Revision 56:849eb94f2d56
src/main/java/my/com/upass/MinimalConstants.java | ||
---|---|---|
11 | 11 |
* This property can be set to 'Y' or 'N' in configurations, |
12 | 12 |
* but will be converted to boolean inside the app. |
13 | 13 |
* |
14 |
* @see #inMigrationPeriod |
|
14 |
* @see MinimalUPassControllerV2#inMigrationPeriod
|
|
15 | 15 |
*/ |
16 | 16 |
public static final String MIGRATION_PERIOD = "MIGRATION_PERIOD"; |
17 | 17 |
|
... | ... | |
230 | 230 |
|
231 | 231 |
return map; |
232 | 232 |
} |
233 |
|
|
233 | 234 |
} |
src/main/java/my/com/upass/MinimalUPassController.java | ||
---|---|---|
11 | 11 |
|
12 | 12 |
public class MinimalUPassController { |
13 | 13 |
|
14 |
/** |
|
15 |
* @see MinimalConstants#MIGRATION_PERIOD |
|
16 |
*/ |
|
17 |
protected boolean inMigrationPeriod = false; |
|
18 |
|
|
14 | 19 |
protected String userAlias; |
15 | 20 |
protected int SUPERVISOR_ID_SUSPEND = 0; |
16 | 21 |
protected int _MAX_ERROR = 0; |
17 | 22 |
protected Logger logger = Logger.getLogger(MinimalUPassController.class.getName()); |
18 | 23 |
|
19 |
protected int verifyStaticPassword(String userAlias, String password, boolean chkUserType, int userType) { |
|
24 |
public MinimalUPassController() { |
|
25 |
final String migratioinPeriodProp = Config.getInstance() |
|
26 |
.getProperty(MinimalConstants.MIGRATION_PERIOD); |
|
20 | 27 |
|
21 |
if (userAlias == null || password == null) { |
|
28 |
setInMigrationPeriod(migratioinPeriodProp.equals("Y")); |
|
29 |
} |
|
30 |
|
|
31 |
public boolean isInMigrationPeriod() { |
|
32 |
return inMigrationPeriod; |
|
33 |
} |
|
34 |
|
|
35 |
public void setInMigrationPeriod(boolean inMigrationPeriod) { |
|
36 |
this.inMigrationPeriod = inMigrationPeriod; |
|
37 |
} |
|
38 |
|
|
39 |
protected int verifyStaticPassword(String userAlias, String hashedPassword, boolean chkUserType, int userType) { |
|
40 |
|
|
41 |
if (userAlias == null || hashedPassword == null) { |
|
22 | 42 |
return MinimalConstants.ERR_INVALID_INPUT; |
23 | 43 |
} |
24 | 44 |
|
... | ... | |
45 | 65 |
dbo.close(); |
46 | 66 |
return MinimalConstants.ERR_INVALID_STATE; |
47 | 67 |
} |
48 |
|
|
49 | 68 |
// verify user type |
50 | 69 |
if (chkUserType && userBean.getUserType() != userType) { |
51 | 70 |
dbo.close(); |
52 | 71 |
return MinimalConstants.ERR_APP_SERV_NOT_PERMITTED; |
53 | 72 |
} |
54 |
|
|
55 | 73 |
// verify user password |
56 | 74 |
PasswordController pc = new PasswordController(userBean); |
57 |
int rc = pc.VerifyPassword(password); |
|
75 |
if (isInMigrationPeriod()) { |
|
76 |
final String plainPassword = hashedPassword; |
|
77 |
hashedPassword = PasswordController.sha256(plainPassword); |
|
78 |
} |
|
79 |
int rc = pc.verifyPassword(hashedPassword); |
|
58 | 80 |
userBean = pc.getUpdatedObject(); |
59 | 81 |
|
60 | 82 |
// suspend if exceeded max retries |
... | ... | |
129 | 151 |
return rc; |
130 | 152 |
} |
131 | 153 |
|
132 |
protected int addUser(String userAlias, int userType, String userDesc, String userPassword, int userState) { |
|
154 |
protected int addUser(String userAlias, int userType, String userDesc, String userHashedPassword, int userState) {
|
|
133 | 155 |
int rc; |
134 | 156 |
|
135 |
if (userAlias == null || userPassword == null) |
|
157 |
if (userAlias == null || userHashedPassword == null)
|
|
136 | 158 |
return MinimalConstants.ERR_INVALID_INPUT; |
137 | 159 |
|
138 | 160 |
// insert into DB |
... | ... | |
144 | 166 |
ub.setUstate(userState); |
145 | 167 |
|
146 | 168 |
PasswordController pc = new PasswordController(ub); |
147 |
rc = pc.VerifyUserAlias(userAlias); |
|
169 |
if (isInMigrationPeriod()) { |
|
170 |
final String userPlainPassword = userHashedPassword; |
|
171 |
userHashedPassword = PasswordController.sha256(userPlainPassword); |
|
172 |
} |
|
173 |
rc = pc.verifyUserAlias(userAlias); |
|
148 | 174 |
// if useralias is valid then continue else return error |
149 | 175 |
if (rc == MinimalConstants.ERR_SUCCESS) { |
150 |
rc = pc.GeneratePassword(userPassword, false);
|
|
176 |
rc = pc.generatePassword(userHashedPassword, false);
|
|
151 | 177 |
ub = pc.getUpdatedObject(); |
152 | 178 |
|
153 | 179 |
// Debug info: |
... | ... | |
157 | 183 |
// debug info: |
158 | 184 |
if (dbo.insertUserToStore(ub)) { |
159 | 185 |
rc = MinimalConstants.ERR_SUCCESS; |
160 |
} |
|
161 |
else { |
|
186 |
|
|
187 |
} else {
|
|
162 | 188 |
rc = MinimalConstants.ERR_ALREADY_EXIST; |
163 | 189 |
} |
164 | 190 |
dbo.close(); |
165 | 191 |
} |
166 |
|
|
167 | 192 |
return rc; |
168 |
|
|
169 | 193 |
} |
170 |
|
|
171 | 194 |
} |
src/main/java/my/com/upass/MinimalUPassControllerV2.java | ||
---|---|---|
31 | 31 |
|
32 | 32 |
public class MinimalUPassControllerV2 { |
33 | 33 |
|
34 |
protected static Logger logger = Logger |
|
35 |
.getLogger(MinimalUPassControllerV2.class); |
|
36 |
protected static Map configurationMap = new HashMap(); |
|
37 |
private static boolean configFirstLoad = true; |
|
38 |
|
|
39 | 34 |
/** |
40 | 35 |
* @see MinimalConstants#MIGRATION_PERIOD |
41 | 36 |
*/ |
42 |
private boolean inMigrationPeriod = false;
|
|
37 |
protected boolean inMigrationPeriod = false;
|
|
43 | 38 |
|
44 |
protected VerifyStaticPasswordService verifyStaticPasswordService = new VerifyStaticPasswordService( |
|
45 |
this); |
|
39 |
protected static Logger logger = Logger.getLogger(MinimalUPassControllerV2.class); |
|
40 |
protected static Map configurationMap = new HashMap(); |
|
41 |
private static boolean configFirstLoad = true; |
|
42 |
protected VerifyStaticPasswordService verifyStaticPasswordService = new VerifyStaticPasswordService(this); |
|
46 | 43 |
protected CreateUserService createUserService = new CreateUserService(this); |
47 | 44 |
protected ModifyUserService modifyUserService = new ModifyUserService(this); |
48 | 45 |
protected AppAccessMgtService appAccessMgtService = new AppAccessMgtService(); |
49 |
protected ChangeStaticPasswordService changeStaticPasswordService = new ChangeStaticPasswordService( |
|
50 |
this); |
|
46 |
protected ChangeStaticPasswordService changeStaticPasswordService = new ChangeStaticPasswordService(this); |
|
51 | 47 |
|
52 | 48 |
// for spring-ldap usage |
53 | 49 |
private static final Object CONFIG_LOCK = new Object(); |
54 | 50 |
private static MaybankLdapDAO maybankLdapDAO; |
55 | 51 |
|
56 | 52 |
public MinimalUPassControllerV2() { |
57 |
this.setInMigrationPeriod( Config.getInstance().getProperty(MinimalConstants.MIGRATION_PERIOD).equals("Y")); |
|
53 |
|
|
54 |
final String migratioinPeriodProp = Config.getInstance() |
|
55 |
.getProperty(MinimalConstants.MIGRATION_PERIOD); |
|
56 |
|
|
57 |
setInMigrationPeriod(migratioinPeriodProp.equals("Y")); |
|
58 |
|
|
58 | 59 |
initializeConfigurations(); |
59 | 60 |
} |
60 | 61 |
|
61 | 62 |
protected void initializeConfigurations() { |
62 | 63 |
try { |
63 |
ConfigurationDAO configurationDAO = MinimalDAOFactory |
|
64 |
.minimalInstance().getConfigurationDAO(); |
|
64 |
ConfigurationDAO configurationDAO = MinimalDAOFactory.minimalInstance().getConfigurationDAO(); |
|
65 | 65 |
boolean isConfigChange = configurationDAO.isConfigChanged(); |
66 | 66 |
|
67 | 67 |
if (configFirstLoad || isConfigChange) { |
68 | 68 |
|
69 | 69 |
logger.info("Refresh Configuration ...."); |
70 |
|
|
71 |
|
|
72 |
List configurations = configurationDAO |
|
73 |
.getConfigurationsFromStore(); |
|
70 |
|
|
71 |
List configurations = configurationDAO.getConfigurationsFromStore(); |
|
74 | 72 |
ConfigurationBean configPojo; |
75 | 73 |
ConfigBean configBean = null; |
76 | 74 |
|
... | ... | |
80 | 78 |
configPojo = (ConfigurationBean) itr.next(); |
81 | 79 |
configType = configPojo.getApplicationId(); |
82 | 80 |
|
83 |
configBean = (ConfigBean) configurationMap.get(new Integer( |
|
84 |
configType)); |
|
81 |
configBean = (ConfigBean) configurationMap.get(new Integer(configType)); |
|
85 | 82 |
if (configBean == null) { |
86 | 83 |
configBean = new ConfigBean(); |
87 | 84 |
} |
88 |
logger.info("COnfig Type:" + configType + "=config name:" |
