Revision 79:5e3f95cb45d8
src/main/java/my/com/upass/MinimalUPassControllerV2.java | ||
---|---|---|
9 | 9 |
|
10 | 10 |
import my.com.upass.dao.ConfigurationDAO; |
11 | 11 |
import my.com.upass.dao.MinimalDAOFactory; |
12 |
import my.com.upass.generic.hibernate.GenericDAOHibernate; |
|
13 |
import my.com.upass.generic.hibernate.HibernateUtils; |
|
12 | 14 |
import my.com.upass.maybank.entities.IbccUser; |
13 | 15 |
import my.com.upass.maybank.entities.Im2uUser; |
14 | 16 |
import my.com.upass.maybank.entities.M2uUser; |
... | ... | |
21 | 23 |
import my.com.upass.pojo.ConfigurationBean; |
22 | 24 |
import my.com.upass.pojo.MinimalUserBean; |
23 | 25 |
import my.com.upass.pojo.UserAppAccess; |
26 |
import my.com.upass.pojo.AuthenticationBean.CredentialSelector; |
|
24 | 27 |
import my.com.upass.services.AppAccessMgtService; |
25 | 28 |
import my.com.upass.services.AppAccessMgtService.MultipleAppAccessesFound; |
26 | 29 |
import my.com.upass.services.ChangeStaticPasswordService; |
... | ... | |
308 | 311 |
String username, String hashedPassword) { |
309 | 312 |
|
310 | 313 |
int rc; |
314 |
Session txSession = null; |
|
311 | 315 |
try { |
312 |
// AuthenticationBean authBean = verifyStaticPasswordService.retrieveAuthBeanFor(
|
|
313 |
// appAccessId, hashedSecretKey, username, hashedPassword);
|
|
316 |
txSession = HibernateUtils.currentSession();
|
|
317 |
txSession.beginTransaction();
|
|
314 | 318 |
|
315 |
checkAppAccessToUser(appAccessId, hashedSecretKey, username, null);
|
|
316 |
// checkAppAccessToUser(authBean);
|
|
319 |
AuthenticationBean authBean = verifyStaticPasswordService.retrieveAuthBeanFor(
|
|
320 |
appAccessId, hashedSecretKey, username, hashedPassword, txSession);
|
|
317 | 321 |
|
318 |
rc = verifyStaticPasswordService.verifyStaticPassword(username, hashedPassword, false, 0); |
|
319 |
// rc = verifyStaticPasswordService.verifyStaticPassword(authBean, false, 0); |
|
322 |
// checkAppAccessToUser(appAccessId, hashedSecretKey, username, null); |
|
323 |
checkAppAccessToUser(authBean, txSession); |
|
324 |
|
|
325 |
// rc = verifyStaticPasswordService.verifyStaticPassword(username, hashedPassword, false, 0); |
|
326 |
ReturnBundle ret = verifyStaticPasswordService.verifyUserCredetial_returnUser( |
|
327 |
authBean, CredentialSelector.TARGET, false, 0, false, txSession); |
|
328 |
rc = ret.getCode(); |
|
329 |
|
|
330 |
boolean updated = verifyStaticPasswordService.storeTheUsersInside(authBean, txSession); |
|
331 |
if (!updated && rc == MinimalConstants.ERR_SUCCESS) |
|
332 |
rc = MinimalConstants.ERR_SYSTEM_NOT_READY; |
|
333 |
|
|
334 |
txSession.getTransaction().commit(); |
|
320 | 335 |
|
321 | 336 |
} catch (MultipleAppAccessesFound e) { |
322 | 337 |
rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED; |
323 | 338 |
e.printStackTrace(); |
339 |
GenericDAOHibernate.rollbackTransactionIfAny(txSession); |
|
324 | 340 |
|
325 | 341 |
} catch (UPassException e) { |
326 | 342 |
rc = e.getErrorCode(); |
327 | 343 |
e.printStackTrace(); |
344 |
GenericDAOHibernate.rollbackTransactionIfAny(txSession); |
|
328 | 345 |
|
329 | 346 |
} catch (Exception e) { |
330 | 347 |
rc = MinimalConstants.ERR_SYSTEM_NOT_READY; |
331 | 348 |
e.printStackTrace(); |
349 |
GenericDAOHibernate.rollbackTransactionIfAny(txSession); |
|
350 |
|
|
351 |
} finally { |
|
352 |
GenericDAOHibernate.closeSessionIfAny(txSession); |
|
332 | 353 |
} |
333 | 354 |
logger.info("verifyStaticPassword_withAppChecked - user alias: [" + username + "] Return: " + rc); |
334 | 355 |
return rc; |
... | ... | |
409 | 430 |
} else if (invokingAppId.intValue() != appIdForProfile) { |
410 | 431 |
permitted = false; |
411 | 432 |
} |
412 |
if (permitted){ |
|
433 |
if (permitted) {
|
|
413 | 434 |
rc = updateProfileShallowly_noAccessCheck(profile, txSession); |
414 |
}else{
|
|
435 |
} else {
|
|
415 | 436 |
rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED; |
416 | 437 |
} |
417 | 438 |
|
... | ... | |
448 | 469 |
int rc = granted ? |
449 | 470 |
modifyUserService.updateProfileShallowly(profile, txSession) |
450 | 471 |
: MinimalConstants.ERR_SYSTEM_NOT_READY; |
451 |
|
|
472 |
|
|
452 | 473 |
if (rc == MinimalConstants.ERR_SUCCESS && isInMigrationPeriod()) { |
453 | 474 |
Map attrMap = new HashMap(); |
454 |
String[] objectClasses = null;
|
|
455 |
|
|
456 |
if(profile instanceof M2uUser){
|
|
457 |
objectClasses = new String[]{MaybankLdapConstant.OBJECT_CLASS_M2U};
|
|
458 |
|
|
459 |
if(!isEmptyString(((M2uUser)profile).getPan1()))
|
|
460 |
attrMap.put(MaybankLdapConstant.ATTR_PAN_1, ((M2uUser)profile).getPan1()); |
|
461 |
if(!isEmptyString(((M2uUser)profile).getPan2()))
|
|
462 |
attrMap.put(MaybankLdapConstant.ATTR_PAN_2, ((M2uUser)profile).getPan2()); |
|
463 |
|
|
464 |
} else if(profile instanceof Im2uUser){
|
|
475 |
String[] objectClasses = null; |
|
476 |
|
|
477 |
if (profile instanceof M2uUser) {
|
|
478 |
objectClasses = new String[] { MaybankLdapConstant.OBJECT_CLASS_M2U };
|
|
479 |
|
|
480 |
if (!isEmptyString(((M2uUser) profile).getPan1()))
|
|
481 |
attrMap.put(MaybankLdapConstant.ATTR_PAN_1, ((M2uUser) profile).getPan1());
|
|
482 |
if (!isEmptyString(((M2uUser) profile).getPan2()))
|
|
483 |
attrMap.put(MaybankLdapConstant.ATTR_PAN_2, ((M2uUser) profile).getPan2());
|
|
484 |
|
|
485 |
} else if (profile instanceof Im2uUser) {
|
|
465 | 486 |
objectClasses = new String[] { |
466 | 487 |
MaybankLdapConstant.OBJECT_CLASS_M2U, |
467 | 488 |
MaybankLdapConstant.OBJECT_CLASS_IM2U }; |
468 |
|
|
469 |
if(!isEmptyString(((Im2uUser)profile).getWsFlag())) |
|
470 |
attrMap.put(MaybankLdapConstant.ATTR_WS_FLAG, ((Im2uUser)profile).getWsFlag()); |
|
471 |
if(!isEmptyString(((Im2uUser)profile).getWsIdentCode())) |
|
472 |
attrMap.put(MaybankLdapConstant.ATTR_WS_IDENTCODE, ((Im2uUser)profile).getWsIdentCode()); |
|
473 |
if(!isEmptyString(((Im2uUser)profile).getWsMySgId())) |
|
474 |
attrMap.put(MaybankLdapConstant.ATTR_WS_MYSGID, ((Im2uUser)profile).getWsMySgId()); |
|
475 |
if(((Im2uUser)profile).getWsRegTimeStamp() != null) |
|
476 |
attrMap.put(MaybankLdapConstant.ATTR_WS_REGTIMESTAMP, Im2uUser.DATE_FORMAT.format(((Im2uUser)profile).getWsRegTimeStamp())); |
|
477 |
if(((Im2uUser)profile).getM2uUser() != null){ |
|
478 |
if(!isEmptyString(((Im2uUser)profile).getM2uUser().getPan1())) |
|
479 |
attrMap.put(MaybankLdapConstant.ATTR_PAN_1, ((Im2uUser)profile).getM2uUser().getPan1()); |
|
480 |
if(!isEmptyString(((Im2uUser)profile).getM2uUser().getPan2())) |
|
481 |
attrMap.put(MaybankLdapConstant.ATTR_PAN_2, ((Im2uUser)profile).getM2uUser().getPan2()); |
|
489 |
|
|
490 |
if (!isEmptyString(((Im2uUser) profile).getWsFlag())) |
|
491 |
attrMap.put(MaybankLdapConstant.ATTR_WS_FLAG, ((Im2uUser) profile).getWsFlag()); |
|
492 |
if (!isEmptyString(((Im2uUser) profile).getWsIdentCode())) |
|
493 |
attrMap.put(MaybankLdapConstant.ATTR_WS_IDENTCODE, ((Im2uUser) profile).getWsIdentCode()); |
|
494 |
if (!isEmptyString(((Im2uUser) profile).getWsMySgId())) |
|
495 |
attrMap.put(MaybankLdapConstant.ATTR_WS_MYSGID, ((Im2uUser) profile).getWsMySgId()); |
|
496 |
if (((Im2uUser) profile).getWsRegTimeStamp() != null) |
|
497 |
attrMap.put(MaybankLdapConstant.ATTR_WS_REGTIMESTAMP, |
|
498 |
Im2uUser.DATE_FORMAT.format(((Im2uUser) profile).getWsRegTimeStamp())); |
|
499 |
if (((Im2uUser) profile).getM2uUser() != null) { |
|
500 |
if (!isEmptyString(((Im2uUser) profile).getM2uUser().getPan1())) |
|
501 |
attrMap.put(MaybankLdapConstant.ATTR_PAN_1, ((Im2uUser) profile).getM2uUser().getPan1()); |
|
502 |
if (!isEmptyString(((Im2uUser) profile).getM2uUser().getPan2())) |
|
503 |
attrMap.put(MaybankLdapConstant.ATTR_PAN_2, ((Im2uUser) profile).getM2uUser().getPan2()); |
|
482 | 504 |
} |
483 |
|
|
484 |
} else if(profile instanceof TicketingUser){
