Revision 56:849eb94f2d56
| src/main/java/my/com/upass/MinimalConstants.java | ||
|---|---|---|
| 11 | 11 |
* This property can be set to 'Y' or 'N' in configurations, |
| 12 | 12 |
* but will be converted to boolean inside the app. |
| 13 | 13 |
* |
| 14 |
* @see #inMigrationPeriod |
|
| 14 |
* @see MinimalUPassControllerV2#inMigrationPeriod
|
|
| 15 | 15 |
*/ |
| 16 | 16 |
public static final String MIGRATION_PERIOD = "MIGRATION_PERIOD"; |
| 17 | 17 |
|
| ... | ... | |
| 230 | 230 |
|
| 231 | 231 |
return map; |
| 232 | 232 |
} |
| 233 |
|
|
| 233 | 234 |
} |
| src/main/java/my/com/upass/MinimalUPassController.java | ||
|---|---|---|
| 11 | 11 |
|
| 12 | 12 |
public class MinimalUPassController {
|
| 13 | 13 |
|
| 14 |
/** |
|
| 15 |
* @see MinimalConstants#MIGRATION_PERIOD |
|
| 16 |
*/ |
|
| 17 |
protected boolean inMigrationPeriod = false; |
|
| 18 |
|
|
| 14 | 19 |
protected String userAlias; |
| 15 | 20 |
protected int SUPERVISOR_ID_SUSPEND = 0; |
| 16 | 21 |
protected int _MAX_ERROR = 0; |
| 17 | 22 |
protected Logger logger = Logger.getLogger(MinimalUPassController.class.getName()); |
| 18 | 23 |
|
| 19 |
protected int verifyStaticPassword(String userAlias, String password, boolean chkUserType, int userType) {
|
|
| 24 |
public MinimalUPassController() {
|
|
| 25 |
final String migratioinPeriodProp = Config.getInstance() |
|
| 26 |
.getProperty(MinimalConstants.MIGRATION_PERIOD); |
|
| 20 | 27 |
|
| 21 |
if (userAlias == null || password == null) {
|
|
| 28 |
setInMigrationPeriod(migratioinPeriodProp.equals("Y"));
|
|
| 29 |
} |
|
| 30 |
|
|
| 31 |
public boolean isInMigrationPeriod() {
|
|
| 32 |
return inMigrationPeriod; |
|
| 33 |
} |
|
| 34 |
|
|
| 35 |
public void setInMigrationPeriod(boolean inMigrationPeriod) {
|
|
| 36 |
this.inMigrationPeriod = inMigrationPeriod; |
|
| 37 |
} |
|
| 38 |
|
|
| 39 |
protected int verifyStaticPassword(String userAlias, String hashedPassword, boolean chkUserType, int userType) {
|
|
| 40 |
|
|
| 41 |
if (userAlias == null || hashedPassword == null) {
|
|
| 22 | 42 |
return MinimalConstants.ERR_INVALID_INPUT; |
| 23 | 43 |
} |
| 24 | 44 |
|
| ... | ... | |
| 45 | 65 |
dbo.close(); |
| 46 | 66 |
return MinimalConstants.ERR_INVALID_STATE; |
| 47 | 67 |
} |
| 48 |
|
|
| 49 | 68 |
// verify user type |
| 50 | 69 |
if (chkUserType && userBean.getUserType() != userType) {
|
| 51 | 70 |
dbo.close(); |
| 52 | 71 |
return MinimalConstants.ERR_APP_SERV_NOT_PERMITTED; |
| 53 | 72 |
} |
| 54 |
|
|
| 55 | 73 |
// verify user password |
| 56 | 74 |
PasswordController pc = new PasswordController(userBean); |
| 57 |
int rc = pc.VerifyPassword(password); |
|
| 75 |
if (isInMigrationPeriod()) {
|
|
| 76 |
final String plainPassword = hashedPassword; |
|
| 77 |
hashedPassword = PasswordController.sha256(plainPassword); |
|
| 78 |
} |
|
| 79 |
int rc = pc.verifyPassword(hashedPassword); |
|
| 58 | 80 |
userBean = pc.getUpdatedObject(); |
| 59 | 81 |
|
| 60 | 82 |
// suspend if exceeded max retries |
| ... | ... | |
| 129 | 151 |
return rc; |
| 130 | 152 |
} |
| 131 | 153 |
|
| 132 |
protected int addUser(String userAlias, int userType, String userDesc, String userPassword, int userState) {
|
|
| 154 |
protected int addUser(String userAlias, int userType, String userDesc, String userHashedPassword, int userState) {
|
|
| 133 | 155 |
int rc; |
| 134 | 156 |
|
| 135 |
if (userAlias == null || userPassword == null) |
|
| 157 |
if (userAlias == null || userHashedPassword == null)
|
|
| 136 | 158 |
return MinimalConstants.ERR_INVALID_INPUT; |
| 137 | 159 |
|
| 138 | 160 |
// insert into DB |
| ... | ... | |
| 144 | 166 |
ub.setUstate(userState); |
| 145 | 167 |
|
| 146 | 168 |
PasswordController pc = new PasswordController(ub); |
| 147 |
rc = pc.VerifyUserAlias(userAlias); |
|
| 169 |
if (isInMigrationPeriod()) {
|
|
| 170 |
final String userPlainPassword = userHashedPassword; |
|
| 171 |
userHashedPassword = PasswordController.sha256(userPlainPassword); |
|
| 172 |
} |
|
| 173 |
rc = pc.verifyUserAlias(userAlias); |
|
| 148 | 174 |
// if useralias is valid then continue else return error |
| 149 | 175 |
if (rc == MinimalConstants.ERR_SUCCESS) {
|
| 150 |
rc = pc.GeneratePassword(userPassword, false);
|
|
| 176 |
rc = pc.generatePassword(userHashedPassword, false);
|
|
| 151 | 177 |
ub = pc.getUpdatedObject(); |
| 152 | 178 |
|
| 153 | 179 |
// Debug info: |
| ... | ... | |
| 157 | 183 |
// debug info: |
| 158 | 184 |
if (dbo.insertUserToStore(ub)) {
|
| 159 | 185 |
rc = MinimalConstants.ERR_SUCCESS; |
| 160 |
} |
|
| 161 |
else {
|
|
| 186 |
|
|
| 187 |
} else {
|
|
| 162 | 188 |
rc = MinimalConstants.ERR_ALREADY_EXIST; |
| 163 | 189 |
} |
| 164 | 190 |
dbo.close(); |
| 165 | 191 |
} |
| 166 |
|
|
| 167 | 192 |
return rc; |
| 168 |
|
|
| 169 | 193 |
} |
| 170 |
|
|
| 171 | 194 |
} |
| src/main/java/my/com/upass/MinimalUPassControllerV2.java | ||
|---|---|---|
| 31 | 31 |
|
| 32 | 32 |
public class MinimalUPassControllerV2 {
|
| 33 | 33 |
|
| 34 |
protected static Logger logger = Logger |
|
| 35 |
.getLogger(MinimalUPassControllerV2.class); |
|
| 36 |
protected static Map configurationMap = new HashMap(); |
|
| 37 |
private static boolean configFirstLoad = true; |
|
| 38 |
|
|
| 39 | 34 |
/** |
| 40 | 35 |
* @see MinimalConstants#MIGRATION_PERIOD |
| 41 | 36 |
*/ |
| 42 |
private boolean inMigrationPeriod = false;
|
|
| 37 |
protected boolean inMigrationPeriod = false;
|
|
| 43 | 38 |
|
| 44 |
protected VerifyStaticPasswordService verifyStaticPasswordService = new VerifyStaticPasswordService( |
|
| 45 |
this); |
|
| 39 |
protected static Logger logger = Logger.getLogger(MinimalUPassControllerV2.class); |
|
| 40 |
protected static Map configurationMap = new HashMap(); |
|
| 41 |
private static boolean configFirstLoad = true; |
|
| 42 |
protected VerifyStaticPasswordService verifyStaticPasswordService = new VerifyStaticPasswordService(this); |
|
| 46 | 43 |
protected CreateUserService createUserService = new CreateUserService(this); |
| 47 | 44 |
protected ModifyUserService modifyUserService = new ModifyUserService(this); |
| 48 | 45 |
protected AppAccessMgtService appAccessMgtService = new AppAccessMgtService(); |
| 49 |
protected ChangeStaticPasswordService changeStaticPasswordService = new ChangeStaticPasswordService( |
|
| 50 |
this); |
|
| 46 |