|
89 |
+ configPojo.getConfigName() + "=config Value:" |
|
90 |
+ configPojo.getConfigValue()); |
|
91 |
configBean.setConfigBean(configPojo.getConfigName(), |
|
92 |
configPojo.getConfigValue()); |
|
85 |
logger.info("COnfig Type:" + configType + "=config name:" + configPojo.getConfigName() |
|
86 |
+ "=config Value:" + configPojo.getConfigValue()); |
|
87 |
configBean.setConfigBean(configPojo.getConfigName(), configPojo.getConfigValue()); |
|
93 | 88 |
|
94 | 89 |
configurationMap.put(new Integer(configType), configBean); |
95 | 90 |
|
96 |
configFirstLoad = false; // this value dictate for every |
|
97 |
// instance restart to refresh |
|
98 |
// the map. After |
|
91 |
configFirstLoad = false; // this value dictate for every instance restart to refresh the map. After |
|
99 | 92 |
// first load, turn it off |
100 | 93 |
} |
101 | 94 |
logger.info("Refresh Configuration Done ...."); |
... | ... | |
139 | 132 |
* This method to add online users to the system |
140 | 133 |
* |
141 | 134 |
* @param adminUserAlias |
142 |
* @param adminUserPassword
|
|
135 |
* @param adminHashedPassword
|
|
143 | 136 |
* @param userAlias |
144 | 137 |
* @param userDesc |
145 |
* @param userPassword |
|
138 |
* @param userHashedPassword
|
|
146 | 139 |
* @param appId |
147 | 140 |
* @return ERR_code defined in the MinimalConstants<br/> |
148 | 141 |
* ERR_SUCCESS<br/> |
149 | 142 |
* ERR_SYSTEM_NOT_READY<br/> |
150 | 143 |
* ERR_USERALIAS_NOT_FOUND <br/> |
151 | 144 |
* ERR_INVALID_STATE - admin not active or temporary suspended.<br/> |
152 |
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the |
|
153 |
* user type.<br/> |
|
145 |
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/> |
|
154 | 146 |
* ERR_EXCEED_MAX_TRIES<br/> |
155 | 147 |
* ERR_INVALID_CREDENTIAL<br/> |
156 | 148 |
* ERR_INVALID_INPUT - internal error.<br/> |
157 | 149 |
* ERR_ALREADY_EXIST<br/> |
158 |
* ERR_INVALID_USERALIAS - User alias does not match with defined |
|
159 |
* pattern <br/> |
|
160 |
* ERR_PASSWORD_SAMEAS_USERALIAS - password is same is user name |
|
161 |
* error <br/> |
|
150 |
* ERR_INVALID_USERALIAS - User alias does not match with defined pattern <br/> |
|
151 |
* ERR_PASSWORD_SAMEAS_USERALIAS - password is same is user name error <br/> |
|
162 | 152 |
*/ |
163 |
public int UA_AddUser(String adminUserAlias, String adminUserPassword, |
|
164 |
String userAlias, String userDesc, String userPassword, int appId) { |
|
153 |
public int UA_AddUser( |
|
154 |
String adminUserAlias, String adminHashedPassword, |
|
155 |
String userAlias, String userDesc, String userHashedPassword, int appId) { |
|
165 | 156 |
|
166 | 157 |
// check if password is similar to user alias |
167 |
if (userAlias.equalsIgnoreCase(userPassword)) { |
|
158 |
if (userAlias.equalsIgnoreCase(userHashedPassword)) {
|
|
168 | 159 |
return MinimalConstants.ERR_PASSWORD_SAMEAS_USERALIAS; |
169 | 160 |
} |
170 | 161 |
int rc = verifyStaticPasswordService.verifyStaticPassword( |
171 |
adminUserAlias, adminUserPassword, true, |
|
172 |
MinimalConstants.UTYPE_STATE_ADMIN); |
|
162 |
adminUserAlias, adminHashedPassword, true, MinimalConstants.UTYPE_STATE_ADMIN); |
|
173 | 163 |
|
174 | 164 |
if (rc != MinimalConstants.ERR_SUCCESS) { |
175 | 165 |
return rc; |
176 | 166 |
} |
177 |
rc = createUserService.addUser(userAlias,
|
|
178 |
MinimalConstants.UTYPE_STATE_USER, userDesc, userPassword,
|
|
179 |
MinimalConstants.UID_STATE_ACTIVE, appId); |
|
167 |
rc = createUserService.addUser( |
|
168 |
userAlias, MinimalConstants.UTYPE_STATE_USER, userDesc,
|
|
169 |
userHashedPassword, MinimalConstants.UID_STATE_ACTIVE, appId);
|
|
180 | 170 |
|
181 |
logger.info("UA_AddUser - user alias: [" + userAlias + "] Return: " |
|
182 |
+ rc); |
|
171 |
logger.info("UA_AddUser - user alias: [" + userAlias + "] Return: " + rc); |
|
183 | 172 |
return rc; |
184 | 173 |
} |
185 | 174 |
|
186 |
public int addUser(String appAccessId, String hashedSecretKey, |
|
187 |
MinimalUserBean user, char accessType, Session txSession) { |
|
175 |
public int addUser( |
|
176 |
String appAccessId, String hashedSecretKey, MinimalUserBean user, |
|
177 |
char accessType, Session txSession) { |
|
188 | 178 |
|
189 |
return addUser(appAccessId, hashedSecretKey, user, accessType, |
|
190 |
txSession, true); |
|
179 |
return addUser(appAccessId, hashedSecretKey, user, accessType, txSession, true); |
|
191 | 180 |
} |
192 | 181 |
|
193 | 182 |
/** |
194 | 183 |
* This methods identifies the target app using <code>appAccessId</code>, |
195 | 184 |
* hence meant for {@link ClientApp}s |
196 | 185 |
* |
197 |
* @see #addUser(String, String, MinimalUserBean, char, int, Session, |
|
198 |
* boolean) |
|
186 |
* @see #addUser(String, String, MinimalUserBean, char, int, Session, boolean) |
|
199 | 187 |
*/ |
200 |
public int addUser(String appAccessId, String hashedSecretKey,
|
|
201 |
MinimalUserBean user, char accessType, Session txSession,
|
|
202 |
boolean checkPassword) { |
|
188 |
public int addUser( |
|
189 |
String appAccessId, String hashedSecretKey, MinimalUserBean user,
|
|
190 |
char accessType, Session txSession, boolean checkPassword) {
|
|
203 | 191 |
|
204 | 192 |
final String userAlias = user.getUserAlias(); |
205 |
final String doubleHashedPassword = user.getPcipherText(); |
|
206 | 193 |
|
207 |
// check if password is similar to user alias |
|
208 |
if (userAlias.equalsIgnoreCase(doubleHashedPassword)) { |
|
209 |
return MinimalConstants.ERR_PASSWORD_SAMEAS_USERALIAS; |
|
210 |
} |
|
211 | 194 |
int rc; |
212 | 195 |
try { |
213 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, |
|
214 |
hashedSecretKey, txSession); |
|
196 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, hashedSecretKey, txSession); |
|
215 | 197 |
|
216 | 198 |
final Integer appId = checkResult.invokerAppId; |
217 | 199 |
if (appId == null && !checkResult.hasUPassAdminAccess()) { |
... | ... | |
221 | 203 |
} else { |
222 | 204 |
user.setUserType(MinimalConstants.UTYPE_STATE_USER); |
223 | 205 |
user.setPstate(MinimalConstants.UID_STATE_ACTIVE); |
224 |
rc = createUserAndGrantAccessToApp(user, appId.intValue(),
|
|
225 |
accessType, txSession, checkPassword); |
|
206 |
rc = createUserAndGrantAccessToApp( |
|
207 |
user, appId.intValue(), accessType, txSession, checkPassword);
|
|
226 | 208 |
} |
227 | 209 |
|
228 | 210 |
} catch (UPassException e) { |
... | ... | |
237 | 219 |
return rc; |
238 | 220 |
} |
239 | 221 |
|
240 |
private int createUserAndGrantAccessToApp(MinimalUserBean user, int appId, |
|
241 |
char accessType, Session txSession, boolean checkPassword) { |
|
222 |
private int createUserAndGrantAccessToApp( |
|
223 |
MinimalUserBean user, int appId, char accessType, |
|
224 |
Session txSession, boolean checkPassword) { |
|
242 | 225 |
|
243 | 226 |
int rc; |
244 |
CreateUserService.ReturnBundle creationResult = createUserService
|
|
245 |
.addUser(user, txSession, checkPassword); |
|
227 |
CreateUserService.ReturnBundle creationResult = |
|
228 |
createUserService.addUser(user, txSession, checkPassword);
|
|
246 | 229 |
|
247 | 230 |
rc = creationResult.getCode(); |
248 | 231 |
if (rc == MinimalConstants.ERR_SUCCESS) { |
249 | 232 |
final long userId = creationResult.getUserId().longValue(); |
250 |
boolean granted = appAccessMgtService.grantAppAccessToUser(userId,
|
|
251 |
appId, accessType, txSession); |
|
233 |
boolean granted = appAccessMgtService.grantAppAccessToUser( |
|
234 |
userId, appId, accessType, txSession);
|
|
252 | 235 |
|
253 |
rc = granted ? MinimalConstants.ERR_SUCCESS |
|
236 |
rc = granted ? |
|
237 |
MinimalConstants.ERR_SUCCESS |
|
254 | 238 |
: MinimalConstants.ERR_SYSTEM_NOT_READY; |
255 | 239 |
} |
256 | 240 |
return rc; |
257 | 241 |
} |
258 | 242 |
|
259 | 243 |
/** |
260 |
* Because of the ability to choose the target app, this method is meant for
|
|
261 |
* USS only. |
|
244 |
* Because of the ability to choose the target app, |
|
245 |
* this method is meant for USS only.
