession, checkPassword);
|
|
244 |
CreateUserService.ReturnBundle creationResult = createUserService
|
|
245 |
.addUser(user, txSession, checkPassword);
|
215 |
246 |
|
216 |
247 |
rc = creationResult.getCode();
|
217 |
248 |
if (rc == MinimalConstants.ERR_SUCCESS) {
|
218 |
249 |
final long userId = creationResult.getUserId().longValue();
|
219 |
|
boolean granted = appAccessMgtService.grantAppAccessToUser(
|
220 |
|
userId, appId, accessType, txSession);
|
|
250 |
boolean granted = appAccessMgtService.grantAppAccessToUser(userId,
|
|
251 |
appId, accessType, txSession);
|
221 |
252 |
|
222 |
|
rc = granted ?
|
223 |
|
MinimalConstants.ERR_SUCCESS
|
|
253 |
rc = granted ? MinimalConstants.ERR_SUCCESS
|
224 |
254 |
: MinimalConstants.ERR_SYSTEM_NOT_READY;
|
225 |
255 |
}
|
226 |
256 |
return rc;
|
227 |
257 |
}
|
228 |
258 |
|
229 |
259 |
/**
|
230 |
|
* Because of the ability to choose the target app,
|
231 |
|
* this method is meant for USS only.
|
|
260 |
* Because of the ability to choose the target app, this method is meant for
|
|
261 |
* USS only.
|
232 |
262 |
*
|
233 |
263 |
* @see #addUser(String, String, MinimalUserBean, char, Session)
|
234 |
264 |
*/
|
235 |
|
public int addUser(
|
236 |
|
String adminUsername, String adminPassword, MinimalUserBean user,
|
237 |
|
char accessType, int targetAppId, Session txSession, boolean checkPassword) {
|
|
265 |
public int addUser(String adminUsername, String adminPassword,
|
|
266 |
MinimalUserBean user, char accessType, int targetAppId,
|
|
267 |
Session txSession, boolean checkPassword) {
|
238 |
268 |
|
239 |
269 |
final String userAlias = user.getUserAlias();
|
240 |
270 |
final String doubleHashedPassword = user.getPcipherText();
|
... | ... | |
245 |
275 |
}
|
246 |
276 |
int rc;
|
247 |
277 |
try {
|
248 |
|
AccessCheckResult checkResult = checkAppAccess(adminUsername, adminPassword, txSession);
|
|
278 |
AccessCheckResult checkResult = checkAppAccess(adminUsername,
|
|
279 |
adminPassword, txSession);
|
249 |
280 |
|
250 |
281 |
if (!checkResult.hasUPassAdminAccess())
|
251 |
282 |
rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED;
|
... | ... | |
253 |
284 |
else {
|
254 |
285 |
user.setUserType(MinimalConstants.UTYPE_STATE_USER);
|
255 |
286 |
user.setPstate(MinimalConstants.UID_STATE_ACTIVE);
|
256 |
|
rc = createUserAndGrantAccessToApp(
|
257 |
|
user, targetAppId, accessType, txSession, checkPassword);
|
|
287 |
rc = createUserAndGrantAccessToApp(user, targetAppId,
|
|
288 |
accessType, txSession, checkPassword);
|
258 |
289 |
}
|
259 |
290 |
} catch (MultipleAppAccessesFound e) {
|
260 |
291 |
rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED;
|
... | ... | |
269 |
300 |
}
|
270 |
301 |
|
271 |
302 |
/**
|
272 |
|
* This method verify static password generated using SP_ChangeStaticPassword().
|
|
303 |
* This method verify static password generated using
|
|
304 |
* SP_ChangeStaticPassword().