protected ChangeStaticPasswordService changeStaticPasswordService = new ChangeStaticPasswordService(this); |
|
| 51 | 47 |
|
| 52 | 48 |
// for spring-ldap usage |
| 53 | 49 |
private static final Object CONFIG_LOCK = new Object(); |
| 54 | 50 |
private static MaybankLdapDAO maybankLdapDAO; |
| 55 | 51 |
|
| 56 | 52 |
public MinimalUPassControllerV2() {
|
| 57 |
this.setInMigrationPeriod( Config.getInstance().getProperty(MinimalConstants.MIGRATION_PERIOD).equals("Y"));
|
|
| 53 |
|
|
| 54 |
final String migratioinPeriodProp = Config.getInstance() |
|
| 55 |
.getProperty(MinimalConstants.MIGRATION_PERIOD); |
|
| 56 |
|
|
| 57 |
setInMigrationPeriod(migratioinPeriodProp.equals("Y"));
|
|
| 58 |
|
|
| 58 | 59 |
initializeConfigurations(); |
| 59 | 60 |
} |
| 60 | 61 |
|
| 61 | 62 |
protected void initializeConfigurations() {
|
| 62 | 63 |
try {
|
| 63 |
ConfigurationDAO configurationDAO = MinimalDAOFactory |
|
| 64 |
.minimalInstance().getConfigurationDAO(); |
|
| 64 |
ConfigurationDAO configurationDAO = MinimalDAOFactory.minimalInstance().getConfigurationDAO(); |
|
| 65 | 65 |
boolean isConfigChange = configurationDAO.isConfigChanged(); |
| 66 | 66 |
|
| 67 | 67 |
if (configFirstLoad || isConfigChange) {
|
| 68 | 68 |
|
| 69 | 69 |
logger.info("Refresh Configuration ....");
|
| 70 |
|
|
| 71 |
|
|
| 72 |
List configurations = configurationDAO |
|
| 73 |
.getConfigurationsFromStore(); |
|
| 70 |
|
|
| 71 |
List configurations = configurationDAO.getConfigurationsFromStore(); |
|
| 74 | 72 |
ConfigurationBean configPojo; |
| 75 | 73 |
ConfigBean configBean = null; |
| 76 | 74 |
|
| ... | ... | |
| 80 | 78 |
configPojo = (ConfigurationBean) itr.next(); |
| 81 | 79 |
configType = configPojo.getApplicationId(); |
| 82 | 80 |
|
| 83 |
configBean = (ConfigBean) configurationMap.get(new Integer( |
|
| 84 |
configType)); |
|
| 81 |
configBean = (ConfigBean) configurationMap.get(new Integer(configType)); |
|
| 85 | 82 |
if (configBean == null) {
|
| 86 | 83 |
configBean = new ConfigBean(); |
| 87 | 84 |
} |
| 88 |
logger.info("COnfig Type:" + configType + "=config name:"
|
|
| 89 |
+ configPojo.getConfigName() + "=config Value:" |
|
| 90 |
+ configPojo.getConfigValue()); |
|
| 91 |
configBean.setConfigBean(configPojo.getConfigName(), |
|
| 92 |
configPojo.getConfigValue()); |
|
| 85 |
logger.info("COnfig Type:" + configType + "=config name:" + configPojo.getConfigName()
|
|
| 86 |
+ "=config Value:" + configPojo.getConfigValue()); |
|
| 87 |
configBean.setConfigBean(configPojo.getConfigName(), configPojo.getConfigValue()); |
|
| 93 | 88 |
|
| 94 | 89 |
configurationMap.put(new Integer(configType), configBean); |
| 95 | 90 |
|
| 96 |
configFirstLoad = false; // this value dictate for every |
|
| 97 |
// instance restart to refresh |
|
| 98 |
// the map. After |
|
| 91 |
configFirstLoad = false; // this value dictate for every instance restart to refresh the map. After |
|
| 99 | 92 |
// first load, turn it off |
| 100 | 93 |
} |
| 101 | 94 |
logger.info("Refresh Configuration Done ....");
|
| ... | ... | |
| 139 | 132 |
* This method to add online users to the system |
| 140 | 133 |
* |
| 141 | 134 |
* @param adminUserAlias |
| 142 |
* @param adminUserPassword
|
|
| 135 |
* @param adminHashedPassword
|
|
| 143 | 136 |
* @param userAlias |
| 144 | 137 |
* @param userDesc |
| 145 |
* @param userPassword |
|
| 138 |
* @param userHashedPassword
|
|
| 146 | 139 |
* @param appId |
| 147 | 140 |
* @return ERR_code defined in the MinimalConstants<br/> |
| 148 | 141 |
* ERR_SUCCESS<br/> |
| 149 | 142 |
* ERR_SYSTEM_NOT_READY<br/> |
| 150 | 143 |
* ERR_USERALIAS_NOT_FOUND <br/> |
| 151 | 144 |
* ERR_INVALID_STATE - admin not active or temporary suspended.<br/> |
| 152 |
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the |
|
| 153 |
* user type.<br/> |
|
| 145 |
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/> |
|
| 154 | 146 |
* ERR_EXCEED_MAX_TRIES<br/> |
| 155 | 147 |
* ERR_INVALID_CREDENTIAL<br/> |
| 156 | 148 |
* ERR_INVALID_INPUT - internal error.<br/> |
| 157 | 149 |
* ERR_ALREADY_EXIST<br/> |
| 158 |
* ERR_INVALID_USERALIAS - User alias does not match with defined |
|
| 159 |
* pattern <br/> |
|
| 160 |
* ERR_PASSWORD_SAMEAS_USERALIAS - password is same is user name |
|
| 161 |
* error <br/> |
|
| 150 |
* ERR_INVALID_USERALIAS - User alias does not match with defined pattern <br/> |
|
| 151 |
* ERR_PASSWORD_SAMEAS_USERALIAS - password is same is user name error <br/> |
|
| 162 | 152 |
*/ |
| 163 |
public int UA_AddUser(String adminUserAlias, String adminUserPassword, |
|
| 164 |
String userAlias, String userDesc, String userPassword, int appId) {
|
|
| 153 |
public int UA_AddUser( |
|
| 154 |
String adminUserAlias, String adminHashedPassword, |
|
| 155 |
String userAlias, String userDesc, String userHashedPassword, int appId) {
|
|
| 165 | 156 |
|
| 166 | 157 |
// check if password is similar to user alias |
| 167 |
if (userAlias.equalsIgnoreCase(userPassword)) {
|
|
| 158 |
if (userAlias.equalsIgnoreCase(userHashedPassword)) {
|
|
| 168 | 159 |
return MinimalConstants.ERR_PASSWORD_SAMEAS_USERALIAS; |
| 169 | 160 |
} |
| 170 | 161 |
int rc = verifyStaticPasswordService.verifyStaticPassword( |
| 171 |
adminUserAlias, adminUserPassword, true, |
|
| 172 |
MinimalConstants.UTYPE_STATE_ADMIN); |
|
| 162 |
adminUserAlias, adminHashedPassword, true, MinimalConstants.UTYPE_STATE_ADMIN); |
|
| 173 | 163 |
|
| 174 | 164 |
if (rc != MinimalConstants.ERR_SUCCESS) {
|
| 175 | 165 |
return rc; |
| 176 | 166 |
} |
| 177 |
rc = createUserService.addUser(userAlias,
|
|
| 178 |
MinimalConstants.UTYPE_STATE_USER, userDesc, userPassword,
|
|
| 179 |
MinimalConstants.UID_STATE_ACTIVE, appId); |
|
| 167 |
rc = createUserService.addUser( |
|
| 168 |
userAlias, MinimalConstants.UTYPE_STATE_USER, userDesc,
|
|
| 169 |
userHashedPassword, MinimalConstants.UID_STATE_ACTIVE, appId);
|
|
| 180 | 170 |
|
| 181 |
logger.info("UA_AddUser - user alias: [" + userAlias + "] Return: "
|
|
| 182 |
+ rc); |
|
| 171 |
logger.info("UA_AddUser - user alias: [" + userAlias + "] Return: " + rc);
|
|
| 183 | 172 |
return rc; |
| 184 | 173 |
} |
| 185 | 174 |
|
| 186 |
public int addUser(String appAccessId, String hashedSecretKey, |
|
| 187 |
MinimalUserBean user, char accessType, Session txSession) {
|
|
| 175 |
public int addUser( |
|
| 176 |
String appAccessId, String hashedSecretKey, MinimalUserBean user, |