|
|
262 | 246 |
* |
263 | 247 |
* @see #addUser(String, String, MinimalUserBean, char, Session) |
264 | 248 |
*/ |
265 |
public int addUser(String adminUsername, String adminPassword,
|
|
266 |
MinimalUserBean user, char accessType, int targetAppId,
|
|
267 |
Session txSession, boolean checkPassword) { |
|
249 |
public int addUser( |
|
250 |
String adminUsername, String adminPassword, MinimalUserBean user,
|
|
251 |
char accessType, int targetAppId, Session txSession, boolean checkPassword) {
|
|
268 | 252 |
|
269 | 253 |
final String userAlias = user.getUserAlias(); |
270 |
final String doubleHashedPassword = user.getPcipherText(); |
|
271 |
|
|
272 |
// check if password is similar to user alias |
|
273 |
if (userAlias.equalsIgnoreCase(doubleHashedPassword)) { |
|
274 |
return MinimalConstants.ERR_PASSWORD_SAMEAS_USERALIAS; |
|
275 |
} |
|
276 | 254 |
int rc; |
277 | 255 |
try { |
278 |
AccessCheckResult checkResult = checkAppAccess(adminUsername, |
|
279 |
adminPassword, txSession); |
|
256 |
AccessCheckResult checkResult = checkAppAccess(adminUsername, adminPassword, txSession); |
|
280 | 257 |
|
281 | 258 |
if (!checkResult.hasUPassAdminAccess()) |
282 | 259 |
rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED; |
... | ... | |
284 | 261 |
else { |
285 | 262 |
user.setUserType(MinimalConstants.UTYPE_STATE_USER); |
286 | 263 |
user.setPstate(MinimalConstants.UID_STATE_ACTIVE); |
287 |
rc = createUserAndGrantAccessToApp(user, targetAppId,
|
|
288 |
accessType, txSession, checkPassword); |
|
264 |
rc = createUserAndGrantAccessToApp( |
|
265 |
user, targetAppId, accessType, txSession, checkPassword);
|
|
289 | 266 |
} |
290 | 267 |
} catch (MultipleAppAccessesFound e) { |
291 | 268 |
rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED; |
... | ... | |
300 | 277 |
} |
301 | 278 |
|
302 | 279 |
/** |
303 |
* This method verify static password generated using |
|
304 |
* SP_ChangeStaticPassword(). |
|
280 |
* This method verify static password generated using SP_ChangeStaticPassword(). |
|
305 | 281 |
* |
306 | 282 |
* @param userAlias |
307 | 283 |
* @param password |
... | ... | |
310 | 286 |
* ERR_SYSTEM_NOT_READY<br/> |
311 | 287 |
* ERR_USERALIAS_NOT_FOUND <br/> |
312 | 288 |
* ERR_INVALID_STATE - user not active or temporary suspended.<br/> |
313 |
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the |
|
314 |
* user type.<br/> |
|
289 |
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/> |
|
315 | 290 |
* ERR_EXCEED_MAX_TRIES - used ModifyUser to reset password.<br/> |
316 | 291 |
* ERR_INVALID_CREDENTIAL<br/> |
317 |
* ERR_PASSWD_EXPIRED - password is valid but expired, suggest to |
|
318 |
* change new password.<br/> |
|
292 |
* ERR_PASSWD_EXPIRED - password is valid but expired, suggest to change new password.<br/> |
|
319 | 293 |
*/ |
320 | 294 |
public int SP_VerifyStaticPassword(String userAlias, String password) { |
321 |
int rc = verifyStaticPasswordService.verifyStaticPassword(userAlias, |
|
322 |
password, false, 0); |
|
323 |
logger.info("SP_VerifyStaticPassword - user alias: [" + userAlias |
|
324 |
+ "] Return: " + rc); |
|
295 |
int rc = verifyStaticPasswordService.verifyStaticPassword(userAlias, password, false, 0); |
|
296 |
logger.info("SP_VerifyStaticPassword - user alias: [" + userAlias + "] Return: " + rc); |
|
325 | 297 |
return rc; |
326 | 298 |
} |
327 | 299 |
|
328 |
public int verifyStaticPassword_withAppChecked(String appAccessId, |
|
329 |
String hashedSecretKey, String username, String hashedPassword) { |
|
300 |
public int verifyStaticPassword_withAppChecked( |
|
301 |
String appAccessId, String hashedSecretKey, |
|
302 |
String username, String hashedPassword) { |
|
330 | 303 |
|
331 | 304 |
int rc; |
332 | 305 |
try { |
333 | 306 |
checkAppAccessToUser(appAccessId, hashedSecretKey, username, null); |
334 |
rc = verifyStaticPasswordService.verifyStaticPassword(username,
|
|
335 |
hashedPassword, false, 0); |
|
307 |
rc = verifyStaticPasswordService.verifyStaticPassword( |
|
308 |
username, hashedPassword, false, 0);
|
|
336 | 309 |
|
337 | 310 |
} catch (MultipleAppAccessesFound e) { |
338 | 311 |
rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED; |
... | ... | |
342 | 315 |
rc = e.getErrorCode(); |
343 | 316 |
e.printStackTrace(); |
344 | 317 |
} |
345 |
logger.info("verifyStaticPassword_withAppChecked - user alias: [" |
|
346 |
+ username + "] Return: " + rc); |
|
318 |
logger.info("verifyStaticPassword_withAppChecked - user alias: [" + username + "] Return: " + rc); |
|
347 | 319 |
return rc; |
348 | 320 |
} |
349 | 321 |
|
... | ... | |
351 | 323 |
* This method to Modify online users to the system |
352 | 324 |
* |
353 | 325 |
* @param adminUserAlias |
354 |
* @param adminUserPassword
|
|
326 |
* @param adminHashedPassword
|
|
355 | 327 |
* @param userAlias |
356 | 328 |
* @param userDesc |
357 | 329 |
* - can be null - Null denotes no description will be modified. |
358 |
* @param userPassword |
|
330 |
* @param userHashedPassword
|
|
359 | 331 |
* - can be null - Null denotes no password will be modified. |
360 | 332 |
* @return ERR_code defined in the Constants<br/> |
361 | 333 |
* ERR_SUCCESS<br/> |
362 | 334 |
* ERR_SYSTEM_NOT_READY<br/> |
363 | 335 |
* ERR_USERALIAS_NOT_FOUND <br/> |
364 | 336 |
* ERR_INVALID_STATE - admin not active or temporary suspended.<br/> |
365 |
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the |
|
366 |
* user type.<br/> |
|
337 |
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/> |
|
367 | 338 |
* ERR_EXCEED_MAX_TRIES<br/> |
368 | 339 |
* ERR_INVALID_CREDENTIAL<br/> |
369 | 340 |
* ERR_INVALID_INPUT - internal error.<br/> |
370 | 341 |
* ERR_USERALIAS_NOT_FOUND<br/> |
371 |
* ERR_INVALID_USERALIAS - User alias does not match with defined |
|
372 |
* pattern <br/> |
|
342 |
* ERR_INVALID_USERALIAS - User alias does not match with defined pattern <br/> |
|
373 | 343 |
* ERR_REUSED_PASSWD - the password entered was used previously.<br/> |
374 | 344 |
*/ |
375 |
public int UA_ModifyUser(String adminUserAlias, String adminUserPassword, |
|
376 |
String userAlias, String userDesc, String userPassword) { |
|
345 |
public int UA_ModifyUser( |
|
346 |
String adminUserAlias, String adminHashedPassword, |
|
347 |
String userAlias, String userDesc, String userHashedPassword) { |
|
377 | 348 |
|
378 | 349 |
// check if password is similar to user alias |
379 |
if (userAlias.equalsIgnoreCase(userPassword)) { |
|
350 |
if (userAlias.equalsIgnoreCase(userHashedPassword)) {
|
|
380 | 351 |
return MinimalConstants.ERR_PASSWORD_SAMEAS_USERALIAS; |
381 | 352 |
} |
382 | 353 |
|
383 | 354 |
int rc = verifyStaticPasswordService.verifyStaticPassword( |
384 |
adminUserAlias, adminUserPassword, true,
|
|
355 |
adminUserAlias, adminHashedPassword, true,
|
|
385 | 356 |
MinimalConstants.UTYPE_STATE_ADMIN); |
386 | 357 |
|
387 | 358 |
if (rc != MinimalConstants.ERR_SUCCESS) { |
... | ... | |
389 | 360 |
} |
390 | 361 |
|
391 | 362 |
rc = modifyUserService.modifyUser(userAlias, |
392 |
MinimalConstants.UTYPE_STATE_USER, userDesc, userPassword, |
|
363 |
MinimalConstants.UTYPE_STATE_USER, userDesc, userHashedPassword,
|
|
393 | 364 |
MinimalConstants.UID_STATE_ACTIVE); |
394 | 365 |
|
395 | 366 |
logger.info("UA_ModifyUser - user alias: [" + userAlias + "] Return: " |
... | ... | |
398 | 369 |
return rc; |
399 | 370 |
} |
400 | 371 |
|
401 |
public int updateProfileShallowly(String appAccessId, |
|
402 |
String hashedSecretKey, UserProfile profile, Session txSession) |
|
372 |
public int updateProfileShallowly( |
|
373 |
String appAccessId, String hashedSecretKey, |
|
374 |
UserProfile profile, Session txSession) |
|
403 | 375 |
throws UPassException { |
404 | 376 |
|
405 | 377 |
MinimalUserBean user = profile.getMinUser(); |
... | ... | |
407 | 379 |
|
408 | 380 |
int rc; |
409 | 381 |
try { |
410 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, |
|
411 |
hashedSecretKey, txSession); |
|
382 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, hashedSecretKey, txSession); |
|
412 | 383 |
|
413 | 384 |
final Integer invokingAppId = checkResult.invokerAppId; |
414 | 385 |
|
415 |
final Object appIdObj = AppAccessMgtService.profileToAppMap |
|
416 |
.get(profile.getClass()); |
|
386 |
final Object appIdObj = AppAccessMgtService.profileToAppMap.get(profile.getClass()); |
|
417 | 387 |
final int appIdForProfile = ((Integer) appIdObj).intValue(); |
418 | 388 |
|
419 | 389 |
boolean permitted = true; |
... | ... | |
425 | 395 |
} else if (invokingAppId.intValue() != appIdForProfile) { |
426 | 396 |
permitted = false; |
427 | 397 |
} |
428 |