|
|
505 |
|
|
506 |
} else if (profile instanceof TicketingUser) {
|
|
485 | 507 |
objectClasses = new String[] { |
486 | 508 |
MaybankLdapConstant.OBJECT_CLASS_ONLINE_TICKETING, |
487 | 509 |
"person", "organizationalPerson", |
488 | 510 |
"inetOrgPerson" }; |
489 |
if(!isEmptyString(((TicketingUser)profile).getPayeeCode())){
|
|
490 |
attrMap.put(MaybankLdapConstant.ATTR_PAYEE_CODE, ((TicketingUser)profile).getPayeeCode()); |
|
511 |
if (!isEmptyString(((TicketingUser) profile).getPayeeCode())) {
|
|
512 |
attrMap.put(MaybankLdapConstant.ATTR_PAYEE_CODE, ((TicketingUser) profile).getPayeeCode());
|
|
491 | 513 |
attrMap.put("cn", username); |
492 | 514 |
attrMap.put("sn", username); |
493 | 515 |
attrMap.put("givenName", username); |
494 | 516 |
} |
495 |
|
|
496 |
} else if(profile instanceof StockUser){
|
|
517 |
|
|
518 |
} else if (profile instanceof StockUser) {
|
|
497 | 519 |
objectClasses = new String[] { |
498 | 520 |
MaybankLdapConstant.OBJECT_CLASS_M2U, |
499 | 521 |
MaybankLdapConstant.OBJECT_CLASS_ONLINE_STOCK1, |
500 | 522 |
MaybankLdapConstant.OBJECT_CLASS_ONLINE_STOCK2 }; |
501 |
|
|
502 |
if(!isEmptyString(((StockUser)profile).getIdNo())){
|
|
503 |
attrMap.put(MaybankLdapConstant.ATTR_IDNO, ((StockUser)profile).getIdNo()); |
|
523 |
|
|
524 |
if (!isEmptyString(((StockUser) profile).getIdNo())) {
|
|
525 |
attrMap.put(MaybankLdapConstant.ATTR_IDNO, ((StockUser) profile).getIdNo());
|
|
504 | 526 |
attrMap.put(MaybankLdapConstant.ATTR_CUST_TYPE, "0"); |
505 | 527 |
} |
506 |
|
|
507 |
if(((StockUser)profile).getM2uUser() != null){
|
|
508 |
if(!isEmptyString(((StockUser)profile).getM2uUser().getPan1()))
|
|
509 |
attrMap.put(MaybankLdapConstant.ATTR_PAN_1, ((StockUser)profile).getM2uUser().getPan1()); |
|
510 |
if(!isEmptyString(((StockUser)profile).getM2uUser().getPan2()))
|
|
511 |
attrMap.put(MaybankLdapConstant.ATTR_PAN_2, ((StockUser)profile).getM2uUser().getPan2()); |
|
528 |
|
|
529 |
if (((StockUser) profile).getM2uUser() != null) {
|
|
530 |
if (!isEmptyString(((StockUser) profile).getM2uUser().getPan1()))
|
|
531 |
attrMap.put(MaybankLdapConstant.ATTR_PAN_1, ((StockUser) profile).getM2uUser().getPan1());
|
|
532 |
if (!isEmptyString(((StockUser) profile).getM2uUser().getPan2()))
|
|
533 |
attrMap.put(MaybankLdapConstant.ATTR_PAN_2, ((StockUser) profile).getM2uUser().getPan2());
|
|
512 | 534 |
} |
513 |
|
|
514 |
} else if(profile instanceof IbccUser){
|
|
515 |
objectClasses = new String[]{MaybankLdapConstant.OBJECT_CLASS_CCPP};
|
|
516 |
if(!isEmptyString(((IbccUser)profile).getPanCc()))
|
|
517 |
attrMap.put(MaybankLdapConstant.ATTR_PANCC, ((IbccUser)profile).getPanCc()); |
|
518 |
}
|
|
535 |
|
|
536 |
} else if (profile instanceof IbccUser) {
|
|
537 |
objectClasses = new String[] { MaybankLdapConstant.OBJECT_CLASS_CCPP };
|
|
538 |
if (!isEmptyString(((IbccUser) profile).getPanCc()))
|
|
539 |
attrMap.put(MaybankLdapConstant.ATTR_PANCC, ((IbccUser) profile).getPanCc());
|
|
540 |
} |
|
519 | 541 |
|
520 | 542 |
if (!attrMap.isEmpty()) { |
521 |
if(profile instanceof TicketingUser){
|
|
522 |
if(MinimalUPassControllerV2.getMaybankLdapDAO().isUserExist(username)){
|
|
543 |
if (profile instanceof TicketingUser) {
|
|
544 |
if (MinimalUPassControllerV2.getMaybankLdapDAO().isUserExist(username)) {
|
|
523 | 545 |
MinimalUPassControllerV2.getMaybankLdapDAO().updateTicketingUser(username, attrMap); |
524 | 546 |
logger.info("Ticketing User updated in LDAP: " + username); |
525 |
}else{ |
|
526 |
MinimalUPassControllerV2.getMaybankLdapDAO().createTicketingUser(username, userPassword, objectClasses, attrMap); |
|
547 |
} else { |
|
548 |
MinimalUPassControllerV2.getMaybankLdapDAO().createTicketingUser(username, userPassword, |
|
549 |
objectClasses, attrMap); |
|
527 | 550 |
logger.info("Ticketing User created in LDAP: " + username); |
528 | 551 |
} |
529 |
}else{
|
|
530 |