|
| 177 |
char accessType, Session txSession) {
|
|
| 188 | 178 |
|
| 189 |
return addUser(appAccessId, hashedSecretKey, user, accessType, |
|
| 190 |
txSession, true); |
|
| 179 |
return addUser(appAccessId, hashedSecretKey, user, accessType, txSession, true); |
|
| 191 | 180 |
} |
| 192 | 181 |
|
| 193 | 182 |
/** |
| 194 | 183 |
* This methods identifies the target app using <code>appAccessId</code>, |
| 195 | 184 |
* hence meant for {@link ClientApp}s
|
| 196 | 185 |
* |
| 197 |
* @see #addUser(String, String, MinimalUserBean, char, int, Session, |
|
| 198 |
* boolean) |
|
| 186 |
* @see #addUser(String, String, MinimalUserBean, char, int, Session, boolean) |
|
| 199 | 187 |
*/ |
| 200 |
public int addUser(String appAccessId, String hashedSecretKey,
|
|
| 201 |
MinimalUserBean user, char accessType, Session txSession,
|
|
| 202 |
boolean checkPassword) {
|
|
| 188 |
public int addUser( |
|
| 189 |
String appAccessId, String hashedSecretKey, MinimalUserBean user,
|
|
| 190 |
char accessType, Session txSession, boolean checkPassword) {
|
|
| 203 | 191 |
|
| 204 | 192 |
final String userAlias = user.getUserAlias(); |
| 205 |
final String doubleHashedPassword = user.getPcipherText(); |
|
| 206 | 193 |
|
| 207 |
// check if password is similar to user alias |
|
| 208 |
if (userAlias.equalsIgnoreCase(doubleHashedPassword)) {
|
|
| 209 |
return MinimalConstants.ERR_PASSWORD_SAMEAS_USERALIAS; |
|
| 210 |
} |
|
| 211 | 194 |
int rc; |
| 212 | 195 |
try {
|
| 213 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, |
|
| 214 |
hashedSecretKey, txSession); |
|
| 196 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, hashedSecretKey, txSession); |
|
| 215 | 197 |
|
| 216 | 198 |
final Integer appId = checkResult.invokerAppId; |
| 217 | 199 |
if (appId == null && !checkResult.hasUPassAdminAccess()) {
|
| ... | ... | |
| 221 | 203 |
} else {
|
| 222 | 204 |
user.setUserType(MinimalConstants.UTYPE_STATE_USER); |
| 223 | 205 |
user.setPstate(MinimalConstants.UID_STATE_ACTIVE); |
| 224 |
rc = createUserAndGrantAccessToApp(user, appId.intValue(),
|
|
| 225 |
accessType, txSession, checkPassword); |
|
| 206 |
rc = createUserAndGrantAccessToApp( |
|
| 207 |
user, appId.intValue(), accessType, txSession, checkPassword);
|
|
| 226 | 208 |
} |
| 227 | 209 |
|
| 228 | 210 |
} catch (UPassException e) {
|
| ... | ... | |
| 237 | 219 |
return rc; |
| 238 | 220 |
} |
| 239 | 221 |
|
| 240 |
private int createUserAndGrantAccessToApp(MinimalUserBean user, int appId, |
|
| 241 |
char accessType, Session txSession, boolean checkPassword) {
|
|
| 222 |
private int createUserAndGrantAccessToApp( |
|
| 223 |
MinimalUserBean user, int appId, char accessType, |
|
| 224 |
Session txSession, boolean checkPassword) {
|
|
| 242 | 225 |
|
| 243 | 226 |
int rc; |
| 244 |
CreateUserService.ReturnBundle creationResult = createUserService
|
|
| 245 |
.addUser(user, txSession, checkPassword); |
|
| 227 |
CreateUserService.ReturnBundle creationResult = |
|
| 228 |
createUserService.addUser(user, txSession, checkPassword);
|
|
| 246 | 229 |
|
| 247 | 230 |
rc = creationResult.getCode(); |
| 248 | 231 |
if (rc == MinimalConstants.ERR_SUCCESS) {
|
| 249 | 232 |
final long userId = creationResult.getUserId().longValue(); |
| 250 |
boolean granted = appAccessMgtService.grantAppAccessToUser(userId,
|
|
| 251 |
appId, accessType, txSession); |
|
| 233 |
boolean granted = appAccessMgtService.grantAppAccessToUser( |
|
| 234 |
userId, appId, accessType, txSession);
|
|
| 252 | 235 |
|
| 253 |
rc = granted ? MinimalConstants.ERR_SUCCESS |
|
| 236 |
rc = granted ? |
|
| 237 |
MinimalConstants.ERR_SUCCESS |
|
| 254 | 238 |
: MinimalConstants.ERR_SYSTEM_NOT_READY; |
| 255 | 239 |
} |
| 256 | 240 |
return rc; |
| 257 | 241 |
} |
| 258 | 242 |
|
| 259 | 243 |
/** |
| 260 |
* Because of the ability to choose the target app, this method is meant for
|
|
| 261 |
* USS only. |
|
| 244 |
* Because of the ability to choose the target app, |
|
| 245 |
* this method is meant for USS only.
|
|
| 262 | 246 |
* |
| 263 | 247 |
* @see #addUser(String, String, MinimalUserBean, char, Session) |
| 264 | 248 |
*/ |
| 265 |
public int addUser(String adminUsername, String adminPassword,
|
|
| 266 |
MinimalUserBean user, char accessType, int targetAppId,
|
|
| 267 |
Session txSession, boolean checkPassword) {
|
|
| 249 |
public int addUser( |
|
| 250 |
String adminUsername, String adminPassword, MinimalUserBean user,
|
|
| 251 |
char accessType, int targetAppId, Session txSession, boolean checkPassword) {
|
|
| 268 | 252 |
|
| 269 | 253 |
final String userAlias = user.getUserAlias(); |
| 270 |
final String doubleHashedPassword = user.getPcipherText(); |
|
| 271 |
|
|
| 272 |
// check if password is similar to user alias |
|
| 273 |
if (userAlias.equalsIgnoreCase(doubleHashedPassword)) {
|
|
| 274 |
return MinimalConstants.ERR_PASSWORD_SAMEAS_USERALIAS; |
|
| 275 |
} |
|
| 276 | 254 |
int rc; |
| 277 | 255 |
try {
|
| 278 |
AccessCheckResult checkResult = checkAppAccess(adminUsername, |
|
| 279 |
adminPassword, txSession); |
|
| 256 |
AccessCheckResult checkResult = checkAppAccess(adminUsername, adminPassword, txSession); |
|
| 280 | 257 |
|
| 281 | 258 |
if (!checkResult.hasUPassAdminAccess()) |
| 282 | 259 |
rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED; |
| ... | ... | |
| 284 | 261 |
else {
|
| 285 | 262 |
user.setUserType(MinimalConstants.UTYPE_STATE_USER); |
| 286 | 263 |
user.setPstate(MinimalConstants.UID_STATE_ACTIVE); |
| 287 |
rc = createUserAndGrantAccessToApp(user, targetAppId,
|
|
| 288 |
accessType, txSession, checkPassword); |
|
| 264 |
rc = createUserAndGrantAccessToApp( |
|
| 265 |
user, targetAppId, accessType, txSession, checkPassword);
|
|
| 289 | 266 |
} |
| 290 | 267 |
} catch (MultipleAppAccessesFound e) {
|
| 291 | 268 |
rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED; |
| ... | ... | |
| 300 | 277 |
} |
| 301 | 278 |
|
| 302 | 279 |
/** |
| 303 |
* This method verify static password generated using |
|
| 304 |
* SP_ChangeStaticPassword(). |
|
| 280 |
* This method verify static password generated using SP_ChangeStaticPassword(). |
|
| 305 | 281 |
* |
| 306 | 282 |
* @param userAlias |
| 307 | 283 |
* @param password |
| ... | ... | |
| 310 | 286 |
* ERR_SYSTEM_NOT_READY<br/> |
| 311 | 287 |
* ERR_USERALIAS_NOT_FOUND <br/> |
| 312 | 288 |