rc = permitted ? modifyUserService.updateProfileShallowly(profile, |
|
429 |
txSession) : MinimalConstants.ERR_APP_SERV_NOT_PERMITTED; |
|
398 |
rc = permitted ? |
|
399 |
modifyUserService.updateProfileShallowly(profile, txSession) |
|
400 |
: MinimalConstants.ERR_APP_SERV_NOT_PERMITTED; |
|
430 | 401 |
|
431 | 402 |
} catch (MultipleAppAccessesFound e) { |
432 | 403 |
rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED; |
433 | 404 |
e.printStackTrace(); |
434 | 405 |
} |
435 |
logger.info("updateProfileShallowly - user alias: [" + userAlias |
|
436 |
+ "] Return: " + rc); |
|
406 |
logger.info("updateProfileShallowly - user alias: [" + userAlias + "] Return: " + rc); |
|
437 | 407 |
return rc; |
438 | 408 |
} |
439 | 409 |
|
440 | 410 |
/** |
441 |
* This method generate static password and to be using |
|
442 |
* SP_VerifyStaticPassword() |
|
411 |
* This method generate static password and to be using SP_VerifyStaticPassword() |
|
443 | 412 |
* |
444 | 413 |
* @param userAlias |
445 | 414 |
* @param newPassword |
... | ... | |
449 | 418 |
* ERR_SYSTEM_NOT_READY<br/> |
450 | 419 |
* ERR_USERALIAS_NOT_FOUND<br/> |
451 | 420 |
* ERR_INVALID_STATE - user not active or temporary suspended.<br/> |
452 |
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the |
|
453 |
* user type.<br/> |
|
421 |
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/> |
|
454 | 422 |
* ERR_EXCEED_MAX_TRIES - used ModifyUser to reset password.<br/> |
455 | 423 |
* ERR_INVALID_CREDENTIAL<br/> |
456 | 424 |
* ERR_REUSED_PASSWD - reuse previous generated password.<br/> |
457 | 425 |
*/ |
458 |
public int SP_ChangeStaticPassword(String userAlias, String newPassword, |
|
459 |
String oldPassword) { |
|
460 |
int rc = changeStaticPasswordService.changeStaticPassword(userAlias, |
|
461 |
newPassword, oldPassword, true); |
|
462 |
logger.info("SP_ChangeStaticPassword - user alias: [" + userAlias |
|
463 |
+ "] Return: " + rc); |
|
426 |
public int SP_ChangeStaticPassword(String userAlias, String newPassword, String oldPassword) { |
|
427 |
int rc = changeStaticPasswordService.changeStaticPassword(userAlias, newPassword, oldPassword, true); |
|
428 |
logger.info("SP_ChangeStaticPassword - user alias: [" + userAlias + "] Return: " + rc); |
|
464 | 429 |
return rc; |
465 | 430 |
} |
466 | 431 |
|
467 |
public int changeStaticPassword_withAppChecked(String appAccessId,
|
|
468 |
String hashedSecretKey, String username, String newHashedPassword,
|
|
469 |
String oldHashedPassword) { |
|
432 |
public int changeStaticPassword_withAppChecked( |
|
433 |
String appAccessId, String hashedSecretKey,
|
|
434 |
String username, String newHashedPassword, String oldHashedPassword) {
|
|
470 | 435 |
|
471 | 436 |
int rc; |
472 | 437 |
try { |
473 | 438 |
checkAppAccessToUser(appAccessId, hashedSecretKey, username, null); |
474 |
rc = changeStaticPasswordService.changeStaticPassword(username,
|
|
475 |
newHashedPassword, oldHashedPassword, true); |
|
439 |
rc = changeStaticPasswordService.changeStaticPassword( |
|
440 |
username, newHashedPassword, oldHashedPassword, true);
|
|
476 | 441 |
|
477 | 442 |
} catch (MultipleAppAccessesFound e) { |
478 | 443 |
rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED; |
... | ... | |
482 | 447 |
rc = e.getErrorCode(); |
483 | 448 |
e.printStackTrace(); |
484 | 449 |
} |
485 |
logger.info("changeStaticPassword_withAppChecked - user alias: [" |
|
486 |
+ username + "] Return: " + rc); |
|
450 |
logger.info("changeStaticPassword_withAppChecked - user alias: [" + username + "] Return: " + rc); |
|
487 | 451 |
return rc; |
488 | 452 |
} |
489 | 453 |
|
490 |
public int resetPassword_withAppChecked(String appAccessId, |
|
491 |
String hashedSecretKey, String username, String newHashedPassword) { |
|
454 |
public int resetPassword_withAppChecked( |
|
455 |
String appAccessId, String hashedSecretKey, |
|
456 |
String username, String newHashedPassword) { |
|
492 | 457 |
|
493 | 458 |
int rc; |
494 | 459 |
try { |
495 | 460 |
checkAppAccessToUser(appAccessId, hashedSecretKey, username, null); |
496 |
rc = modifyUserService.modifyUser(username,
|
|
497 |
MinimalConstants.UTYPE_STATE_USER, "", newHashedPassword,
|
|
498 |
MinimalConstants.UID_STATE_ACTIVE); |
|
461 |
rc = modifyUserService.modifyUser( |
|
462 |
username, MinimalConstants.UTYPE_STATE_USER, "",
|
|
463 |
newHashedPassword, MinimalConstants.UID_STATE_ACTIVE);
|
|
499 | 464 |
|
500 | 465 |
} catch (MultipleAppAccessesFound e) { |
501 | 466 |
rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED; |
... | ... | |
505 | 470 |
rc = e.getErrorCode(); |
506 | 471 |
e.printStackTrace(); |
507 | 472 |
} |
508 |
logger.info("resetPassword_withAppChecked - user alias: [" + username |
|
509 |
+ "] Return: " + rc); |
|
473 |
logger.info("resetPassword_withAppChecked - user alias: [" + username + "] Return: " + rc); |
|
510 | 474 |
return rc; |
511 | 475 |
} |
512 | 476 |
|
... | ... | |
531 | 495 |
} |
532 | 496 |
} |
533 | 497 |
|
534 |
protected AccessCheckResult checkAppAccessToUser(String appAccessId,
|
|
535 |
String hashedSecretKey, String username, final Session txSession) |
|
498 |
protected AccessCheckResult checkAppAccessToUser( |
|
499 |
String appAccessId, String hashedSecretKey, String username, final Session txSession)
|
|
536 | 500 |
throws MultipleAppAccessesFound, UPassException { |
537 | 501 |
|
538 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, |
|
539 |
hashedSecretKey, txSession); |
|
502 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, hashedSecretKey, txSession); |
|
540 | 503 |
|
541 | 504 |
if (checkResult.hasUPassAdminAccess()) |
542 | 505 |
return checkResult; |
543 | 506 |
|
544 |
List appIdsForUser = appAccessMgtService.listAppIdsForUser(username, |
|
545 |
txSession); |
|
546 |
int retCode = !appIdsForUser.isEmpty() ? appIdsForUser |
|
547 |
.contains(checkResult.invokerAppId) ? MinimalConstants.ERR_SUCCESS |
|
548 |
: MinimalConstants.ERR_APP_SERV_NOT_PERMITTED |
|
549 |
: MinimalConstants.ERR_USERALIAS_NOT_FOUND; |
|
507 |
List appIdsForUser = appAccessMgtService.listAppIdsForUser(username, txSession); |
|
508 |
int retCode = |
|
509 |
!appIdsForUser.isEmpty() ? |
|
510 |
appIdsForUser.contains(checkResult.invokerAppId) ? |
|
511 |
MinimalConstants.ERR_SUCCESS |
|
512 |
: MinimalConstants.ERR_APP_SERV_NOT_PERMITTED |
|
513 |
: MinimalConstants.ERR_USERALIAS_NOT_FOUND; |
|
550 | 514 |
|
551 | 515 |
if (retCode != MinimalConstants.ERR_SUCCESS) |
552 | 516 |
throw new UPassException(retCode); |
... | ... | |
554 | 518 |
return checkResult; |
555 | 519 |
} |
556 | 520 |
|
557 |
public AccessCheckResult checkAppAccess(String appAccessId,
|
|
558 |
String hashedSecretKey, final Session txSession) |
|
521 |
public AccessCheckResult checkAppAccess( |
|
522 |
String appAccessId, String hashedSecretKey, final Session txSession)
|
|
559 | 523 |
throws UPassException, MultipleAppAccessesFound { |
560 | 524 |
|
561 |
ReturnBundle ret = verifyStaticPasswordService |
|
562 |
.verifyStaticPassword_returnUser(appAccessId, hashedSecretKey, |
|
563 |
false, 0, txSession); |
|
525 |
ReturnBundle ret = verifyStaticPasswordService.verifyStaticPassword_returnUser( |
|
526 |
appAccessId, hashedSecretKey, false, 0, txSession); |
|
564 | 527 |
|
565 | 528 |
final int retCode = ret.getCode(); |
566 | 529 |
if (retCode != MinimalConstants.ERR_SUCCESS) |
... | ... | |
572 | 535 |
if (result.hasUPassAdminAccess()) |
573 | 536 |
return result; |
574 | 537 |
|
575 |
result.invokerAppId = appAccessMgtService.getAppIdForAdmin(appAccessId, |
|
576 |
txSession); |
|
538 |
result.invokerAppId = appAccessMgtService.getAppIdForAdmin(appAccessId, txSession); |
|
577 | 539 |
return result; |
578 | 540 |
} |
579 | 541 |
|
... | ... | |
583 | 545 |
* |
584 | 546 |
* @see #findProfile(String, String, String, Integer, Session) |
585 | 547 |
*/ |
586 |
public UserProfile findProfile(String appAccessId, String hashedSecretKey, |
|
587 |
String username, Session txSession) throws UPassException { |
|
548 |
public UserProfile findProfile( |
|
549 |
String appAccessId, String hashedSecretKey, |
|
550 |
String username, Session txSession) |
|
551 |
throws UPassException { |
|
588 | 552 |
|
589 |
return findProfile(appAccessId, hashedSecretKey, username, null, |
|
590 |
txSession); |
|
553 |
return findProfile(appAccessId, hashedSecretKey, username, null, txSession); |
|
591 | 554 |
} |
592 | 555 |
|
593 | 556 |
/** |
594 |
* Because of the ability to choose the target app, this method is meant for
|
|
595 |
* USS mainly. |
|
557 |
* Because of the ability to choose the target app, |
|
558 |
* this method is meant for USS mainly.