|
273 |
305 |
*
|
274 |
306 |
* @param userAlias
|
275 |
307 |
* @param password
|
... | ... | |
278 |
310 |
* ERR_SYSTEM_NOT_READY<br/>
|
279 |
311 |
* ERR_USERALIAS_NOT_FOUND <br/>
|
280 |
312 |
* ERR_INVALID_STATE - user not active or temporary suspended.<br/>
|
281 |
|
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/>
|
|
313 |
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the
|
|
314 |
* user type.<br/>
|
282 |
315 |
* ERR_EXCEED_MAX_TRIES - used ModifyUser to reset password.<br/>
|
283 |
316 |
* ERR_INVALID_CREDENTIAL<br/>
|
284 |
|
* ERR_PASSWD_EXPIRED - password is valid but expired, suggest to change new password.<br/>
|
|
317 |
* ERR_PASSWD_EXPIRED - password is valid but expired, suggest to
|
|
318 |
* change new password.<br/>
|
285 |
319 |
*/
|
286 |
320 |
public int SP_VerifyStaticPassword(String userAlias, String password) {
|
287 |
|
int rc = verifyStaticPasswordService.verifyStaticPassword(userAlias, password, false, 0);
|
288 |
|
logger.info("SP_VerifyStaticPassword - user alias: [" + userAlias + "] Return: " + rc);
|
|
321 |
int rc = verifyStaticPasswordService.verifyStaticPassword(userAlias,
|
|
322 |
password, false, 0);
|
|
323 |
logger.info("SP_VerifyStaticPassword - user alias: [" + userAlias
|
|
324 |
+ "] Return: " + rc);
|
289 |
325 |
return rc;
|
290 |
326 |
}
|
291 |
327 |
|
292 |
|
public int verifyStaticPassword_withAppChecked(
|
293 |
|
String appAccessId, String hashedSecretKey,
|
294 |
|
String username, String hashedPassword) {
|
|
328 |
public int verifyStaticPassword_withAppChecked(String appAccessId,
|
|
329 |
String hashedSecretKey, String username, String hashedPassword) {
|
295 |
330 |
|
296 |
331 |
int rc;
|
297 |
332 |
try {
|
298 |
333 |
checkAppAccessToUser(appAccessId, hashedSecretKey, username, null);
|
299 |
|
rc = verifyStaticPasswordService.verifyStaticPassword(
|
300 |
|
username, hashedPassword, false, 0);
|
|
334 |
rc = verifyStaticPasswordService.verifyStaticPassword(username,
|
|
335 |
hashedPassword, false, 0);
|
301 |
336 |
|
302 |
337 |
} catch (MultipleAppAccessesFound e) {
|
303 |
338 |
rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED;
|
... | ... | |
307 |
342 |
rc = e.getErrorCode();
|
308 |
343 |
e.printStackTrace();
|
309 |
344 |
}
|
310 |
|
logger.info("verifyStaticPassword_withAppChecked - user alias: [" + username + "] Return: " + rc);
|
|
345 |
logger.info("verifyStaticPassword_withAppChecked - user alias: ["
|
|
346 |
+ username + "] Return: " + rc);
|
311 |
347 |
return rc;
|
312 |
348 |
}
|
313 |
349 |
|
... | ... | |
326 |
362 |
* ERR_SYSTEM_NOT_READY<br/>
|
327 |
363 |
* ERR_USERALIAS_NOT_FOUND <br/>
|
328 |
364 |
* ERR_INVALID_STATE - admin not active or temporary suspended.<br/>
|
329 |
|
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/>
|
|
365 |
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the
|
|
366 |
* user type.<br/>
|
330 |
367 |
* ERR_EXCEED_MAX_TRIES<br/>
|
331 |
368 |
* ERR_INVALID_CREDENTIAL<br/>
|
332 |
369 |
* ERR_INVALID_INPUT - internal error.<br/>
|
333 |
370 |
* ERR_USERALIAS_NOT_FOUND<br/>
|
334 |
|
* ERR_INVALID_USERALIAS - User alias does not match with defined pattern <br/>
|
|
371 |
* ERR_INVALID_USERALIAS - User alias does not match with defined
|
|
372 |
* pattern <br/>
|
335 |
373 |
* ERR_REUSED_PASSWD - the password entered was used previously.<br/>
|
336 |
374 |
*/
|
337 |
|
public int UA_ModifyUser(
|
338 |
|
String adminUserAlias, String adminUserPassword,
|
|
375 |
public int UA_ModifyUser(String adminUserAlias, String adminUserPassword,
|
339 |
376 |
String userAlias, String userDesc, String userPassword) {