* ERR_INVALID_STATE - user not active or temporary suspended.<br/> |
| 313 |
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the |
|
| 314 |
* user type.<br/> |
|
| 289 |
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/> |
|
| 315 | 290 |
* ERR_EXCEED_MAX_TRIES - used ModifyUser to reset password.<br/> |
| 316 | 291 |
* ERR_INVALID_CREDENTIAL<br/> |
| 317 |
* ERR_PASSWD_EXPIRED - password is valid but expired, suggest to |
|
| 318 |
* change new password.<br/> |
|
| 292 |
* ERR_PASSWD_EXPIRED - password is valid but expired, suggest to change new password.<br/> |
|
| 319 | 293 |
*/ |
| 320 | 294 |
public int SP_VerifyStaticPassword(String userAlias, String password) {
|
| 321 |
int rc = verifyStaticPasswordService.verifyStaticPassword(userAlias, |
|
| 322 |
password, false, 0); |
|
| 323 |
logger.info("SP_VerifyStaticPassword - user alias: [" + userAlias
|
|
| 324 |
+ "] Return: " + rc); |
|
| 295 |
int rc = verifyStaticPasswordService.verifyStaticPassword(userAlias, password, false, 0); |
|
| 296 |
logger.info("SP_VerifyStaticPassword - user alias: [" + userAlias + "] Return: " + rc);
|
|
| 325 | 297 |
return rc; |
| 326 | 298 |
} |
| 327 | 299 |
|
| 328 |
public int verifyStaticPassword_withAppChecked(String appAccessId, |
|
| 329 |
String hashedSecretKey, String username, String hashedPassword) {
|
|
| 300 |
public int verifyStaticPassword_withAppChecked( |
|
| 301 |
String appAccessId, String hashedSecretKey, |
|
| 302 |
String username, String hashedPassword) {
|
|
| 330 | 303 |
|
| 331 | 304 |
int rc; |
| 332 | 305 |
try {
|
| 333 | 306 |
checkAppAccessToUser(appAccessId, hashedSecretKey, username, null); |
| 334 |
rc = verifyStaticPasswordService.verifyStaticPassword(username,
|
|
| 335 |
hashedPassword, false, 0); |
|
| 307 |
rc = verifyStaticPasswordService.verifyStaticPassword( |
|
| 308 |
username, hashedPassword, false, 0);
|
|
| 336 | 309 |
|
| 337 | 310 |
} catch (MultipleAppAccessesFound e) {
|
| 338 | 311 |
rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED; |
| ... | ... | |
| 342 | 315 |
rc = e.getErrorCode(); |
| 343 | 316 |
e.printStackTrace(); |
| 344 | 317 |
} |
| 345 |
logger.info("verifyStaticPassword_withAppChecked - user alias: ["
|
|
| 346 |
+ username + "] Return: " + rc); |
|
| 318 |
logger.info("verifyStaticPassword_withAppChecked - user alias: [" + username + "] Return: " + rc);
|
|
| 347 | 319 |
return rc; |
| 348 | 320 |
} |
| 349 | 321 |
|
| ... | ... | |
| 351 | 323 |
* This method to Modify online users to the system |
| 352 | 324 |
* |
| 353 | 325 |
* @param adminUserAlias |
| 354 |
* @param adminUserPassword
|
|
| 326 |
* @param adminHashedPassword
|
|
| 355 | 327 |
* @param userAlias |
| 356 | 328 |
* @param userDesc |
| 357 | 329 |
* - can be null - Null denotes no description will be modified. |
| 358 |
* @param userPassword |
|
| 330 |
* @param userHashedPassword
|
|
| 359 | 331 |
* - can be null - Null denotes no password will be modified. |
| 360 | 332 |
* @return ERR_code defined in the Constants<br/> |
| 361 | 333 |
* ERR_SUCCESS<br/> |
| 362 | 334 |
* ERR_SYSTEM_NOT_READY<br/> |
| 363 | 335 |
* ERR_USERALIAS_NOT_FOUND <br/> |
| 364 | 336 |
* ERR_INVALID_STATE - admin not active or temporary suspended.<br/> |
| 365 |
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the |
|
| 366 |
* user type.<br/> |
|
| 337 |
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/> |
|
| 367 | 338 |
* ERR_EXCEED_MAX_TRIES<br/> |
| 368 | 339 |
* ERR_INVALID_CREDENTIAL<br/> |
| 369 | 340 |
* ERR_INVALID_INPUT - internal error.<br/> |
| 370 | 341 |
* ERR_USERALIAS_NOT_FOUND<br/> |
| 371 |
* ERR_INVALID_USERALIAS - User alias does not match with defined |
|
| 372 |
* pattern <br/> |
|
| 342 |
* ERR_INVALID_USERALIAS - User alias does not match with defined pattern <br/> |
|
| 373 | 343 |
* ERR_REUSED_PASSWD - the password entered was used previously.<br/> |
| 374 | 344 |
*/ |
| 375 |
public int UA_ModifyUser(String adminUserAlias, String adminUserPassword, |
|
| 376 |
String userAlias, String userDesc, String userPassword) {
|
|
| 345 |
public int UA_ModifyUser( |
|
| 346 |
String adminUserAlias, String adminHashedPassword, |
|
| 347 |
String userAlias, String userDesc, String userHashedPassword) {
|
|
| 377 | 348 |
|
| 378 | 349 |
// check if password is similar to user alias |
| 379 |
if (userAlias.equalsIgnoreCase(userPassword)) {
|
|
| 350 |
if (userAlias.equalsIgnoreCase(userHashedPassword)) {
|
|
| 380 | 351 |
return MinimalConstants.ERR_PASSWORD_SAMEAS_USERALIAS; |
| 381 | 352 |
} |
| 382 | 353 |
|
| 383 | 354 |
int rc = verifyStaticPasswordService.verifyStaticPassword( |
| 384 |
adminUserAlias, adminUserPassword, true,
|
|
| 355 |
adminUserAlias, adminHashedPassword, true,
|
|
| 385 | 356 |
MinimalConstants.UTYPE_STATE_ADMIN); |
| 386 | 357 |
|
| 387 | 358 |
if (rc != MinimalConstants.ERR_SUCCESS) {
|
| ... | ... | |
| 389 | 360 |
} |
| 390 | 361 |
|
| 391 | 362 |
rc = modifyUserService.modifyUser(userAlias, |
| 392 |
MinimalConstants.UTYPE_STATE_USER, userDesc, userPassword, |
|
| 363 |
MinimalConstants.UTYPE_STATE_USER, userDesc, userHashedPassword,
|
|
| 393 | 364 |
MinimalConstants.UID_STATE_ACTIVE); |
| 394 | 365 |
|
| 395 | 366 |
logger.info("UA_ModifyUser - user alias: [" + userAlias + "] Return: "
|
| ... | ... | |
| 398 | 369 |
return rc; |
| 399 | 370 |
} |
| 400 | 371 |
|
| 401 |
public int updateProfileShallowly(String appAccessId, |
|
| 402 |
String hashedSecretKey, UserProfile profile, Session txSession) |
|
| 372 |
public int updateProfileShallowly( |
|
| 373 |
String appAccessId, String hashedSecretKey, |
|
| 374 |
UserProfile profile, Session txSession) |
|
| 403 | 375 |
throws UPassException {
|
| 404 | 376 |
|
| 405 | 377 |
MinimalUserBean user = profile.getMinUser(); |
| ... | ... | |
| 407 | 379 |
|
| 408 | 380 |
int rc; |
| 409 | 381 |
try {
|
| 410 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, |
|
| 411 |
hashedSecretKey, txSession); |
|
| 382 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, hashedSecretKey, txSession); |
|
| 412 | 383 |
|
| 413 | 384 |
final Integer invokingAppId = checkResult.invokerAppId; |
| 414 | 385 |
|
| 415 |
final Object appIdObj = AppAccessMgtService.profileToAppMap |
|
| 416 |
.get(profile.getClass()); |
|
| 386 |
final Object appIdObj = AppAccessMgtService.profileToAppMap.get(profile.getClass()); |
|