|
|
596 | 559 |
* |
597 | 560 |
* @see #findProfile(String, String, String, Session) |
598 | 561 |
*/ |
599 |
public UserProfile findProfile(String appAccessId, String hashedSecretKey, |
|
562 |
public UserProfile findProfile( |
|
563 |
String appAccessId, String hashedSecretKey, |
|
600 | 564 |
String username, Integer targetAppId, Session txSession) |
601 | 565 |
throws UPassException { |
602 | 566 |
|
603 | 567 |
try { |
604 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, |
|
605 |
hashedSecretKey, txSession); |
|
568 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, hashedSecretKey, txSession); |
|
606 | 569 |
final boolean upassAdmin = checkResult.hasUPassAdminAccess(); |
607 | 570 |
if (upassAdmin) { |
608 | 571 |
if (targetAppId == null) |
... | ... | |
610 | 573 |
|
611 | 574 |
} else { |
612 | 575 |
if (checkResult.invokerAppId == null) |
613 |
throw new UPassException( |
|
614 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED); |
|
576 |
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED); |
|
615 | 577 |
|
616 | 578 |
if (targetAppId == null) { |
617 | 579 |
targetAppId = checkResult.invokerAppId; |
618 | 580 |
|
619 | 581 |
} else if (!targetAppId.equals(checkResult.invokerAppId)) { |
620 |
throw new UPassException( |
|
621 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED); |
|
582 |
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED); |
|
622 | 583 |
} |
623 | 584 |
} |
624 | 585 |
List profiles = modifyUserService.listProfiles(username, txSession); |
625 |
for (Iterator profileIter = profiles.iterator(); profileIter |
|
626 |
.hasNext();) { |
|
586 |
for (Iterator profileIter = profiles.iterator(); profileIter.hasNext();) { |
|
627 | 587 |
UserProfile profile = (UserProfile) profileIter.next(); |
628 | 588 |
|
629 |
final Integer appIdForProfile = (Integer) AppAccessMgtService.profileToAppMap
|
|
630 |
.get(profile.getClass()); |
|
589 |
final Integer appIdForProfile = (Integer) AppAccessMgtService |
|
590 |
.profileToAppMap.get(profile.getClass());
|
|
631 | 591 |
|
632 | 592 |
if (targetAppId.equals(appIdForProfile)) { |
633 | 593 |
return profile; |
... | ... | |
636 | 596 |
return null; |
637 | 597 |
|
638 | 598 |
} catch (MultipleAppAccessesFound e) { |
639 |
throw new UPassException( |
|
640 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED, e); |
|
599 |
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED, e); |
|
641 | 600 |
} |
642 | 601 |
} |
643 | 602 |
|
644 |
public List/* <UserProfile> */listProfilesByExamples(String appAccessId, |
|
645 |
String hashedSecretKey, List/* <UserProfile> */exampleProfiles, |
|
646 |
Session txSession) throws UPassException { |
|
603 |
public List/* <UserProfile> */listProfilesByExamples( |
|
604 |
String appAccessId, String hashedSecretKey, |
|
605 |
List/* <UserProfile> */exampleProfiles, Session txSession) |
|
606 |
throws UPassException { |
|
647 | 607 |
|
648 |
return listProfilesByExamples(appAccessId, hashedSecretKey, |
|
649 |
exampleProfiles, null, txSession); |
|
608 |
return listProfilesByExamples(appAccessId, hashedSecretKey, exampleProfiles, null, txSession); |
|
650 | 609 |
} |
651 | 610 |
|
652 |
public List/* <UserProfile> */listProfilesByExamples(String appAccessId, |
|
653 |
String hashedSecretKey, List/* <UserProfile> */exampleProfiles, |
|
654 |
Integer targetAppId, Session txSession) throws UPassException { |
|
611 |
public List/* <UserProfile> */listProfilesByExamples( |
|
612 |
String appAccessId, String hashedSecretKey, |
|
613 |
List/* <UserProfile> */exampleProfiles, Integer targetAppId, Session txSession) |
|
614 |
throws UPassException { |
|
655 | 615 |
|
656 | 616 |
try { |
657 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, |
|
658 |
hashedSecretKey, txSession); |
|
617 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, hashedSecretKey, txSession); |
|
659 | 618 |
final boolean upassAdmin = checkResult.hasUPassAdminAccess(); |
660 | 619 |
if (!upassAdmin) { |
661 | 620 |
if (checkResult.invokerAppId == null) |
662 |
throw new UPassException( |
|
663 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED); |
|
621 |
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED); |
|
664 | 622 |
|
665 | 623 |
if (targetAppId == null) { |
666 | 624 |
targetAppId = checkResult.invokerAppId; |
667 | 625 |
|
668 | 626 |
} else if (!targetAppId.equals(checkResult.invokerAppId)) { |
669 |
throw new UPassException( |
|
670 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED); |
|
627 |
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED); |
|
671 | 628 |
} |
672 | 629 |
} |
673 |
List profiles = modifyUserService.listProfilesByExamples( |
|
674 |
exampleProfiles, txSession); |
|
630 |
List profiles = modifyUserService.listProfilesByExamples(exampleProfiles, txSession); |
|
675 | 631 |
if (targetAppId != null) |
676 |
for (Iterator iterator = profiles.iterator(); iterator |
|
677 |
.hasNext();) { |
|
632 |
for (Iterator iterator = profiles.iterator(); iterator.hasNext();) { |
|
678 | 633 |
UserProfile profile = (UserProfile) iterator.next(); |
679 | 634 |
|
680 |
final Integer appIdForProfile = (Integer) AppAccessMgtService.profileToAppMap
|
|
681 |
.get(profile.getClass()); |
|
635 |
final Integer appIdForProfile = (Integer) AppAccessMgtService |
|
636 |
.profileToAppMap.get(profile.getClass());
|
|
682 | 637 |
|
683 | 638 |
if (!targetAppId.equals(appIdForProfile)) |
684 | 639 |
iterator.remove(); |
... | ... | |
686 | 641 |
return profiles; |
687 | 642 |
|
688 | 643 |
} catch (MultipleAppAccessesFound e) { |
689 |
throw new UPassException( |
|
690 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED, e); |
|
644 |
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED, e); |
|
691 | 645 |
} |
692 | 646 |
} |
693 | 647 |
|
694 |
public List/* <UserProfile> */listProfilesByExamples(String appAccessId,
|
|
695 |
String hashedSecretKey, List/* <UserProfile> */exampleProfiles,
|
|
696 |
Date fromDate, Date toDate, Session txSession) |
|
648 |
public List/* <UserProfile> */listProfilesByExamples( |
|
649 |
String appAccessId, String hashedSecretKey,
|
|
650 |
List/* <UserProfile> */exampleProfiles, Date fromDate, Date toDate, Session txSession)
|
|
697 | 651 |
throws UPassException { |
698 | 652 |
|
699 | 653 |
try { |
700 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, |
|
701 |
hashedSecretKey, txSession); |
|
654 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, hashedSecretKey, txSession); |
|
702 | 655 |
final boolean upassAdmin = checkResult.hasUPassAdminAccess(); |
703 | 656 |
if (!upassAdmin) { |
704 | 657 |
if (checkResult.invokerAppId == null) |
705 |
throw new UPassException( |
|
706 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED); |
|
658 |
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED); |
|
707 | 659 |
} |
708 |
List profiles = modifyUserService.listProfilesByExamples( |
|
709 |
exampleProfiles, fromDate, toDate, txSession); |
|
660 |
List profiles = modifyUserService.listProfilesByExamples(exampleProfiles, fromDate, toDate, txSession); |
|
710 | 661 |
|
711 | 662 |
return profiles; |
712 | 663 |
|
713 | 664 |
} catch (MultipleAppAccessesFound e) { |
714 |
throw new UPassException( |
|
715 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED, e); |
|
665 |
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED, e); |
|
716 | 666 |
} |
717 | 667 |
} |
718 | 668 |
|
... | ... | |
721 | 671 |
if (maybankLdapDAO == null) { |