|
340 |
377 |
|
341 |
378 |
// check if password is similar to user alias
|
... | ... | |
361 |
398 |
return rc;
|
362 |
399 |
}
|
363 |
400 |
|
364 |
|
public int updateProfileShallowly(
|
365 |
|
String appAccessId, String hashedSecretKey,
|
366 |
|
UserProfile profile, Session txSession)
|
|
401 |
public int updateProfileShallowly(String appAccessId,
|
|
402 |
String hashedSecretKey, UserProfile profile, Session txSession)
|
367 |
403 |
throws UPassException {
|
368 |
404 |
|
369 |
405 |
MinimalUserBean user = profile.getMinUser();
|
... | ... | |
371 |
407 |
|
372 |
408 |
int rc;
|
373 |
409 |
try {
|
374 |
|
AccessCheckResult checkResult = checkAppAccess(appAccessId, hashedSecretKey, txSession);
|
|
410 |
AccessCheckResult checkResult = checkAppAccess(appAccessId,
|
|
411 |
hashedSecretKey, txSession);
|
375 |
412 |
|
376 |
413 |
final Integer invokingAppId = checkResult.invokerAppId;
|
377 |
414 |
|
378 |
|
final Object appIdObj = AppAccessMgtService.profileToAppMap.get(profile.getClass());
|
|
415 |
final Object appIdObj = AppAccessMgtService.profileToAppMap
|
|
416 |
.get(profile.getClass());
|
379 |
417 |
final int appIdForProfile = ((Integer) appIdObj).intValue();
|
380 |
418 |
|
381 |
419 |
boolean permitted = true;
|
... | ... | |
387 |
425 |
} else if (invokingAppId.intValue() != appIdForProfile) {
|
388 |
426 |
permitted = false;
|
389 |
427 |
}
|
390 |
|
rc = permitted ?
|
391 |
|
modifyUserService.updateProfileShallowly(profile, txSession)
|
392 |
|
: MinimalConstants.ERR_APP_SERV_NOT_PERMITTED;
|
|
428 |
rc = permitted ? modifyUserService.updateProfileShallowly(profile,
|
|
429 |
txSession) : MinimalConstants.ERR_APP_SERV_NOT_PERMITTED;
|
393 |
430 |
|
394 |
431 |
} catch (MultipleAppAccessesFound e) {
|
395 |
432 |
rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED;
|
396 |
433 |
e.printStackTrace();
|
397 |
434 |
}
|
398 |
|
logger.info("updateProfileShallowly - user alias: [" + userAlias + "] Return: " + rc);
|
|
435 |
logger.info("updateProfileShallowly - user alias: [" + userAlias
|
|
436 |
+ "] Return: " + rc);
|
399 |
437 |
return rc;
|
400 |
438 |
}
|
401 |
439 |
|
402 |
440 |
/**
|
403 |
|
* This method generate static password and to be using SP_VerifyStaticPassword()
|
|
441 |
* This method generate static password and to be using
|
|
442 |
* SP_VerifyStaticPassword()
|
404 |
443 |
*
|
405 |
444 |
* @param userAlias
|
406 |
445 |
* @param newPassword
|
... | ... | |
410 |
449 |
* ERR_SYSTEM_NOT_READY<br/>
|
411 |
450 |
* ERR_USERALIAS_NOT_FOUND<br/>
|
412 |
451 |
* ERR_INVALID_STATE - user not active or temporary suspended.<br/>
|
413 |
|
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/>
|
|
452 |
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the
|
|
453 |
* user type.<br/>
|
414 |
454 |
* ERR_EXCEED_MAX_TRIES - used ModifyUser to reset password.<br/>
|
415 |
455 |
* ERR_INVALID_CREDENTIAL<br/>
|
416 |
456 |
* ERR_REUSED_PASSWD - reuse previous generated password.<br/>
|
417 |
457 |
*/
|
418 |
|
public int SP_ChangeStaticPassword(String userAlias, String newPassword, String oldPassword) {
|
419 |
|
int rc = changeStaticPasswordService.changeStaticPassword(userAlias, newPassword, oldPassword, true);
|
420 |
|
logger.info("SP_ChangeStaticPassword - user alias: [" + userAlias + "] Return: " + rc);
|
|
458 |
public int SP_ChangeStaticPassword(String userAlias, String newPassword,
|
|
459 |
String oldPassword) {
|
|
460 |
int rc = changeStaticPasswordService.changeStaticPassword(userAlias,
|
|
461 |
newPassword, oldPassword, true);
|
|
462 |
logger.info("SP_ChangeStaticPassword - user alias: [" + userAlias