| 417 | 387 |
final int appIdForProfile = ((Integer) appIdObj).intValue(); |
| 418 | 388 |
|
| 419 | 389 |
boolean permitted = true; |
| ... | ... | |
| 425 | 395 |
} else if (invokingAppId.intValue() != appIdForProfile) {
|
| 426 | 396 |
permitted = false; |
| 427 | 397 |
} |
| 428 |
rc = permitted ? modifyUserService.updateProfileShallowly(profile, |
|
| 429 |
txSession) : MinimalConstants.ERR_APP_SERV_NOT_PERMITTED; |
|
| 398 |
rc = permitted ? |
|
| 399 |
modifyUserService.updateProfileShallowly(profile, txSession) |
|
| 400 |
: MinimalConstants.ERR_APP_SERV_NOT_PERMITTED; |
|
| 430 | 401 |
|
| 431 | 402 |
} catch (MultipleAppAccessesFound e) {
|
| 432 | 403 |
rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED; |
| 433 | 404 |
e.printStackTrace(); |
| 434 | 405 |
} |
| 435 |
logger.info("updateProfileShallowly - user alias: [" + userAlias
|
|
| 436 |
+ "] Return: " + rc); |
|
| 406 |
logger.info("updateProfileShallowly - user alias: [" + userAlias + "] Return: " + rc);
|
|
| 437 | 407 |
return rc; |
| 438 | 408 |
} |
| 439 | 409 |
|
| 440 | 410 |
/** |
| 441 |
* This method generate static password and to be using |
|
| 442 |
* SP_VerifyStaticPassword() |
|
| 411 |
* This method generate static password and to be using SP_VerifyStaticPassword() |
|
| 443 | 412 |
* |
| 444 | 413 |
* @param userAlias |
| 445 | 414 |
* @param newPassword |
| ... | ... | |
| 449 | 418 |
* ERR_SYSTEM_NOT_READY<br/> |
| 450 | 419 |
* ERR_USERALIAS_NOT_FOUND<br/> |
| 451 | 420 |
* ERR_INVALID_STATE - user not active or temporary suspended.<br/> |
| 452 |
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the |
|
| 453 |
* user type.<br/> |
|
| 421 |
* ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/> |
|
| 454 | 422 |
* ERR_EXCEED_MAX_TRIES - used ModifyUser to reset password.<br/> |
| 455 | 423 |
* ERR_INVALID_CREDENTIAL<br/> |
| 456 | 424 |
* ERR_REUSED_PASSWD - reuse previous generated password.<br/> |
| 457 | 425 |
*/ |
| 458 |
public int SP_ChangeStaticPassword(String userAlias, String newPassword, |
|
| 459 |
String oldPassword) {
|
|
| 460 |
int rc = changeStaticPasswordService.changeStaticPassword(userAlias, |
|
| 461 |
newPassword, oldPassword, true); |
|
| 462 |
logger.info("SP_ChangeStaticPassword - user alias: [" + userAlias
|
|
| 463 |
+ "] Return: " + rc); |
|
| 426 |
public int SP_ChangeStaticPassword(String userAlias, String newPassword, String oldPassword) {
|
|
| 427 |
int rc = changeStaticPasswordService.changeStaticPassword(userAlias, newPassword, oldPassword, true); |
|
| 428 |
logger.info("SP_ChangeStaticPassword - user alias: [" + userAlias + "] Return: " + rc);
|
|
| 464 | 429 |
return rc; |
| 465 | 430 |
} |
| 466 | 431 |
|
| 467 |
public int changeStaticPassword_withAppChecked(String appAccessId,
|
|
| 468 |
String hashedSecretKey, String username, String newHashedPassword,
|
|
| 469 |
String oldHashedPassword) {
|
|
| 432 |
public int changeStaticPassword_withAppChecked( |
|
| 433 |
String appAccessId, String hashedSecretKey,
|
|
| 434 |
String username, String newHashedPassword, String oldHashedPassword) {
|
|
| 470 | 435 |
|
| 471 | 436 |
int rc; |
| 472 | 437 |
try {
|
| 473 | 438 |
checkAppAccessToUser(appAccessId, hashedSecretKey, username, null); |
| 474 |
rc = changeStaticPasswordService.changeStaticPassword(username,
|
|
| 475 |
newHashedPassword, oldHashedPassword, true); |
|
| 439 |
rc = changeStaticPasswordService.changeStaticPassword( |
|
| 440 |
username, newHashedPassword, oldHashedPassword, true);
|
|
| 476 | 441 |
|
| 477 | 442 |
} catch (MultipleAppAccessesFound e) {
|
| 478 | 443 |
rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED; |
| ... | ... | |
| 482 | 447 |
rc = e.getErrorCode(); |
| 483 | 448 |
e.printStackTrace(); |
| 484 | 449 |
} |
| 485 |
logger.info("changeStaticPassword_withAppChecked - user alias: ["
|
|
| 486 |
+ username + "] Return: " + rc); |
|
| 450 |
logger.info("changeStaticPassword_withAppChecked - user alias: [" + username + "] Return: " + rc);
|
|
| 487 | 451 |
return rc; |
| 488 | 452 |
} |
| 489 | 453 |
|
| 490 |
public int resetPassword_withAppChecked(String appAccessId, |
|
| 491 |
String hashedSecretKey, String username, String newHashedPassword) {
|
|
| 454 |
public int resetPassword_withAppChecked( |
|
| 455 |
String appAccessId, String hashedSecretKey, |
|
| 456 |
String username, String newHashedPassword) {
|
|
| 492 | 457 |
|
| 493 | 458 |
int rc; |
| 494 | 459 |
try {
|
| 495 | 460 |
checkAppAccessToUser(appAccessId, hashedSecretKey, username, null); |
| 496 |
rc = modifyUserService.modifyUser(username,
|
|
| 497 |
MinimalConstants.UTYPE_STATE_USER, "", newHashedPassword,
|
|
| 498 |
MinimalConstants.UID_STATE_ACTIVE); |
|
| 461 |
rc = modifyUserService.modifyUser( |
|
| 462 |
username, MinimalConstants.UTYPE_STATE_USER, "",
|
|
| 463 |
newHashedPassword, MinimalConstants.UID_STATE_ACTIVE);
|
|
| 499 | 464 |
|
| 500 | 465 |
} catch (MultipleAppAccessesFound e) {
|
| 501 | 466 |
rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED; |
| ... | ... | |
| 505 | 470 |
rc = e.getErrorCode(); |
| 506 | 471 |
e.printStackTrace(); |
| 507 | 472 |
} |
| 508 |
logger.info("resetPassword_withAppChecked - user alias: [" + username
|
|
| 509 |
+ "] Return: " + rc); |
|
| 473 |
logger.info("resetPassword_withAppChecked - user alias: [" + username + "] Return: " + rc);
|
|
| 510 | 474 |
return rc; |
| 511 | 475 |
} |
| 512 | 476 |
|
| ... | ... | |
| 531 | 495 |
} |
| 532 | 496 |
} |
| 533 | 497 |
|
| 534 |
protected AccessCheckResult checkAppAccessToUser(String appAccessId,
|
|
| 535 |
String hashedSecretKey, String username, final Session txSession) |
|
| 498 |
protected AccessCheckResult checkAppAccessToUser( |
|
| 499 |
String appAccessId, String hashedSecretKey, String username, final Session txSession)
|
|
| 536 | 500 |
throws MultipleAppAccessesFound, UPassException {
|
| 537 | 501 |
|
| 538 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, |
|
| 539 |
hashedSecretKey, txSession); |
|
| 502 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, hashedSecretKey, txSession); |
|
| 540 | 503 |
|
| 541 | 504 |
if (checkResult.hasUPassAdminAccess()) |
| 542 | 505 |
return checkResult; |
| 543 | 506 |
|
| 544 |
List appIdsForUser = appAccessMgtService.listAppIdsForUser(username, |
|
| 545 |
txSession); |
|
| 546 |
int retCode = !appIdsForUser.isEmpty() ? appIdsForUser |