if(MinimalUPassControllerV2.getMaybankLdapDAO().isUserExist(username)){
|
|
552 |
} else {
|
|
553 |
if (MinimalUPassControllerV2.getMaybankLdapDAO().isUserExist(username)) {
|
|
531 | 554 |
MinimalUPassControllerV2.getMaybankLdapDAO().updateUser(username, attrMap); |
532 | 555 |
logger.info("User updated in LDAP: " + username); |
533 |
}else{ |
|
534 |
MinimalUPassControllerV2.getMaybankLdapDAO().createUser(username, userPassword, objectClasses, attrMap); |
|
556 |
} else { |
|
557 |
MinimalUPassControllerV2.getMaybankLdapDAO().createUser(username, userPassword, objectClasses, |
|
558 |
attrMap); |
|
535 | 559 |
logger.info("User created in LDAP: " + username); |
536 | 560 |
} |
537 | 561 |
} |
538 | 562 |
} |
539 | 563 |
} |
540 |
|
|
564 |
|
|
541 | 565 |
return rc; |
542 | 566 |
} |
543 | 567 |
|
... | ... | |
652 | 676 |
return checkResult; |
653 | 677 |
} |
654 | 678 |
|
679 |
protected AccessCheckResult checkAppAccessToUser( |
|
680 |
AuthenticationBean authBean, final Session txSession) |
|
681 |
throws MultipleAppAccessesFound, UPassException { |
|
682 |
|
|
683 |
AccessCheckResult checkResult = checkAppAccess(authBean, txSession); |
|
684 |
|
|
685 |
if (checkResult.hasUPassAdminAccess()) |
|
686 |
return checkResult; |
|
687 |
|
|
688 |
List appIdsForUser = appAccessMgtService.listAppIdsForUser(authBean, CredentialSelector.TARGET, txSession); |
|
689 |
int retCode = |
|
690 |
!appIdsForUser.isEmpty() ? |
|
691 |
appIdsForUser.contains(checkResult.invokerAppId) ? |
|
692 |
MinimalConstants.ERR_SUCCESS |
|
693 |
: MinimalConstants.ERR_APP_SERV_NOT_PERMITTED |
|
694 |
: MinimalConstants.ERR_USERALIAS_NOT_FOUND; |
|
695 |
|
|
696 |
if (retCode != MinimalConstants.ERR_SUCCESS) |
|
697 |
throw new UPassException(retCode); |
|
698 |
|
|
699 |
return checkResult; |
|
700 |
} |
|
701 |
|
|
655 | 702 |
public AccessCheckResult checkAppAccess( |
656 | 703 |
String appAccessId, String hashedSecretKey, final Session txSession) |
657 | 704 |
throws UPassException, MultipleAppAccessesFound { |
658 | 705 |
|
659 |
ReturnBundle ret = verifyStaticPasswordService.verifyStaticPassword_returnUser(
|
|
660 |
appAccessId, hashedSecretKey, false, 0, txSession); |
|
706 |
ReturnBundle ret = verifyStaticPasswordService.verifyUserCredetial_returnUser(
|
|
707 |
appAccessId, hashedSecretKey, false, 0, false, txSession);
|
|
661 | 708 |
|
662 | 709 |
final int retCode = ret.getCode(); |
663 | 710 |
if (retCode != MinimalConstants.ERR_SUCCESS) |
... | ... | |
673 | 720 |
return result; |
674 | 721 |
} |
675 | 722 |
|
676 |
private AccessCheckResult checkAppAccessToUser(AuthenticationBean authBean) { |
|
723 |
public AccessCheckResult checkAppAccess( |
|
724 |
AuthenticationBean authBean, final Session txSession) |
|
725 |
throws UPassException { |
|
677 | 726 |
|
678 |
// ReturnBundle ret = verifyStaticPasswordService.verifyStaticPassword_returnUser(authBean, false, 0);
|
|
679 |
//
|
|
680 |
// final int retCode = ret.getCode(); |
|
681 |
// if (retCode != MinimalConstants.ERR_SUCCESS)
|
|
682 |
// throw new UPassException(retCode);
|
|
683 |
//
|
|
684 |
// AccessCheckResult result = new AccessCheckResult(); |
|
685 |
// result.invokerUserType = new Integer(ret.getUser().getUserType());
|
|
686 |
//
|
|
687 |
// if (result.hasUPassAdminAccess()) |
|
688 |
// return result;
|
|
689 |
//
|
|
690 |
// result.invokerAppId = appAccessMgtService.getAppIdForAdmin(authBean); |
|
691 |
// return result;
|
|
692 |
throw new NotImplementedException();
|
|
727 |
ReturnBundle ret = verifyStaticPasswordService.verifyUserCredetial_returnUser(
|
|
728 |
authBean, CredentialSelector.INVOKER, false, 0, false, txSession);
|
|
729 |
|
|
730 |
final int retCode = ret.getCode();
|
|
731 |
if (retCode != MinimalConstants.ERR_SUCCESS)
|
|
732 |
throw new UPassException(retCode);
|
|
733 |
|
|
734 |
AccessCheckResult result = new AccessCheckResult();
|
|
735 |