722 | 672 |
Resource resource = new ClassPathResource("spring-ldap.xml"); |
723 | 673 |
BeanFactory factory = new XmlBeanFactory(resource); |
724 |
maybankLdapDAO = (MaybankLdapDAO) factory |
|
725 |
.getBean("maybankLdap"); |
|
674 |
maybankLdapDAO = (MaybankLdapDAO) factory.getBean("maybankLdap"); |
|
726 | 675 |
} |
727 | 676 |
|
728 | 677 |
return maybankLdapDAO; |
src/main/java/my/com/upass/pojo/MinimalUserBean.java | ||
---|---|---|
3 | 3 |
import java.io.Serializable; |
4 | 4 |
import java.util.Date; |
5 | 5 |
|
6 |
import my.com.upass.spassword.PasswordController; |
|
7 |
|
|
8 |
import org.apache.commons.lang.ObjectUtils; |
|
9 |
|
|
6 | 10 |
public class MinimalUserBean implements Serializable { |
7 | 11 |
|
8 | 12 |
private static final long serialVersionUID = 1L; |
... | ... | |
18 | 22 |
private int ustate; |
19 | 23 |
private Date udateLockedFrom; |
20 | 24 |
private Date udateLockedTo; |
21 |
private String pcipherText;
|
|
25 |
private String doubleHashedPassword;
|
|
22 | 26 |
private int pstate; |
23 | 27 |
private Date pdateCreated; |
24 | 28 |
private Date pdateFirstUsed; |
... | ... | |
28 | 32 |
private String phistoryList; |
29 | 33 |
private int pexpiredStatus; |
30 | 34 |
private Date pdateExpired; |
31 |
//private Integer applicationId; |
|
35 |
|
|
36 |
// private Integer applicationId; |
|
37 |
|
|
38 |
private transient String hashedPassword; |
|
32 | 39 |
|
33 | 40 |
// |
34 | 41 |
|
... | ... | |
129 | 136 |
} |
130 | 137 |
|
131 | 138 |
public String getPcipherText() { |
132 |
return pcipherText;
|
|
139 |
return getDoubleHashedPassword();
|
|
133 | 140 |
} |
134 | 141 |
|
135 | 142 |
public void setPcipherText(String pcipherText) { |
136 |
this.pcipherText = pcipherText;
|
|
143 |
setDoubleHashedPassword(pcipherText);
|
|
137 | 144 |
} |
138 | 145 |
|
139 | 146 |
public int getPstate() { |
... | ... | |
208 | 215 |
this.pdateExpired = pdateExpired; |
209 | 216 |
} |
210 | 217 |
|
211 |
// public Integer getApplicationId() {
|
|
212 |
// return applicationId;
|
|
213 |
// }
|
|
214 |
// |
|
215 |
// public void setApplicationId(Integer applicationId) {
|
|
216 |
// this.applicationId = applicationId;
|
|
217 |
// }
|
|
218 |
// public Integer getApplicationId() {
|
|
219 |
// return applicationId;
|
|
220 |
// }
|
|
221 |
//
|
|
222 |
// public void setApplicationId(Integer applicationId) {
|
|
223 |
// this.applicationId = applicationId;
|
|
224 |
// }
|
|
218 | 225 |
|
219 | 226 |
// Helper methods |
220 | 227 |
|
... | ... | |
226 | 233 |
setUserAlias(username); |
227 | 234 |
} |
228 | 235 |
|
229 |
public String getHashedPassword() { |
|
230 |
return getPcipherText(); |
|
236 |
public String getDoubleHashedPassword() { |
|
237 |
return doubleHashedPassword; |
|
238 |
} |
|
239 |
|
|
240 |
private class BooleanLock { |
|
241 |
private boolean nesting; |
|
242 |
} |
|
243 |
|
|
244 |
private final BooleanLock changeLock = new BooleanLock(); |
|
245 |
|
|
246 |
public void setDoubleHashedPassword(String doubleHashedPassword) { |
|
247 |
this.doubleHashedPassword = doubleHashedPassword; |
|
248 |
synchronized (changeLock) { |
|
249 |
if (!changeLock.nesting) { |
|
250 |
this.hashedPassword = null; |
|
251 |
} |
|
252 |
} |
|
231 | 253 |
} |
232 | 254 |
|
233 | 255 |
public void setHashedPassword(String hashedPassword) { |
234 |
setPcipherText(hashedPassword); |
|
256 |
synchronized (changeLock) { |
|
257 |
changeLock.nesting = true; |
|
258 |
this.hashedPassword = hashedPassword; |
|
259 |
setDoubleHashedPassword(PasswordController.sha256(userAlias, hashedPassword)); |
|
260 |
changeLock.nesting = false; |
|
261 |
} |
|
262 |
} |
|
263 |
|
|
264 |
public String getHashedPassword() { |
|
265 |
return hashedPassword; |
|
235 | 266 |
} |
236 | 267 |
|
237 | 268 |
} |
src/main/java/my/com/upass/services/ChangeStaticPasswordService.java | ||
---|---|---|
14 | 14 |
import java.util.HashMap; |
15 | 15 |
import java.util.Map; |
16 | 16 |
|
17 |
|
|
18 |
import org.hibernate.Session; |
|
19 |
|
|
20 |
import my.com.upass.Config; |
|
21 |
import my.com.upass.ConfigBean; |
|
22 | 17 |
import my.com.upass.MinimalConstants; |
23 | 18 |
import my.com.upass.MinimalUPassControllerV2; |
24 | 19 |
import my.com.upass.UPassException; |
... | ... | |
31 | 26 |
import my.com.upass.spassword.PasswordController; |
32 | 27 |
import my.com.upass.spring.ldap.MaybankLdapConstant; |
33 | 28 |
|
29 |
import org.hibernate.Session; |
|
30 |
|
|
34 | 31 |
/** |
35 | 32 |
* PROGRAMMER: Danniell |
36 | 33 |
* CHANGE-NO: |
... | ... | |
53 | 50 |
this.upc = upc; |
54 | 51 |
} |
55 | 52 |
|
56 |
public int changeStaticPassword(String userAlias, String newPassword, String oldPassword,
|
|
57 |
boolean checkChangeInterval)
|
|
58 |
{ |
|
53 |
public int changeStaticPassword( |
|
54 |
String userAlias, String newHashedPassword, String oldHashedPassword, boolean checkChangeInterval) {
|
|
55 |
|
|
59 | 56 |
int rc = MinimalConstants.ERR_SYSTEM_NOT_READY; |
60 | 57 |
|
61 |
try |
|
62 |
{ |
|
58 |
try { |
|
63 | 59 |
UserDAO userDao = MinimalDAOFactory.minimalInstance().getUserDAO(); |
64 | 60 |
MinimalUserBean userBean = userDao.getUserFromStore(userAlias, null); |
65 | 61 |
|
66 |
if (userBean == null) |
|
67 |
{ |
|
62 |
if (userBean == null) { |
|
68 | 63 |
return MinimalConstants.ERR_USERALIAS_NOT_FOUND; |
69 | 64 |
} |
70 |
|
|
71 | 65 |
userBean.getPdateCreated(); |
66 |
|
|
67 |
String newPlainPassword = null; |
|
72 | 68 |
|
73 | 69 |
// verify user |
74 | 70 |
PasswordController pc = MinimalUPassFactory.getPasswordController(userBean, upc.getConfigurationsMap()); |
75 |
|
|
76 |
if (checkChangeInterval == true) |
|
77 |
{ |
|
71 |
if (upc.isInMigrationPeriod()) { |
|
72 |
final String oldPlainPassword = oldHashedPassword; |
|
73 |
newPlainPassword = newHashedPassword; |
|
74 |
oldHashedPassword = PasswordController.sha256(oldPlainPassword); |
|
75 |
newHashedPassword = PasswordController.sha256(newPlainPassword); |
|
76 |
} |
|
77 |
if (checkChangeInterval == true) { |
|
78 | 78 |
rc = pc.checkRegeneratePassword(); |
79 |
if (rc == MinimalConstants.ERR_PASSWD_CHANGE_INTERVAL) |
|
80 |
{ |
|
79 |
if (rc == MinimalConstants.ERR_PASSWD_CHANGE_INTERVAL) { |
|
81 | 80 |
return MinimalConstants.ERR_PASSWD_CHANGE_INTERVAL; |
82 | 81 |
} |
83 | 82 |
} |
84 |
|
|
85 |
rc = pc.VerifyPassword(oldPassword); |
|
83 |
rc = pc.verifyPassword(oldHashedPassword); |
|
86 | 84 |
|
87 | 85 |
if (rc == MinimalConstants.ERR_SUCCESS || |
88 | 86 |
rc == MinimalConstants.ERR_PASSWD_EXPIRED || |
89 |
rc == MinimalConstants.ERR_PASSWD_EXPIRED_NOTIFICATION) |
|
90 |
{ |
|
91 |
rc = pc.GeneratePassword(newPassword, true);
|
|
87 |
rc == MinimalConstants.ERR_PASSWD_EXPIRED_NOTIFICATION) {
|
|
88 |
|
|
89 |
rc = pc.generatePassword(newHashedPassword, true);
|
|
92 | 90 |
} |
93 |
|
|
94 | 91 |
userBean = (MinimalUserBean) pc.getUpdatedObject(); |
95 | 92 |
|
96 | 93 |
Session session = null; |
... | ... | |
103 | 100 |
if (!lrc) { |
104 | 101 |
rc = MinimalConstants.ERR_SYSTEM_NOT_READY; |
105 | 102 |
} |
106 |
|
|
107 | 103 |
// update ldap |
108 | 104 |
if (upc.isInMigrationPeriod()) { |
109 | 105 |
Map attrMap = new HashMap(); |
110 |
attrMap.put(MaybankLdapConstant.ATTR_PASSWORD, newPassword); |
|
106 |
attrMap.put(MaybankLdapConstant.ATTR_PASSWORD, newPlainPassword);
|
|
111 | 107 |
MinimalUPassControllerV2.getMaybankLdapDAO().updateUser(userBean.getUserAlias(), attrMap); |
112 | 108 |
} |
113 |
|
|
114 | 109 |