|
| 547 |
.contains(checkResult.invokerAppId) ? MinimalConstants.ERR_SUCCESS |
|
| 548 |
: MinimalConstants.ERR_APP_SERV_NOT_PERMITTED |
|
| 549 |
: MinimalConstants.ERR_USERALIAS_NOT_FOUND; |
|
| 507 |
List appIdsForUser = appAccessMgtService.listAppIdsForUser(username, txSession); |
|
| 508 |
int retCode = |
|
| 509 |
!appIdsForUser.isEmpty() ? |
|
| 510 |
appIdsForUser.contains(checkResult.invokerAppId) ? |
|
| 511 |
MinimalConstants.ERR_SUCCESS |
|
| 512 |
: MinimalConstants.ERR_APP_SERV_NOT_PERMITTED |
|
| 513 |
: MinimalConstants.ERR_USERALIAS_NOT_FOUND; |
|
| 550 | 514 |
|
| 551 | 515 |
if (retCode != MinimalConstants.ERR_SUCCESS) |
| 552 | 516 |
throw new UPassException(retCode); |
| ... | ... | |
| 554 | 518 |
return checkResult; |
| 555 | 519 |
} |
| 556 | 520 |
|
| 557 |
public AccessCheckResult checkAppAccess(String appAccessId,
|
|
| 558 |
String hashedSecretKey, final Session txSession) |
|
| 521 |
public AccessCheckResult checkAppAccess( |
|
| 522 |
String appAccessId, String hashedSecretKey, final Session txSession)
|
|
| 559 | 523 |
throws UPassException, MultipleAppAccessesFound {
|
| 560 | 524 |
|
| 561 |
ReturnBundle ret = verifyStaticPasswordService |
|
| 562 |
.verifyStaticPassword_returnUser(appAccessId, hashedSecretKey, |
|
| 563 |
false, 0, txSession); |
|
| 525 |
ReturnBundle ret = verifyStaticPasswordService.verifyStaticPassword_returnUser( |
|
| 526 |
appAccessId, hashedSecretKey, false, 0, txSession); |
|
| 564 | 527 |
|
| 565 | 528 |
final int retCode = ret.getCode(); |
| 566 | 529 |
if (retCode != MinimalConstants.ERR_SUCCESS) |
| ... | ... | |
| 572 | 535 |
if (result.hasUPassAdminAccess()) |
| 573 | 536 |
return result; |
| 574 | 537 |
|
| 575 |
result.invokerAppId = appAccessMgtService.getAppIdForAdmin(appAccessId, |
|
| 576 |
txSession); |
|
| 538 |
result.invokerAppId = appAccessMgtService.getAppIdForAdmin(appAccessId, txSession); |
|
| 577 | 539 |
return result; |
| 578 | 540 |
} |
| 579 | 541 |
|
| ... | ... | |
| 583 | 545 |
* |
| 584 | 546 |
* @see #findProfile(String, String, String, Integer, Session) |
| 585 | 547 |
*/ |
| 586 |
public UserProfile findProfile(String appAccessId, String hashedSecretKey, |
|
| 587 |
String username, Session txSession) throws UPassException {
|
|
| 548 |
public UserProfile findProfile( |
|
| 549 |
String appAccessId, String hashedSecretKey, |
|
| 550 |
String username, Session txSession) |
|
| 551 |
throws UPassException {
|
|
| 588 | 552 |
|
| 589 |
return findProfile(appAccessId, hashedSecretKey, username, null, |
|
| 590 |
txSession); |
|
| 553 |
return findProfile(appAccessId, hashedSecretKey, username, null, txSession); |
|
| 591 | 554 |
} |
| 592 | 555 |
|
| 593 | 556 |
/** |
| 594 |
* Because of the ability to choose the target app, this method is meant for
|
|
| 595 |
* USS mainly. |
|
| 557 |
* Because of the ability to choose the target app, |
|
| 558 |
* this method is meant for USS mainly.
|
|
| 596 | 559 |
* |
| 597 | 560 |
* @see #findProfile(String, String, String, Session) |
| 598 | 561 |
*/ |
| 599 |
public UserProfile findProfile(String appAccessId, String hashedSecretKey, |
|
| 562 |
public UserProfile findProfile( |
|
| 563 |
String appAccessId, String hashedSecretKey, |
|
| 600 | 564 |
String username, Integer targetAppId, Session txSession) |
| 601 | 565 |
throws UPassException {
|
| 602 | 566 |
|
| 603 | 567 |
try {
|
| 604 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, |
|
| 605 |
hashedSecretKey, txSession); |
|
| 568 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, hashedSecretKey, txSession); |
|
| 606 | 569 |
final boolean upassAdmin = checkResult.hasUPassAdminAccess(); |
| 607 | 570 |
if (upassAdmin) {
|
| 608 | 571 |
if (targetAppId == null) |
| ... | ... | |
| 610 | 573 |
|
| 611 | 574 |
} else {
|
| 612 | 575 |
if (checkResult.invokerAppId == null) |
| 613 |
throw new UPassException( |
|
| 614 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED); |
|
| 576 |
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED); |
|
| 615 | 577 |
|
| 616 | 578 |
if (targetAppId == null) {
|
| 617 | 579 |
targetAppId = checkResult.invokerAppId; |
| 618 | 580 |
|
| 619 | 581 |
} else if (!targetAppId.equals(checkResult.invokerAppId)) {
|
| 620 |
throw new UPassException( |
|
| 621 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED); |
|
| 582 |
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED); |
|
| 622 | 583 |
} |
| 623 | 584 |
} |
| 624 | 585 |
List profiles = modifyUserService.listProfiles(username, txSession); |
| 625 |
for (Iterator profileIter = profiles.iterator(); profileIter |
|
| 626 |
.hasNext();) {
|
|
| 586 |
for (Iterator profileIter = profiles.iterator(); profileIter.hasNext();) {
|
|
| 627 | 587 |
UserProfile profile = (UserProfile) profileIter.next(); |
| 628 | 588 |
|
| 629 |
final Integer appIdForProfile = (Integer) AppAccessMgtService.profileToAppMap
|
|
| 630 |
.get(profile.getClass()); |
|
| 589 |
final Integer appIdForProfile = (Integer) AppAccessMgtService |
|
| 590 |
.profileToAppMap.get(profile.getClass());
|
|
| 631 | 591 |
|
| 632 | 592 |
if (targetAppId.equals(appIdForProfile)) {
|
| 633 | 593 |
return profile; |
| ... | ... | |
| 636 | 596 |
return null; |
| 637 | 597 |
|
| 638 | 598 |
} catch (MultipleAppAccessesFound e) {
|
| 639 |
throw new UPassException( |
|
| 640 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED, e); |
|
| 599 |
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED, e); |
|
| 641 | 600 |
} |
| 642 | 601 |
} |
| 643 | 602 |
|
| 644 |
public List/* <UserProfile> */listProfilesByExamples(String appAccessId, |
|
| 645 |
String hashedSecretKey, List/* <UserProfile> */exampleProfiles, |
|
| 646 |
Session txSession) throws UPassException {
|
|
| 603 |
public List/* <UserProfile> */listProfilesByExamples( |
|
| 604 |
String appAccessId, String hashedSecretKey, |
|
| 605 |
List/* <UserProfile> */exampleProfiles, Session txSession) |
|
| 606 |
throws UPassException {
|
|
| 647 | 607 |
|
| 648 |
return listProfilesByExamples(appAccessId, hashedSecretKey, |
|
| 649 |
exampleProfiles, null, txSession); |
|
| 608 |
return listProfilesByExamples(appAccessId, hashedSecretKey, exampleProfiles, null, txSession); |
|
| 650 | 609 |
} |
| 651 | 610 |
|
| 652 |
public List/* <UserProfile> */listProfilesByExamples(String appAccessId, |