result.invokerUserType = new Integer(ret.getUser().getUserType());
|
|
736 |
|
|
737 |
if (result.hasUPassAdminAccess())
|
|
738 |
return result;
|
|
739 |
|
|
740 |
result.invokerAppId = appAccessMgtService.getAppIdForAdmin(authBean, txSession);
|
|
741 |
return result;
|
|
693 | 742 |
} |
694 | 743 |
|
695 | 744 |
/** |
... | ... | |
757 | 806 |
} |
758 | 807 |
return null; |
759 | 808 |
} |
760 |
|
|
809 |
|
|
761 | 810 |
public List/* <UserProfile> */listProfilesByExamples( |
762 | 811 |
String appAccessId, String hashedSecretKey, |
763 | 812 |
List/* <UserProfile> */exampleProfiles, Session txSession) |
... | ... | |
846 | 895 |
} |
847 | 896 |
} |
848 | 897 |
|
849 |
private boolean isEmptyString(String value){ |
|
850 |
if(value == null) |
|
898 |
private boolean isEmptyString(String value) {
|
|
899 |
if (value == null)
|
|
851 | 900 |
return true; |
852 |
|
|
853 |
if("".equals(value)) |
|
901 |
|
|
902 |
if ("".equals(value))
|
|
854 | 903 |
return true; |
855 |
|
|
904 |
|
|
856 | 905 |
return false; |
857 | 906 |
} |
858 | 907 |
} |
src/main/java/my/com/upass/dao/hibernate/UserDAOHibernate.java | ||
---|---|---|
764 | 764 |
+ " WHERE u.userAlias = :invokerUsername" |
765 | 765 |
+ " OR u.userAlias = :targetUsername"); |
766 | 766 |
|
767 |
query.setString("invokerUsername", invokerUsername); |
|
768 |
query.setString("targetUsername", targetUsername); |
|
769 |
|
|
767 | 770 |
List/* <Object[]> */records = query.list(); |
768 | 771 |
|
769 | 772 |
for (Iterator iterator = records.iterator(); iterator.hasNext();) { |
src/main/java/my/com/upass/pojo/AuthenticationBean.java | ||
---|---|---|
29 | 29 |
*/ |
30 | 30 |
private List/* <UserAppAccess> */loadedTargetAccessList; |
31 | 31 |
|
32 |
public static class CredentialSelector { |
|
33 |
|
|
34 |
public static CredentialSelector INVOKER = new CredentialSelector("INVOKER"); |
|
35 |
public static CredentialSelector TARGET = new CredentialSelector("TARGET"); |
|
36 |
|
|
37 |
private String value; |
|
38 |
|
|
39 |
private CredentialSelector(String value) { |
|
40 |
this.value = value; |
|
41 |
} |
|
42 |
|
|
43 |
public String toString() { |
|
44 |
return String.valueOf(value); |
|
45 |
} |
|
46 |
} |
|
47 |
|
|
32 | 48 |
// |
33 | 49 |
|
34 | 50 |
public AuthenticationBean( |
src/main/java/my/com/upass/services/AppAccessMgtService.java | ||
---|---|---|
28 | 28 |
import my.com.upass.maybank.entities.StockUser; |
29 | 29 |
import my.com.upass.maybank.entities.TicketingUser; |
30 | 30 |
import my.com.upass.maybank.entities.UserProfile; |
31 |
import my.com.upass.pojo.AuthenticationBean; |
|
31 | 32 |
import my.com.upass.pojo.ClientApp; |
32 | 33 |
import my.com.upass.pojo.UserAppAccess; |
34 |
import my.com.upass.pojo.AuthenticationBean.CredentialSelector; |
|
33 | 35 |
|
34 | 36 |
import org.hibernate.Session; |
35 | 37 |
|
... | ... | |
110 | 112 |
try { |
111 | 113 |
UserDAO userDao = MinimalDAOFactory.minimalInstance().getUserDAO(); |
112 | 114 |
List accessList = userDao.listUserAppAccesses(appAccessId, UserAppAccess.TYPE_ADMIN, txSession); |
115 |
appId = identifyAppIdForAdmin(accessList); |
|
113 | 116 |
|
114 |
if (accessList.size() > 1) |
|
115 |
throw new MultipleAppAccessesFound(); |
|
116 |
|
|
117 |
if (accessList.size() == 1) { |
|
118 |
final UserAppAccess appAccess = (UserAppAccess) accessList.get(0); |
|
119 |
appId = new Integer(appAccess.getAppId()); |
|
120 |
} |
|
121 | 117 |
} catch (Exception e) { |
122 | 118 |
e.printStackTrace(); |
123 | 119 |
} |
124 | 120 |
return appId; |
125 | 121 |
} |
126 | 122 |
|
123 |
public Integer getAppIdForAdmin(AuthenticationBean authBean, Session txSession) |
|
124 |
throws MultipleAppAccessesFound { |
|
125 |
|
|
126 |
Integer appId = null; |
|
127 |
List/* <UserAppAccess> */accessList = authBean.getLoadedInvokerAccessList(); |
|
128 |
appId = identifyAppIdForAdmin(accessList); |
|
129 |