|
|
463 |
+ "] Return: " + rc);
|
421 |
464 |
return rc;
|
422 |
465 |
}
|
423 |
466 |
|
424 |
|
public int changeStaticPassword_withAppChecked(
|
425 |
|
String appAccessId, String hashedSecretKey,
|
426 |
|
String username, String newHashedPassword, String oldHashedPassword) {
|
|
467 |
public int changeStaticPassword_withAppChecked(String appAccessId,
|
|
468 |
String hashedSecretKey, String username, String newHashedPassword,
|
|
469 |
String oldHashedPassword) {
|
427 |
470 |
|
428 |
471 |
int rc;
|
429 |
472 |
try {
|
430 |
473 |
checkAppAccessToUser(appAccessId, hashedSecretKey, username, null);
|
431 |
|
rc = changeStaticPasswordService.changeStaticPassword(
|
432 |
|
username, newHashedPassword, oldHashedPassword, true);
|
|
474 |
rc = changeStaticPasswordService.changeStaticPassword(username,
|
|
475 |
newHashedPassword, oldHashedPassword, true);
|
433 |
476 |
|
434 |
477 |
} catch (MultipleAppAccessesFound e) {
|
435 |
478 |
rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED;
|
... | ... | |
439 |
482 |
rc = e.getErrorCode();
|
440 |
483 |
e.printStackTrace();
|
441 |
484 |
}
|
442 |
|
logger.info("changeStaticPassword_withAppChecked - user alias: [" + username + "] Return: " + rc);
|
|
485 |
logger.info("changeStaticPassword_withAppChecked - user alias: ["
|
|
486 |
+ username + "] Return: " + rc);
|
443 |
487 |
return rc;
|
444 |
488 |
}
|
445 |
489 |
|
446 |
|
public int resetPassword_withAppChecked(
|
447 |
|
String appAccessId, String hashedSecretKey,
|
448 |
|
String username, String newHashedPassword) {
|
|
490 |
public int resetPassword_withAppChecked(String appAccessId,
|
|
491 |
String hashedSecretKey, String username, String newHashedPassword) {
|
449 |
492 |
|
450 |
493 |
int rc;
|
451 |
494 |
try {
|
452 |
495 |
checkAppAccessToUser(appAccessId, hashedSecretKey, username, null);
|
453 |
|
rc = modifyUserService.modifyUser(
|
454 |
|
username, MinimalConstants.UTYPE_STATE_USER, "",
|
455 |
|
newHashedPassword, MinimalConstants.UID_STATE_ACTIVE);
|
|
496 |
rc = modifyUserService.modifyUser(username,
|
|
497 |
MinimalConstants.UTYPE_STATE_USER, "", newHashedPassword,
|
|
498 |
MinimalConstants.UID_STATE_ACTIVE);
|
456 |
499 |
|
457 |
500 |
} catch (MultipleAppAccessesFound e) {
|
458 |
501 |
rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED;
|
... | ... | |
462 |
505 |
rc = e.getErrorCode();
|
463 |
506 |
e.printStackTrace();
|
464 |
507 |
}
|
465 |
|
logger.info("resetPassword_withAppChecked - user alias: [" + username + "] Return: " + rc);
|
|
508 |
logger.info("resetPassword_withAppChecked - user alias: [" + username
|
|
509 |
+ "] Return: " + rc);
|
466 |
510 |
return rc;
|
467 |
511 |
}
|
468 |
512 |
|
... | ... | |
487 |
531 |
}
|
488 |
532 |
}
|
489 |
533 |
|
490 |
|
protected AccessCheckResult checkAppAccessToUser(
|
491 |
|
String appAccessId, String hashedSecretKey, String username, final Session txSession)
|
|
534 |
protected AccessCheckResult checkAppAccessToUser(String appAccessId,
|
|
535 |
String hashedSecretKey, String username, final Session txSession)
|
492 |
536 |
throws MultipleAppAccessesFound, UPassException {
|
493 |
537 |
|
494 |
|
AccessCheckResult checkResult = checkAppAccess(appAccessId, hashedSecretKey, txSession);
|
|
538 |
AccessCheckResult checkResult = checkAppAccess(appAccessId,
|
|
539 |
hashedSecretKey, txSession);
|
495 |
540 |
|
496 |
541 |
if (checkResult.hasUPassAdminAccess())
|
497 |
542 |
return checkResult;
|
498 |
543 |
|
499 |
|
List appIdsForUser = appAccessMgtService.listAppIdsForUser(username, txSession);
|
500 |
|
int retCode =
|
501 |
|
!appIdsForUser.isEmpty() ?