|
| 653 |
String hashedSecretKey, List/* <UserProfile> */exampleProfiles, |
|
| 654 |
Integer targetAppId, Session txSession) throws UPassException {
|
|
| 611 |
public List/* <UserProfile> */listProfilesByExamples( |
|
| 612 |
String appAccessId, String hashedSecretKey, |
|
| 613 |
List/* <UserProfile> */exampleProfiles, Integer targetAppId, Session txSession) |
|
| 614 |
throws UPassException {
|
|
| 655 | 615 |
|
| 656 | 616 |
try {
|
| 657 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, |
|
| 658 |
hashedSecretKey, txSession); |
|
| 617 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, hashedSecretKey, txSession); |
|
| 659 | 618 |
final boolean upassAdmin = checkResult.hasUPassAdminAccess(); |
| 660 | 619 |
if (!upassAdmin) {
|
| 661 | 620 |
if (checkResult.invokerAppId == null) |
| 662 |
throw new UPassException( |
|
| 663 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED); |
|
| 621 |
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED); |
|
| 664 | 622 |
|
| 665 | 623 |
if (targetAppId == null) {
|
| 666 | 624 |
targetAppId = checkResult.invokerAppId; |
| 667 | 625 |
|
| 668 | 626 |
} else if (!targetAppId.equals(checkResult.invokerAppId)) {
|
| 669 |
throw new UPassException( |
|
| 670 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED); |
|
| 627 |
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED); |
|
| 671 | 628 |
} |
| 672 | 629 |
} |
| 673 |
List profiles = modifyUserService.listProfilesByExamples( |
|
| 674 |
exampleProfiles, txSession); |
|
| 630 |
List profiles = modifyUserService.listProfilesByExamples(exampleProfiles, txSession); |
|
| 675 | 631 |
if (targetAppId != null) |
| 676 |
for (Iterator iterator = profiles.iterator(); iterator |
|
| 677 |
.hasNext();) {
|
|
| 632 |
for (Iterator iterator = profiles.iterator(); iterator.hasNext();) {
|
|
| 678 | 633 |
UserProfile profile = (UserProfile) iterator.next(); |
| 679 | 634 |
|
| 680 |
final Integer appIdForProfile = (Integer) AppAccessMgtService.profileToAppMap
|
|
| 681 |
.get(profile.getClass()); |
|
| 635 |
final Integer appIdForProfile = (Integer) AppAccessMgtService |
|
| 636 |
.profileToAppMap.get(profile.getClass());
|
|
| 682 | 637 |
|
| 683 | 638 |
if (!targetAppId.equals(appIdForProfile)) |
| 684 | 639 |
iterator.remove(); |
| ... | ... | |
| 686 | 641 |
return profiles; |
| 687 | 642 |
|
| 688 | 643 |
} catch (MultipleAppAccessesFound e) {
|
| 689 |
throw new UPassException( |
|
| 690 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED, e); |
|
| 644 |
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED, e); |
|
| 691 | 645 |
} |
| 692 | 646 |
} |
| 693 | 647 |
|
| 694 |
public List/* <UserProfile> */listProfilesByExamples(String appAccessId,
|
|
| 695 |
String hashedSecretKey, List/* <UserProfile> */exampleProfiles,
|
|
| 696 |
Date fromDate, Date toDate, Session txSession) |
|
| 648 |
public List/* <UserProfile> */listProfilesByExamples( |
|
| 649 |
String appAccessId, String hashedSecretKey,
|
|
| 650 |
List/* <UserProfile> */exampleProfiles, Date fromDate, Date toDate, Session txSession)
|
|
| 697 | 651 |
throws UPassException {
|
| 698 | 652 |
|
| 699 | 653 |
try {
|
| 700 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, |
|
| 701 |
hashedSecretKey, txSession); |
|
| 654 |
AccessCheckResult checkResult = checkAppAccess(appAccessId, hashedSecretKey, txSession); |
|
| 702 | 655 |
final boolean upassAdmin = checkResult.hasUPassAdminAccess(); |
| 703 | 656 |
if (!upassAdmin) {
|
| 704 | 657 |
if (checkResult.invokerAppId == null) |
| 705 |
throw new UPassException( |
|
| 706 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED); |
|
| 658 |
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED); |
|
| 707 | 659 |
} |
| 708 |
List profiles = modifyUserService.listProfilesByExamples( |
|
| 709 |
exampleProfiles, fromDate, toDate, txSession); |
|
| 660 |
List profiles = modifyUserService.listProfilesByExamples(exampleProfiles, fromDate, toDate, txSession); |
|
| 710 | 661 |
|
| 711 | 662 |
return profiles; |
| 712 | 663 |
|
| 713 | 664 |
} catch (MultipleAppAccessesFound e) {
|
| 714 |
throw new UPassException( |
|
| 715 |
MinimalConstants.ERR_APP_SERV_NOT_PERMITTED, e); |
|
| 665 |
throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED, e); |
|
| 716 | 666 |
} |
| 717 | 667 |
} |
| 718 | 668 |
|
| ... | ... | |
| 721 | 671 |
if (maybankLdapDAO == null) {
|
| 722 | 672 |
Resource resource = new ClassPathResource("spring-ldap.xml");
|
| 723 | 673 |
BeanFactory factory = new XmlBeanFactory(resource); |
| 724 |
maybankLdapDAO = (MaybankLdapDAO) factory |
|
| 725 |
.getBean("maybankLdap");
|
|
| 674 |
maybankLdapDAO = (MaybankLdapDAO) factory.getBean("maybankLdap");
|
|
| 726 | 675 |
} |
| 727 | 676 |
|
| 728 | 677 |
return maybankLdapDAO; |
| src/main/java/my/com/upass/pojo/MinimalUserBean.java | ||
|---|---|---|
| 3 | 3 |
import java.io.Serializable; |
| 4 | 4 |
import java.util.Date; |
| 5 | 5 |
|
| 6 |
import my.com.upass.spassword.PasswordController; |
|
| 7 |
|
|
| 8 |
import org.apache.commons.lang.ObjectUtils; |
|
| 9 |
|
|
| 6 | 10 |
public class MinimalUserBean implements Serializable {
|
| 7 | 11 |
|
| 8 | 12 |
private static final long serialVersionUID = 1L; |
| ... | ... | |
| 18 | 22 |
private int ustate; |
| 19 | 23 |
private Date udateLockedFrom; |
| 20 | 24 |
private Date udateLockedTo; |
| 21 |
private String pcipherText;
|
|
| 25 |
private String doubleHashedPassword;
|
|
| 22 | 26 |
private int pstate; |
| 23 | 27 |
private Date pdateCreated; |
| 24 | 28 |
private Date pdateFirstUsed; |
| ... | ... | |
| 28 | 32 |
private String phistoryList; |
| 29 | 33 |
private int pexpiredStatus; |
| 30 | 34 |
private Date pdateExpired; |
| 31 |
//private Integer applicationId; |
|
| 35 |
|
|
| 36 |
// private Integer applicationId; |
|
| 37 |
|
|
| 38 |
private transient String hashedPassword; |
|
| 32 | 39 |
|
| 33 | 40 |
// |
| 34 | 41 |
|
| ... | ... | |
| 129 | 136 |
} |
| 130 | 137 |
|
| 131 | 138 |
public String getPcipherText() {
|
| 132 |
return pcipherText;
|
|
| 139 |
return getDoubleHashedPassword();
|
|
| 133 | 140 |
} |
| 134 | 141 |
|
| 135 | 142 |
public void setPcipherText(String pcipherText) {
|
| 136 |
this.pcipherText = pcipherText;
|
|
| 143 |
setDoubleHashedPassword(pcipherText);
|
|
| 137 | 144 |
} |
| 138 | 145 |
|
| 139 | 146 |
public int getPstate() {