return appId; |
|
130 |
} |
|
131 |
|
|
127 | 132 |
public List/* <Integer> */listAppIdsForUser(String username, Session txSession) |
128 | 133 |
throws MultipleAppAccessesFound { |
129 | 134 |
|
... | ... | |
142 | 147 |
return appIds; |
143 | 148 |
} |
144 | 149 |
|
150 |
public List/* <Integer> */listAppIdsForUser( |
|
151 |
AuthenticationBean authBean, CredentialSelector selector, Session txSession) { |
|
152 |
|
|
153 |
List/* <UserAppAccess> */accessList = |
|
154 |
(selector == CredentialSelector.INVOKER) ? |
|
155 |
authBean.getLoadedInvokerAccessList() |
|
156 |
: authBean.getLoadedTargetAccessList(); |
|
157 |
|
|
158 |
List/* <Integer> */appIds = new ArrayList(accessList.size()); |
|
159 |
for (Iterator iterator = accessList.iterator(); iterator.hasNext();) { |
|
160 |
UserAppAccess access = (UserAppAccess) iterator.next(); |
|
161 |
appIds.add(new Integer(access.getAppId())); |
|
162 |
} |
|
163 |
return appIds; |
|
164 |
} |
|
165 |
|
|
145 | 166 |
public boolean grantAppAccessToUser( |
146 | 167 |
long userId, int applicationId, char accessType, Session txSession) { |
147 | 168 |
|
... | ... | |
192 | 213 |
|
193 | 214 |
// |
194 | 215 |
|
216 |
private Integer identifyAppIdForAdmin(List accessList) throws MultipleAppAccessesFound { |
|
217 |
if (accessList.size() > 1) |
|
218 |
throw new MultipleAppAccessesFound(); |
|
219 |
|
|
220 |
Integer appId = null; |
|
221 |
if (accessList.size() == 1) { |
|
222 |
final UserAppAccess appAccess = (UserAppAccess) accessList.get(0); |
|
223 |
appId = new Integer(appAccess.getAppId()); |
|
224 |
} |
|
225 |
return appId; |
|
226 |
} |
|
227 |
|
|
195 | 228 |
public class MultipleAppAccessesFound extends UPassException { |
196 | 229 |
|
197 | 230 |
private static final long serialVersionUID = 1L; |
... | ... | |
200 | 233 |
super(MinimalConstants.ERR_USERALIAS_NOT_FOUND); |
201 | 234 |
} |
202 | 235 |
} |
236 |
|
|
203 | 237 |
} |
src/main/java/my/com/upass/services/VerifyStaticPasswordService.java | ||
---|---|---|
23 | 23 |
import my.com.upass.dao.UserDAO; |
24 | 24 |
import my.com.upass.factory.MinimalUPassFactory; |
25 | 25 |
import my.com.upass.pojo.AuthenticationBean; |
26 |
import my.com.upass.pojo.AuthenticationBean.CredentialSelector; |
|
26 | 27 |
import my.com.upass.pojo.MinimalUserBean; |
27 | 28 |
import my.com.upass.spassword.PasswordController; |
28 | 29 |
|
... | ... | |
59 | 60 |
userAlias, hashedPassword, chkUserType, userType, false, txSession); |
60 | 61 |
} |
61 | 62 |
|
62 |
public ReturnBundle verifyStaticPassword_returnUser( |
|
63 |
String userAlias, String hashedPassword, |
|
64 |
boolean chkUserType, int userType, Session txSession) { |
|
65 |
|
|
66 |
return verifyUserCredetial_returnUser( |
|
67 |
userAlias, hashedPassword, chkUserType, userType, false, txSession); |
|
68 |
} |
|
69 |
|
|
70 | 63 |
/** |
71 | 64 |
* Verify password validity only |
72 | 65 |
* |
... | ... | |
120 | 113 |
} |
121 | 114 |
|
122 | 115 |
public ReturnBundle verifyUserCredetial_returnUser( |
123 |
String userAlias, String hashedPassword, |
|
124 |
boolean chkUserType, int userType, |
|
125 |
boolean dormantCheck, Session txSession) { |
|
116 |
AuthenticationBean authBean, CredentialSelector selector, |
|
117 |
boolean chkUserType, int userType, boolean dormantCheck, Session txSession) { |
|
126 | 118 |
|
127 | 119 |
ReturnBundle ret = new ReturnBundle(); |
128 | 120 |
ret.code = MinimalConstants.ERR_SYSTEM_NOT_READY; |
129 | 121 |
|
122 |
final boolean forInvoker = selector == CredentialSelector.INVOKER; |
|
123 |
final String userAlias = forInvoker ? |
|
124 |
authBean.getGivenInvokerUsername() |
|
125 |
: authBean.getGivenTargetUsername(); |
|
126 |
String hashedPassword = forInvoker ? |
|
127 |
authBean.getGivenInvokerHashedPassword() |
|
128 |
: authBean.getGivenTargetHashedPassword(); |
|
129 |
|
|
130 | 130 |
if (userAlias == null || hashedPassword == null) { |