|
502 |
|
appIdsForUser.contains(checkResult.invokerAppId) ?
|
503 |
|
MinimalConstants.ERR_SUCCESS
|
504 |
|
: MinimalConstants.ERR_APP_SERV_NOT_PERMITTED
|
505 |
|
: MinimalConstants.ERR_USERALIAS_NOT_FOUND;
|
|
544 |
List appIdsForUser = appAccessMgtService.listAppIdsForUser(username,
|
|
545 |
txSession);
|
|
546 |
int retCode = !appIdsForUser.isEmpty() ? appIdsForUser
|
|
547 |
.contains(checkResult.invokerAppId) ? MinimalConstants.ERR_SUCCESS
|
|
548 |
: MinimalConstants.ERR_APP_SERV_NOT_PERMITTED
|
|
549 |
: MinimalConstants.ERR_USERALIAS_NOT_FOUND;
|
506 |
550 |
|
507 |
551 |
if (retCode != MinimalConstants.ERR_SUCCESS)
|
508 |
552 |
throw new UPassException(retCode);
|
... | ... | |
510 |
554 |
return checkResult;
|
511 |
555 |
}
|
512 |
556 |
|
513 |
|
public AccessCheckResult checkAppAccess(
|
514 |
|
String appAccessId, String hashedSecretKey, final Session txSession)
|
|
557 |
public AccessCheckResult checkAppAccess(String appAccessId,
|
|
558 |
String hashedSecretKey, final Session txSession)
|
515 |
559 |
throws UPassException, MultipleAppAccessesFound {
|
516 |
560 |
|
517 |
|
ReturnBundle ret = verifyStaticPasswordService.verifyStaticPassword_returnUser(
|
518 |
|
appAccessId, hashedSecretKey, false, 0, txSession);
|
|
561 |
ReturnBundle ret = verifyStaticPasswordService
|
|
562 |
.verifyStaticPassword_returnUser(appAccessId, hashedSecretKey,
|
|
563 |
false, 0, txSession);
|
519 |
564 |
|
520 |
565 |
final int retCode = ret.getCode();
|
521 |
566 |
if (retCode != MinimalConstants.ERR_SUCCESS)
|
... | ... | |
527 |
572 |
if (result.hasUPassAdminAccess())
|
528 |
573 |
return result;
|
529 |
574 |
|
530 |
|
result.invokerAppId = appAccessMgtService.getAppIdForAdmin(appAccessId, txSession);
|
|
575 |
result.invokerAppId = appAccessMgtService.getAppIdForAdmin(appAccessId,
|
|
576 |
txSession);
|
531 |
577 |
return result;
|
532 |
578 |
}
|
533 |
579 |
|
... | ... | |
537 |
583 |
*
|
538 |
584 |
* @see #findProfile(String, String, String, Integer, Session)
|
539 |
585 |
*/
|
540 |
|
public UserProfile findProfile(
|
541 |
|
String appAccessId, String hashedSecretKey,
|
542 |
|
String username, Session txSession)
|
543 |
|
throws UPassException {
|
|
586 |
public UserProfile findProfile(String appAccessId, String hashedSecretKey,
|
|
587 |
String username, Session txSession) throws UPassException {
|
544 |
588 |
|
545 |
|
return findProfile(appAccessId, hashedSecretKey, username, null, txSession);
|
|
589 |
return findProfile(appAccessId, hashedSecretKey, username, null,
|
|
590 |
txSession);
|
546 |
591 |
}
|
547 |
592 |
|
548 |
593 |
/**
|
549 |
|
* Because of the ability to choose the target app,
|
550 |
|
* this method is meant for USS mainly.
|
|
594 |
* Because of the ability to choose the target app, this method is meant for
|
|
595 |
* USS mainly.