session.getTransaction().commit(); |
115 | 110 |
|
116 | 111 |
} catch (UPassException e) { |
117 | 112 |
rc = e.getErrorCode(); |
118 | 113 |
GenericDAOHibernate.rollbackTransactionIfAny(session); |
114 |
|
|
119 | 115 |
} finally { |
120 | 116 |
GenericDAOHibernate.closeSessionIfAny(session); |
121 | 117 |
} |
122 | 118 |
} catch (Exception e) { |
123 | 119 |
e.printStackTrace(); |
124 | 120 |
} |
125 |
|
|
126 | 121 |
return rc; |
127 | 122 |
} |
128 | 123 |
} |
src/main/java/my/com/upass/services/CheckPasswordReusedService.java | ||
---|---|---|
35 | 35 |
/** |
36 | 36 |
* <Class description> |
37 | 37 |
*/ |
38 |
public class CheckPasswordReusedService |
|
39 |
{ |
|
38 |
public class CheckPasswordReusedService {
|
|
39 |
|
|
40 | 40 |
private MinimalUPassControllerV2 upc; |
41 | 41 |
|
42 |
public CheckPasswordReusedService(MinimalUPassControllerV2 upc) |
|
43 |
{ |
|
42 |
public CheckPasswordReusedService(MinimalUPassControllerV2 upc) { |
|
44 | 43 |
this.upc = upc; |
45 | 44 |
} |
46 | 45 |
|
47 |
public int CheckPasswordReused(String userAlias, String password)
|
|
48 |
{ |
|
46 |
public int checkPasswordReused(String userAlias, String hashedPassword) {
|
|
47 |
|
|
49 | 48 |
String token; |
50 | 49 |
|
51 |
if (userAlias == null || password == null) |
|
52 |
{ |
|
50 |
if (userAlias == null || hashedPassword == null) { |
|
53 | 51 |
return MinimalConstants.ERR_INVALID_INPUT; |
54 | 52 |
} |
55 |
|
|
56 |
try |
|
57 |
{ |
|
53 |
try { |
|
58 | 54 |
UserDAO userDao = MinimalDAOFactory.minimalInstance().getUserDAO(); |
59 | 55 |
MinimalUserBean userBean = userDao.getUserFromStore(userAlias, null); |
60 | 56 |
|
61 |
if (userBean == null) |
|
62 |
{ |
|
57 |
if (userBean == null) { |
|
63 | 58 |
return MinimalConstants.ERR_USERALIAS_NOT_FOUND; |
64 | 59 |
} |
60 |
// verify user state, must be active (not inactive|locked|deleted) |
|
61 |
switch (userBean.getUstate()) { |
|
65 | 62 |
|
66 |
// verify user state, must be active (not inactive|locked|deleted) |
|
67 |
switch (userBean.getUstate()) |
|
68 |
{ |
|
69 | 63 |
case (MinimalConstants.UID_STATE_ACTIVE): |
70 | 64 |
break; |
71 | 65 |
case (MinimalConstants.UID_STATE_TMP_LOCKED): |
72 | 66 |
Date now = new Date(); |
73 |
if (userBean.getUdateLockedTo().after(now)) |
|
74 |
{ |
|
67 |
if (userBean.getUdateLockedTo().after(now)) { |
|
75 | 68 |
return MinimalConstants.ERR_INVALID_STATE; |
76 | 69 |
} |
77 | 70 |
break; |
78 | 71 |
default: |
79 | 72 |
return MinimalConstants.ERR_INVALID_STATE; |
80 | 73 |
} |
74 |
if (upc.isInMigrationPeriod()) { |
|
75 |
final String plainPassword = hashedPassword; |
|
76 |
hashedPassword = PasswordController.sha256(plainPassword); |
|
77 |
} |
|
78 |
String doubleHashedPassword = PasswordController.sha256(userBean.getUserAlias(), hashedPassword); |
|
81 | 79 |
|
82 |
PasswordController pc = MinimalUPassFactory.getPasswordController( |
|
83 |
userBean, upc.getConfigurationsMap()); |
|
84 |
String cipherText = pc.SHA256(userBean.getUserAlias(), password); |
|
80 |
if (userBean.getPhistoryList() != null) { |
|
85 | 81 |
|
86 |
if (userBean.getPhistoryList() != null) |
|
87 |
{ |
|
88 | 82 |
StringTokenizer stz = new StringTokenizer( |
89 | 83 |
userBean.getPhistoryList(), ":"); |
90 |
while (stz.hasMoreTokens()) |
|
91 |
{ |
|
84 |
|
|
85 |
while (stz.hasMoreTokens()) {
|
|
92 | 86 |
token = stz.nextToken(); |
93 |
if (cipherText.equals(token)) |
|
94 |
{ |
|
87 |
if (doubleHashedPassword.equals(token)) { |
|
95 | 88 |
return MinimalConstants.ERR_REUSED_PASSWD; |
96 | 89 |
} |
97 | 90 |
} |
98 | 91 |
} |
99 | 92 |
return MinimalConstants.ERR_SUCCESS; |
100 |
} catch (Exception e) |
|
101 |
{ |
|
93 |
|
|
94 |
} catch (Exception e) {
|
|
102 | 95 |
e.printStackTrace(); |
103 | 96 |
return MinimalConstants.ERR_SYSTEM_NOT_READY; |
104 | 97 |
} |
src/main/java/my/com/upass/services/CreateUserService.java | ||
---|---|---|
61 | 61 |
|
62 | 62 |
public ReturnBundle addUser( |
63 | 63 |
String userAlias, int userType, String userDesc, |
64 |
String userPassword, int userState, Session txSession, boolean checkPassword) {
|
|
64 |
String userHashedPassword, int userState, Session txSession, boolean usePassword) {
|
|
65 | 65 |
|
66 | 66 |
final ReturnBundle ret = new ReturnBundle(); |
67 | 67 |
ret.code = MinimalConstants.ERR_SYSTEM_NOT_READY; |
... | ... | |
70 | 70 |
ret.code = MinimalConstants.ERR_INVALID_INPUT; |
71 | 71 |
return ret; |
72 | 72 |
} |
73 |
if (checkPassword && userPassword == null) {
|
|
73 |
if (usePassword && userHashedPassword == null) {
|
|
74 | 74 |
ret.code = MinimalConstants.ERR_INVALID_INPUT; |
75 | 75 |
return ret; |
76 | 76 |
} |
... | ... | |
93 | 93 |
|
94 | 94 |
PasswordController pc = MinimalUPassFactory.getPasswordController(ub, |
95 | 95 |
upc.getConfigurationsMap()); |
96 |
ret.code = pc.VerifyUserAlias(userAlias);
|
|
96 |
ret.code = pc.verifyUserAlias(userAlias);
|
|
97 | 97 |
|
98 | 98 |
if (ret.code != MinimalConstants.ERR_SUCCESS) { |
99 | 99 |
return ret; |
100 | 100 |
} |
101 |
if (checkPassword) { |
|
102 |
ret.code = pc.GeneratePassword(userPassword, true); |
|
101 |
if (usePassword) { |
|
102 |
if (upc.isInMigrationPeriod()) { |
|
103 |
final String userPlainPassword = userHashedPassword; |
|
104 |
userHashedPassword = PasswordController.sha256(userPlainPassword); |
|
105 |
} |
|
106 |
ret.code = pc.generatePassword(userHashedPassword, true); |
|
103 | 107 |
|
104 | 108 |
if (ret.code != MinimalConstants.ERR_SUCCESS) { |
105 | 109 |
return ret; |
... | ... | |
135 | 139 |
|
136 | 140 |
public ReturnBundle addUser( |
137 | 141 |
String userAlias, int userType, String userDesc, |
138 |
String userPassword, int userState, Session txSession) { |
|
142 |
String userHashedPassword, int userState, Session txSession) {
|
|
139 | 143 |
|
140 | 144 |
return addUser( |
141 |
userAlias, userType, userDesc, userPassword, userState, txSession, true); |
|
145 |
userAlias, userType, userDesc, userHashedPassword, userState, txSession, true);
|
|
142 | 146 |
} |
143 | 147 |
|
144 | 148 |
public int addUser( |
145 | 149 |
String userAlias, int userType, String userDesc, |
146 |
String userPassword, int userState, int appId) { |
|
150 |
String userHashedPassword, int userState, int appId) {
|
|
147 | 151 |
|
148 |
ReturnBundle ret = addUser(userAlias, userType, userDesc, userPassword, userState, null); |
|
152 |
ReturnBundle ret = addUser(userAlias, userType, userDesc, userHashedPassword, userState, null);
|
|
149 | 153 |
|
150 | 154 |
int rc = ret.code; |
151 | 155 |
if (rc == MinimalConstants.ERR_SUCCESS |
... | ... | |
163 | 167 |
} |
164 | 168 |
|
165 | 169 |
public ReturnBundle addUser( |
166 |
MinimalUserBean user, Session txSession, boolean checkPassword) {
|
|
170 |
MinimalUserBean user, Session txSession, boolean userPassword) {
|
|
167 | 171 |
|
168 | 172 |
return addUser( |
169 | 173 |
user.getUserAlias(), user.getUserType(), user.getDescription(), |
170 |
user.getPcipherText(), user.getPstate(), txSession, checkPassword);
|
|
174 |
user.getHashedPassword(), user.getPstate(), txSession, userPassword);
|
|
171 | 175 |
} |
172 | 176 |
} |
src/main/java/my/com/upass/services/ModifyUserService.java | ||
---|---|---|
16 | 16 |
import java.util.List; |
17 | 17 |
import java.util.Map; |
18 | 18 |
|
19 |
import my.com.upass.Config; |
|
20 |
import my.com.upass.ConfigBean; |
|
21 | 19 |
import my.com.upass.MinimalConstants; |
22 | 20 |
import my.com.upass.MinimalUPassControllerV2; |
23 | 21 |