131 | 131 |
ret.code = MinimalConstants.ERR_INVALID_INPUT; |
132 | 132 |
return ret; |
133 | 133 |
} |
134 | 134 |
try { |
135 |
UserDAO userDao = MinimalDAOFactory.minimalInstance().getUserDAO(); |
|
136 |
ret.user = userDao.getUserFromStore(userAlias, txSession); |
|
135 |
// UserDAO userDao = MinimalDAOFactory.minimalInstance().getUserDAO(); |
|
136 |
// ret.user = userDao.getUserFromStore(userAlias, txSession); |
|
137 |
ret.user = forInvoker ? |
|
138 |
authBean.getLoadedInvoker() |
|
139 |
: authBean.getLoadedTarget(); |
|
137 | 140 |
|
138 | 141 |
if (ret.user == null) { |
139 | 142 |
ret.code = MinimalConstants.ERR_USERALIAS_NOT_FOUND; |
... | ... | |
158 | 161 |
} |
159 | 162 |
|
160 | 163 |
// update password to upass |
161 |
int responseCode = modifyUserService.modifyUser(userAlias, MinimalConstants.UTYPE_STATE_USER, "",
|
|
162 |
plainPassword, MinimalConstants.UID_STATE_ACTIVE, false); |
|
164 |
int responseCode = modifyUserService.modifyUser(userAlias, MinimalConstants.UTYPE_STATE_USER, |
|
165 |
ret.user.getDescription(), plainPassword, MinimalConstants.UID_STATE_ACTIVE, false);
|
|
163 | 166 |
|
164 | 167 |
if (MinimalConstants.ERR_SUCCESS != responseCode) { |
165 | 168 |
ret.code = responseCode; |
166 | 169 |
return ret; |
167 | 170 |
} |
168 | 171 |
// reload profile with password |
172 |
UserDAO userDao = MinimalDAOFactory.minimalInstance().getUserDAO(); |
|
169 | 173 |
ret.user = userDao.getUserFromStore(userAlias, txSession); |
174 |
if (forInvoker) |
|
175 |
authBean.setLoadedInvoker(ret.user); |
|
176 |
else |
|
177 |
authBean.setLoadedTarget(ret.user); |
|
170 | 178 |
} |
171 | 179 |
} |
172 | 180 |
// -- migration period checking : END -- |
... | ... | |
235 | 243 |
ret.user.setUdateLastLocked((new Date())); |
236 | 244 |
} |
237 | 245 |
} |
238 |
// update database |
|
239 |
boolean lrc = userDao.updateUserToStore(ret.user, txSession); |
|
240 |
|
|
241 |
if (!lrc) { |
|
242 |
ret.code = MinimalConstants.ERR_SYSTEM_NOT_READY; |
|
243 |
} |
|
244 |
|
|
245 | 246 |
} catch (UPassException e) { |
246 | 247 |
e.printStackTrace(); |
247 | 248 |
ret.code = e.getErrorCode(); |
... | ... | |
253 | 254 |
return ret; |
254 | 255 |
} |
255 | 256 |
|
257 |
public ReturnBundle verifyUserCredetial_returnUser( |
|
258 |
String userAlias, String hashedPassword, |
|
259 |
boolean chkUserType, int userType, |
|
260 |
boolean dormantCheck, Session txSession) { |
|
261 |
|
|
262 |
ReturnBundle ret; |
|
263 |
try { |
|
264 |
AuthenticationBean authBean; |
|
265 |
authBean = retrieveAuthBeanFor(null, null, userAlias, hashedPassword, txSession); |
|
266 |
ret = verifyUserCredetial_returnUser( |
|
267 |
authBean, CredentialSelector.TARGET, |
|
268 |
chkUserType, userType, dormantCheck, txSession); |
|
269 |
|
|
270 |
// update database |
|
271 |
UserDAO userDao = MinimalDAOFactory.minimalInstance().getUserDAO(); |
|
272 |
final MinimalUserBean target = authBean.getLoadedTarget(); |
|
273 |
if (target != null) { |
|
274 |
boolean successful = userDao.updateUserToStore(target, txSession); |
|
275 |
if (!successful) |
|
276 |
ret.code = MinimalConstants.ERR_SYSTEM_NOT_READY; |
|
277 |
} |
|
278 |
} catch (Exception e) { |
|
279 |
e.printStackTrace(); |
|
280 |
ret = new ReturnBundle(); |
|
281 |
ret.code = MinimalConstants.ERR_SYSTEM_NOT_READY; |
|
282 |
} |
|
283 |
return ret; |
|
284 |
} |
|
285 |
|
|
256 | 286 |
public static class ReturnBundle { |
257 | 287 |
private int code; |
258 | 288 |
private MinimalUserBean user; |
... | ... | |
268 | 298 |
|
269 | 299 |
public AuthenticationBean retrieveAuthBeanFor( |
270 | 300 |
String invokerUsername, String invokerHashedPassword, |
271 |
String targetUsername, String targetHashedPassword) |
|
301 |
String targetUsername, String targetHashedPassword, Session txSession)
|
|
272 | 302 |
throws Exception { |
273 | 303 |
|
274 | 304 |