|
551 |
596 |
*
|
552 |
597 |
* @see #findProfile(String, String, String, Session)
|
553 |
598 |
*/
|
554 |
|
public UserProfile findProfile(
|
555 |
|
String appAccessId, String hashedSecretKey,
|
|
599 |
public UserProfile findProfile(String appAccessId, String hashedSecretKey,
|
556 |
600 |
String username, Integer targetAppId, Session txSession)
|
557 |
601 |
throws UPassException {
|
558 |
602 |
|
559 |
603 |
try {
|
560 |
|
AccessCheckResult checkResult = checkAppAccess(appAccessId, hashedSecretKey, txSession);
|
|
604 |
AccessCheckResult checkResult = checkAppAccess(appAccessId,
|
|
605 |
hashedSecretKey, txSession);
|
561 |
606 |
final boolean upassAdmin = checkResult.hasUPassAdminAccess();
|
562 |
607 |
if (upassAdmin) {
|
563 |
608 |
if (targetAppId == null)
|
... | ... | |
565 |
610 |
|
566 |
611 |
} else {
|
567 |
612 |
if (checkResult.invokerAppId == null)
|
568 |
|
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED);
|
|
613 |
throw new UPassException(
|
|
614 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED);
|
569 |
615 |
|
570 |
616 |
if (targetAppId == null) {
|
571 |
617 |
targetAppId = checkResult.invokerAppId;
|
572 |
618 |
|
573 |
619 |
} else if (!targetAppId.equals(checkResult.invokerAppId)) {
|
574 |
|
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED);
|
|
620 |
throw new UPassException(
|
|
621 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED);
|
575 |
622 |
}
|
576 |
623 |
}
|
577 |
624 |
List profiles = modifyUserService.listProfiles(username, txSession);
|
578 |
|
for (Iterator profileIter = profiles.iterator(); profileIter.hasNext();) {
|
|
625 |
for (Iterator profileIter = profiles.iterator(); profileIter
|
|
626 |
.hasNext();) {
|
579 |
627 |
UserProfile profile = (UserProfile) profileIter.next();
|
580 |
628 |
|
581 |
|
final Integer appIdForProfile = (Integer) AppAccessMgtService
|
582 |
|
.profileToAppMap.get(profile.getClass());
|
|
629 |
final Integer appIdForProfile = (Integer) AppAccessMgtService.profileToAppMap
|
|
630 |
.get(profile.getClass());
|
583 |
631 |
|
584 |
632 |
if (targetAppId.equals(appIdForProfile)) {
|
585 |
633 |
return profile;
|
... | ... | |
588 |
636 |
return null;
|
589 |
637 |
|
590 |
638 |
} catch (MultipleAppAccessesFound e) {
|
591 |
|
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED, e);
|
|
639 |
throw new UPassException(
|
|
640 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED, e);
|
592 |
641 |
}
|
593 |
642 |
}
|
594 |
643 |
|
595 |
|
public List/* <UserProfile> */listProfilesByExamples(
|
596 |
|
String appAccessId, String hashedSecretKey,
|
597 |
|
List/* <UserProfile> */exampleProfiles, Session txSession)
|
598 |
|
throws UPassException {
|
|
644 |
public List/* <UserProfile> */listProfilesByExamples(String appAccessId,
|
|
645 |
String hashedSecretKey, List/* <UserProfile> */exampleProfiles,
|
|
646 |
Session txSession) throws UPassException {
|
599 |
647 |
|
600 |
|
return listProfilesByExamples(appAccessId, hashedSecretKey, exampleProfiles, null, txSession);
|
|
648 |
return listProfilesByExamples(appAccessId, hashedSecretKey,
|
|
649 |
exampleProfiles, null, txSession);
|
601 |
650 |
}
|
602 |
651 |
|
603 |
|
public List/* <UserProfile> */listProfilesByExamples(
|
604 |
|
String appAccessId, String hashedSecretKey,
|
605 |
|
List/* <UserProfile> */exampleProfiles, Integer targetAppId, Session txSession)
|
606 |
|
throws UPassException {
|
|
652 |
public List/* <UserProfile> */listProfilesByExamples(String appAccessId,
|
|
653 |
String hashedSecretKey, List/* <UserProfile> */exampleProfiles,
|
|
654 |
Integer targetAppId, Session txSession) throws UPassException {
|
607 |
655 |
|
608 |
656 |
try {
|
609 |
|
AccessCheckResult checkResult = checkAppAccess(appAccessId, hashedSecretKey, txSession);
|
|
657 |
AccessCheckResult checkResult = checkAppAccess(appAccessId,
|
|
658 |
hashedSecretKey, txSession);
|
610 |
659 |