import my.com.upass.UPassException; |
... | ... | |
56 | 54 |
|
57 | 55 |
public int modifyUser( |
58 | 56 |
String userAlias, int userType, String userDesc, |
59 |
String userPassword, int userState) {
|
|
57 |
String hashedPassword, int userState) {
|
|
60 | 58 |
|
61 |
return modifyUser(userAlias, userType, userDesc, userPassword, userState, true);
|
|
59 |
return modifyUser(userAlias, userType, userDesc, hashedPassword, userState, true);
|
|
62 | 60 |
} |
63 | 61 |
|
64 | 62 |
public int modifyUser( |
65 | 63 |
String userAlias, int userType, String userDesc, |
66 |
String userPassword, int userState, boolean updateLdap) {
|
|
64 |
String hashedPassword, int userState, boolean updateLdap) {
|
|
67 | 65 |
|
68 | 66 |
int rc = MinimalConstants.ERR_SYSTEM_NOT_READY; |
69 | 67 |
if (userAlias == null) { |
... | ... | |
80 | 78 |
if (ub == null) { |
81 | 79 |
return MinimalConstants.ERR_USERALIAS_NOT_FOUND; |
82 | 80 |
} |
81 |
|
|
83 | 82 |
PasswordController pc = null; |
84 |
if (userPassword != null) { |
|
83 |
String plainPassword = null; |
|
84 |
|
|
85 |
if (hashedPassword != null) { |
|
85 | 86 |
// Generate new paswword |
86 | 87 |
pc = MinimalUPassFactory.getPasswordController( |
87 | 88 |
ub, upc.getConfigurationsMap()); |
89 |
/* |
|
90 |
* If we are in migration period then the given hashPassword will |
|
91 |
* actually be in plain text, and we need to hash it here. |
|
92 |
*/ |
|
93 |
if (upc.isInMigrationPeriod()) { |
|
94 |
plainPassword = hashedPassword; |
|
95 |
hashedPassword = PasswordController.sha256(plainPassword); |
|
96 |
} |
|
88 | 97 |
// rc = pc.GeneratePassword(userPassword, false); //disable |
89 | 98 |
// password hist check 20081220 |
90 |
rc = pc.GeneratePassword(userPassword, true);
|
|
99 |
rc = pc.generatePassword(hashedPassword, true);
|
|
91 | 100 |
|
92 | 101 |
if (rc != MinimalConstants.ERR_SUCCESS) { |
93 | 102 |
return rc; |
... | ... | |
107 | 116 |
} |
108 | 117 |
|
109 | 118 |
// update ldap |
110 |
if (updateLdap |
|
111 |
&& pc != null && upc.isInMigrationPeriod()) { |
|
112 |
|
|
119 |
if (updateLdap && plainPassword != null) { |
|
113 | 120 |
Map attrMap = new HashMap(); |
114 |
attrMap.put(MaybankLdapConstant.ATTR_PASSWORD, userPassword);
|
|
121 |
attrMap.put(MaybankLdapConstant.ATTR_PASSWORD, plainPassword);
|
|
115 | 122 |
MinimalUPassControllerV2.getMaybankLdapDAO().updateUser(userAlias, attrMap); |
116 | 123 |
} |
117 | 124 |
session.getTransaction().commit(); |
... | ... | |
203 | 210 |
} |
204 | 211 |
return null; |
205 | 212 |
} |
206 |
|
|
213 |
|
|
207 | 214 |
public List/* <UserProfile> */listProfilesByExamples( |
208 |
List/* <UserProfile> */exampleProfiles, Date fromDate, Date toDate, Session txSession) throws UPassException { |
|
215 |
List/* <UserProfile> */exampleProfiles, Date fromDate, Date toDate, Session txSession) |
|
216 |
throws UPassException { |
|
209 | 217 |
|
210 | 218 |
// int rc = MinimalConstants.ERR_SYSTEM_NOT_READY; |
211 | 219 |
if (exampleProfiles == null) { |
src/main/java/my/com/upass/services/VerifyStaticPasswordService.java | ||
---|---|---|
51 | 51 |
} |
52 | 52 |
|
53 | 53 |
public int verifyStaticPassword( |
54 |
String userAlias, String password,
|
|
54 |
String userAlias, String hashedPassword,
|
|
55 | 55 |
boolean chkUserType, int userType, Session txSession) { |
56 | 56 |
|
57 | 57 |
return verifyUserCredetial( |
58 |
userAlias, password, chkUserType, userType, false, txSession);
|
|
58 |
userAlias, hashedPassword, chkUserType, userType, false, txSession);
|
|
59 | 59 |
} |
60 | 60 |
|
61 | 61 |
public ReturnBundle verifyStaticPassword_returnUser( |
62 |
String userAlias, String password,
|
|
62 |
String userAlias, String hashedPassword,
|
|
63 | 63 |
boolean chkUserType, int userType, Session txSession) { |
64 | 64 |
|
65 | 65 |
return verifyUserCredetial_returnUser( |
66 |
userAlias, password, chkUserType, userType, false, txSession);
|
|
66 |
userAlias, hashedPassword, chkUserType, userType, false, txSession);
|
|
67 | 67 |
} |
68 | 68 |
|
69 | 69 |
/** |
70 | 70 |
* Verify password validity only |
71 | 71 |
* |
72 | 72 |
* @param userAlias |
73 |
* @param password
|
|
73 |
* @param hashedPassword
|
|
74 | 74 |
* @param chkUserType |
75 | 75 |
* @param userType |
76 | 76 |
* @return |
77 | 77 |
*/ |
78 | 78 |
public int verifyStaticPassword( |
79 |
String userAlias, String password,
|
|
79 |
String userAlias, String hashedPassword,
|
|
80 | 80 |
boolean chkUserType, int userType) { |
81 | 81 |
|
82 |
return verifyUserCredetial(userAlias, password, chkUserType, userType, false, null);
|
|
82 |
return verifyUserCredetial(userAlias, hashedPassword, chkUserType, userType, false, null);
|
|
83 | 83 |
} |
84 | 84 |
|
85 | 85 |
/** |
86 | 86 |
* Verify user dormant period and password validity |
87 | 87 |
* |
88 | 88 |
* @param userAlias |
89 |
* @param password
|
|
89 |
* @param hashedPassword
|
|
90 | 90 |
* @param chkUserType |
91 | 91 |
* @param userType |
92 | 92 |
* @return |
93 | 93 |
*/ |
94 | 94 |
public int login( |
95 |
String userAlias, String password,
|
|
95 |
String userAlias, String hashedPassword,
|
|
96 | 96 |
boolean chkUserType, int userType) { |
97 | 97 |
|
98 |
return verifyUserCredetial(userAlias, password, chkUserType, userType, true, null);
|
|
98 |
return verifyUserCredetial(userAlias, hashedPassword, chkUserType, userType, true, null);
|
|
99 | 99 |
} |
100 | 100 |
|
101 | 101 |
/** |
... | ... | |
103 | 103 |
* The logic is duplicated from verifyStaticPassword. |
104 | 104 |
* |
105 | 105 |
* @param userAlias |
106 |
* @param password
|
|
106 |
* @param hashedPassword
|
|
107 | 107 |
* @param chkUserType |
108 | 108 |
* @param userType |
109 | 109 |
* @return |
110 | 110 |
*/ |
111 | 111 |
public int verifyUserCredetial( |
112 |
String userAlias, String password,
|
|
112 |
String userAlias, String hashedPassword,
|
|
113 | 113 |
boolean chkUserType, int userType, |
114 | 114 |
boolean dormantCheck, Session txSession) { |
115 | 115 |
|
116 | 116 |
final ReturnBundle ret = verifyUserCredetial_returnUser( |
117 |
userAlias, password, chkUserType, userType, dormantCheck, txSession);
|
|
117 |
userAlias, hashedPassword, chkUserType, userType, dormantCheck, txSession);
|
|
118 | 118 |
return ret.code; |
119 | 119 |
} |
120 | 120 |
|
121 | 121 |
public ReturnBundle verifyUserCredetial_returnUser( |
122 |
String userAlias, String password,
|
|
122 |
String userAlias, String hashedPassword,
|
|
123 | 123 |
boolean chkUserType, int userType, |
124 | 124 |
boolean dormantCheck, Session txSession) { |
125 | 125 |
|
126 | 126 |
ReturnBundle ret = new ReturnBundle(); |
127 | 127 |
ret.code = MinimalConstants.ERR_SYSTEM_NOT_READY; |
128 | 128 |
|
129 |
if (userAlias == null || password == null) {
|
|
129 |
if (userAlias == null || hashedPassword == null) {
|
|
130 | 130 |
ret.code = MinimalConstants.ERR_INVALID_INPUT; |
131 | 131 |
return ret; |
132 | 132 |
} |
... | ... | |
140 | 140 |
} |
141 | 141 |
|
142 | 142 |
// -- migration period checking : START -- |
143 |
if (upc.isInMigrationPeriod() |
|
144 |
&& ret.user.getHashedPassword() == null) { // password null, so the user haven't get migrated. |
|
143 |
if (upc.isInMigrationPeriod()) { |
|
145 | 144 |
|
146 |
// authenticate to ldap |
|
147 |
if (!MinimalUPassControllerV2.getMaybankLdapDAO().authenticate(userAlias, password)) { |
|
148 |
ret.code = MinimalConstants.ERR_INVALID_CREDENTIAL; |
|
149 |
return ret; |
Also available in: Unified diff