UserDAO userDao = MinimalDAOFactory.minimalInstance().getUserDAO(); |
275 | 305 |
return userDao.retrieveAuthBeanFor( |
276 | 306 |
invokerUsername, invokerHashedPassword, |
277 |
targetUsername, targetHashedPassword, null);
|
|
307 |
targetUsername, targetHashedPassword, txSession);
|
|
278 | 308 |
} |
309 |
|
|
310 |
public boolean storeTheUsersInside(AuthenticationBean authBean, Session txSession) { |
|
311 |
|
|
312 |
boolean updatedInvoker = true; |
|
313 |
boolean updatedTarget = true; |
|
314 |
try { |
|
315 |
UserDAO dao = MinimalDAOFactory.minimalInstance().getUserDAO(); |
|
316 |
|
|
317 |
final MinimalUserBean invoker = authBean.getLoadedInvoker(); |
|
318 |
if (invoker != null) |
|
319 |
updatedInvoker = dao.updateUserToStore(invoker, txSession); |
|
320 |
|
|
321 |
final MinimalUserBean target = authBean.getLoadedTarget(); |
|
322 |
if (target != null) { |
|
323 |
updatedTarget = dao.updateUserToStore(target, txSession); |
|
324 |
} |
|
325 |
return updatedInvoker && updatedTarget; |
|
326 |
|
|
327 |
} catch (Exception e) { |
|
328 |
e.printStackTrace(); |
|
329 |
return false; |
|
330 |
} |
|
331 |
} |
|
332 |
|
|
279 | 333 |
} |
src/main/resources/com/ib/hibernate/configuration/hibernate.cfg.xml | ||
---|---|---|
13 | 13 |
<!-- Database connection settings --> |
14 | 14 |
<property name="connection.driver_class">oracle.jdbc.driver.OracleDriver</property> |
15 | 15 |
<!-- SQL dialect --> |
16 |
<property name="dialect">org.hibernate.dialect.OracleDialect</property> |
|
16 |
<property name="dialect">org.hibernate.dialect.Oracle10gDialect</property>
|
|
17 | 17 |
|
18 | 18 |
<!-- Enable Hibernate's automatic session context management --> |
19 | 19 |
<property name="current_session_context_class">thread</property> |
src/main/resources/com/ib/hibernate/configuration/hibernate.dev-penril.cfg.xml | ||
---|---|---|
5 | 5 |
<hibernate-configuration> |
6 | 6 |
<session-factory> |
7 | 7 |
<!-- Database connection settings --> |
8 |
|
|
9 | 8 |
<property name="connection.url">jdbc:oracle:thin:@localhost:1521:XE</property> |
10 | 9 |
<property name="hibernate.connection.username">M2U_UPASS_CI</property> |
11 | 10 |
<property name="hibernate.connection.password">ci123</property> |
... | ... | |
13 | 12 |
<!-- Database connection settings --> |
14 | 13 |
<property name="connection.driver_class">oracle.jdbc.driver.OracleDriver</property> |
15 | 14 |
<!-- SQL dialect --> |
16 |
<property name="dialect">org.hibernate.dialect.OracleDialect</property> |
|
15 |
<property name="dialect">org.hibernate.dialect.Oracle10gDialect</property>
|
|
17 | 16 |
|
18 | 17 |
<!-- Use the C3P0 connection pool provider --> |
19 | 18 |
<property name="connection.provider_class">org.hibernate.connection.C3P0ConnectionProvider</property> |
src/main/resources/com/ib/hibernate/configuration/hibernate.staging-ci.cfg.xml | ||
---|---|---|
5 | 5 |
<hibernate-configuration> |
6 | 6 |
<session-factory> |
7 | 7 |
<!-- Database connection settings --> |
8 |
|
|
9 | 8 |
<!-- <property name="connection.url">jdbc:oracle:thin:@localhost:1521:XE</property> --> |
10 | 9 |
<property name="connection.url">jdbc:oracle:thin:@192.168.1.126:1521:IBSDEMO</property> |
11 | 10 |
<property name="hibernate.connection.username">M2U_UPASS_CI</property> |
12 | 11 |
<property name="hibernate.connection.password">ci123</property> |
13 |
|
|
14 |
<!-- Database connection settings --> |
|
15 | 12 |
<property name="connection.driver_class">oracle.jdbc.driver.OracleDriver</property> |
16 | 13 |
<!-- SQL dialect --> |
17 |
<property name="dialect">org.hibernate.dialect.OracleDialect</property> |
|
14 |
<property name="dialect">org.hibernate.dialect.Oracle10gDialect</property>
|
|
18 | 15 |
|
19 | 16 |
<!-- Use the C3P0 connection pool provider --> |
20 | 17 |
<property name="connection.provider_class">org.hibernate.connection.C3P0ConnectionProvider</property> |
Also available in: Unified diff