final boolean upassAdmin = checkResult.hasUPassAdminAccess();
|
611 |
660 |
if (!upassAdmin) {
|
612 |
661 |
if (checkResult.invokerAppId == null)
|
613 |
|
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED);
|
|
662 |
throw new UPassException(
|
|
663 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED);
|
614 |
664 |
|
615 |
665 |
if (targetAppId == null) {
|
616 |
666 |
targetAppId = checkResult.invokerAppId;
|
617 |
667 |
|
618 |
668 |
} else if (!targetAppId.equals(checkResult.invokerAppId)) {
|
619 |
|
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED);
|
|
669 |
throw new UPassException(
|
|
670 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED);
|
620 |
671 |
}
|
621 |
672 |
}
|
622 |
|
List profiles = modifyUserService.listProfilesByExamples(exampleProfiles, txSession);
|
|
673 |
List profiles = modifyUserService.listProfilesByExamples(
|
|
674 |
exampleProfiles, txSession);
|
623 |
675 |
if (targetAppId != null)
|
624 |
|
for (Iterator iterator = profiles.iterator(); iterator.hasNext();) {
|
|
676 |
for (Iterator iterator = profiles.iterator(); iterator
|
|
677 |
.hasNext();) {
|
625 |
678 |
UserProfile profile = (UserProfile) iterator.next();
|
626 |
679 |
|
627 |
|
final Integer appIdForProfile = (Integer) AppAccessMgtService
|
628 |
|
.profileToAppMap.get(profile.getClass());
|
|
680 |
final Integer appIdForProfile = (Integer) AppAccessMgtService.profileToAppMap
|
|
681 |
.get(profile.getClass());
|
629 |
682 |
|
630 |
683 |
if (!targetAppId.equals(appIdForProfile))
|
631 |
684 |
iterator.remove();
|
... | ... | |
633 |
686 |
return profiles;
|
634 |
687 |
|
635 |
688 |
} catch (MultipleAppAccessesFound e) {
|
636 |
|
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED, e);
|
|
689 |
throw new UPassException(
|
|
690 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED, e);
|
637 |
691 |
}
|
638 |
692 |
}
|
639 |
693 |
|
640 |
|
public List/* <UserProfile> */listProfilesByExamples(
|
641 |
|
String appAccessId, String hashedSecretKey,
|
642 |
|
List/* <UserProfile> */exampleProfiles, Date fromDate, Date toDate, Session txSession)
|
|
694 |
public List/* <UserProfile> */listProfilesByExamples(String appAccessId,
|
|
695 |
String hashedSecretKey, List/* <UserProfile> */exampleProfiles,
|
|
696 |
Date fromDate, Date toDate, Session txSession)
|
643 |
697 |
throws UPassException {
|
644 |
698 |
|
645 |
699 |
try {
|
646 |
|
AccessCheckResult checkResult = checkAppAccess(appAccessId, hashedSecretKey, txSession);
|
|
700 |
AccessCheckResult checkResult = checkAppAccess(appAccessId,
|
|
701 |
hashedSecretKey, txSession);
|
647 |
702 |
final boolean upassAdmin = checkResult.hasUPassAdminAccess();
|
648 |
703 |
if (!upassAdmin) {
|
649 |
704 |
if (checkResult.invokerAppId == null)
|
650 |
|
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED);
|
|
705 |
throw new UPassException(
|
|
706 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED);
|
651 |
707 |
}
|
652 |
|
List profiles = modifyUserService.listProfilesByExamples(exampleProfiles, fromDate, toDate, txSession);
|
|
708 |
List profiles = modifyUserService.listProfilesByExamples(
|
|
709 |
exampleProfiles, fromDate, toDate, txSession);
|
653 |
710 |
|
654 |
711 |
return profiles;
|
655 |
712 |
|
656 |
713 |
} catch (MultipleAppAccessesFound e) {
|
657 |
|
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED, e);
|
|
714 |
throw new UPassException(
|
|
715 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED, e);
|
658 |
716 |
}
|
659 |
717 |
}
|
660 |
718 |
|
... | ... | |
663 |
721 |
if (maybankLdapDAO == null) {
|
664 |
722 |
Resource resource = new ClassPathResource("spring-ldap.xml");
|
665 |
723 |
BeanFactory factory = new XmlBeanFactory(resource);
|
666 |
|
maybankLdapDAO = (MaybankLdapDAO) factory.getBean("maybankLdap");
|
|
724 |
maybankLdapDAO = (MaybankLdapDAO) factory
|
|
725 |
.getBean("maybankLdap");
|
667 |
726 |
}
|
668 |
727 |
|
669 |
728 |
return maybankLdapDAO;
|