|
| ... | ... | |
| 208 | 215 |
this.pdateExpired = pdateExpired; |
| 209 | 216 |
} |
| 210 | 217 |
|
| 211 |
// public Integer getApplicationId() {
|
|
| 212 |
// return applicationId;
|
|
| 213 |
// }
|
|
| 214 |
// |
|
| 215 |
// public void setApplicationId(Integer applicationId) {
|
|
| 216 |
// this.applicationId = applicationId;
|
|
| 217 |
// }
|
|
| 218 |
// public Integer getApplicationId() {
|
|
| 219 |
// return applicationId;
|
|
| 220 |
// }
|
|
| 221 |
//
|
|
| 222 |
// public void setApplicationId(Integer applicationId) {
|
|
| 223 |
// this.applicationId = applicationId;
|
|
| 224 |
// }
|
|
| 218 | 225 |
|
| 219 | 226 |
// Helper methods |
| 220 | 227 |
|
| ... | ... | |
| 226 | 233 |
setUserAlias(username); |
| 227 | 234 |
} |
| 228 | 235 |
|
| 229 |
public String getHashedPassword() {
|
|
| 230 |
return getPcipherText(); |
|
| 236 |
public String getDoubleHashedPassword() {
|
|
| 237 |
return doubleHashedPassword; |
|
| 238 |
} |
|
| 239 |
|
|
| 240 |
private class BooleanLock {
|
|
| 241 |
private boolean nesting; |
|
| 242 |
} |
|
| 243 |
|
|
| 244 |
private final BooleanLock changeLock = new BooleanLock(); |
|
| 245 |
|
|
| 246 |
public void setDoubleHashedPassword(String doubleHashedPassword) {
|
|
| 247 |
this.doubleHashedPassword = doubleHashedPassword; |
|
| 248 |
synchronized (changeLock) {
|
|
| 249 |
if (!changeLock.nesting) {
|
|
| 250 |
this.hashedPassword = null; |
|
| 251 |
} |
|
| 252 |
} |
|
| 231 | 253 |
} |
| 232 | 254 |
|
| 233 | 255 |
public void setHashedPassword(String hashedPassword) {
|
| 234 |
setPcipherText(hashedPassword); |
|
| 256 |
synchronized (changeLock) {
|
|
| 257 |
changeLock.nesting = true; |
|
| 258 |
this.hashedPassword = hashedPassword; |
|
| 259 |
setDoubleHashedPassword(PasswordController.sha256(userAlias, hashedPassword)); |
|
| 260 |
changeLock.nesting = false; |
|
| 261 |
} |
|
| 262 |
} |
|
| 263 |
|
|
| 264 |
public String getHashedPassword() {
|
|
| 265 |
return hashedPassword; |
|
| 235 | 266 |
} |
| 236 | 267 |
|
| 237 | 268 |
} |
| src/main/java/my/com/upass/services/ChangeStaticPasswordService.java | ||
|---|---|---|
| 14 | 14 |
import java.util.HashMap; |
| 15 | 15 |
import java.util.Map; |
| 16 | 16 |
|
| 17 |
|
|
| 18 |
import org.hibernate.Session; |
|
| 19 |
|
|
| 20 |
import my.com.upass.Config; |
|
| 21 |
import my.com.upass.ConfigBean; |
|
| 22 | 17 |
import my.com.upass.MinimalConstants; |
| 23 | 18 |
import my.com.upass.MinimalUPassControllerV2; |
| 24 | 19 |
import my.com.upass.UPassException; |
| ... | ... | |
| 31 | 26 |
import my.com.upass.spassword.PasswordController; |
| 32 | 27 |
import my.com.upass.spring.ldap.MaybankLdapConstant; |
| 33 | 28 |
|
| 29 |
import org.hibernate.Session; |
|
| 30 |
|
|
| 34 | 31 |
/** |
| 35 | 32 |
* PROGRAMMER: Danniell |
| 36 | 33 |
* CHANGE-NO: |
| ... | ... | |
| 53 | 50 |
this.upc = upc; |
| 54 | 51 |
} |
| 55 | 52 |
|
| 56 |
public int changeStaticPassword(String userAlias, String newPassword, String oldPassword,
|
|
| 57 |
boolean checkChangeInterval)
|
|
| 58 |
{
|
|
| 53 |
public int changeStaticPassword( |
|
| 54 |
String userAlias, String newHashedPassword, String oldHashedPassword, boolean checkChangeInterval) {
|
|
| 55 |
|
|
| 59 | 56 |
int rc = MinimalConstants.ERR_SYSTEM_NOT_READY; |
| 60 | 57 |
|
| 61 |
try |
|
| 62 |
{
|
|
| 58 |
try {
|
|
| 63 | 59 |
UserDAO userDao = MinimalDAOFactory.minimalInstance().getUserDAO(); |
| 64 | 60 |
MinimalUserBean userBean = userDao.getUserFromStore(userAlias, null); |
| 65 | 61 |
|
| 66 |
if (userBean == null) |
|
| 67 |
{
|
|
| 62 |
if (userBean == null) {
|
|
| 68 | 63 |
return MinimalConstants.ERR_USERALIAS_NOT_FOUND; |
| 69 | 64 |
} |
| 70 |
|
|
| 71 | 65 |
userBean.getPdateCreated(); |
| 66 |
|
|
| 67 |
String newPlainPassword = null; |
|
| 72 | 68 |
|
| 73 | 69 |
// verify user |
| 74 | 70 |
PasswordController pc = MinimalUPassFactory.getPasswordController(userBean, upc.getConfigurationsMap()); |
| 75 |
|
|
| 76 |
if (checkChangeInterval == true) |
|
| 77 |
{
|
|
| 71 |
if (upc.isInMigrationPeriod()) {
|
|
| 72 |
final String oldPlainPassword = oldHashedPassword; |
|
| 73 |
newPlainPassword = newHashedPassword; |
|
| 74 |
oldHashedPassword = PasswordController.sha256(oldPlainPassword); |
|
| 75 |
newHashedPassword = PasswordController.sha256(newPlainPassword); |
|
| 76 |
} |
|
| 77 |
if (checkChangeInterval == true) {
|
|
| 78 | 78 |
rc = pc.checkRegeneratePassword(); |
| 79 |
if (rc == MinimalConstants.ERR_PASSWD_CHANGE_INTERVAL) |
|
| 80 |
{
|
|
| 79 |
if (rc == MinimalConstants.ERR_PASSWD_CHANGE_INTERVAL) {
|
|
| 81 | 80 |
return MinimalConstants.ERR_PASSWD_CHANGE_INTERVAL; |
| 82 | 81 |
} |
| 83 | 82 |
} |
| 84 |
|
|
| 85 |
rc = pc.VerifyPassword(oldPassword); |
|
| 83 |
rc = pc.verifyPassword(oldHashedPassword); |
|
| 86 | 84 |
|
| 87 | 85 |
if (rc == MinimalConstants.ERR_SUCCESS || |
| 88 | 86 |
rc == MinimalConstants.ERR_PASSWD_EXPIRED || |
| 89 |
rc == MinimalConstants.ERR_PASSWD_EXPIRED_NOTIFICATION) |
|
| 90 |
{
|
|
| 91 |
rc = pc.GeneratePassword(newPassword, true);
|
|
| 87 |
rc == MinimalConstants.ERR_PASSWD_EXPIRED_NOTIFICATION) {
|
|
| 88 |
|
|
| 89 |
rc = pc.generatePassword(newHashedPassword, true);
|
|
| 92 | 90 |
} |
| 93 |
|
|
| 94 | 91 |
userBean = (MinimalUserBean) pc.getUpdatedObject(); |
| 95 | 92 |
|
| 96 | 93 |
Session session = null; |
| ... | ... | |
| 103 | 100 |
if (!lrc) {
|
| 104 | 101 |
rc = MinimalConstants.ERR_SYSTEM_NOT_READY; |
| 105 | 102 |
} |
| 106 |
|
|
| 107 | 103 |
// update ldap |
| 108 | 104 |
if (upc.isInMigrationPeriod()) {
|
| 109 | 105 |
Map attrMap = new HashMap(); |
| 110 |
attrMap.put(MaybankLdapConstant.ATTR_PASSWORD, newPassword); |
|
| 106 |
attrMap.put(MaybankLdapConstant.ATTR_PASSWORD, newPlainPassword);
|
|
| 111 | 107 |
MinimalUPassControllerV2.getMaybankLdapDAO().updateUser(userBean.getUserAlias(), attrMap); |
| 112 | 108 |
} |
| 113 |
|
|
| 114 | 109 |
session.getTransaction().commit(); |
| 115 | 110 |
|
| 116 | 111 |
} catch (UPassException e) {
|
| 117 | 112 |
rc = e.getErrorCode(); |
| 118 | 113 |
GenericDAOHibernate.rollbackTransactionIfAny(session); |
| 114 |
|
|
| 119 | 115 |
} finally {
|
| 120 | 116 |
GenericDAOHibernate.closeSessionIfAny(session); |
| 121 | 117 |
} |
| 122 | 118 |
} catch (Exception e) {
|
| 123 | 119 |
e.printStackTrace(); |
| 124 | 120 |
} |
| 125 |
|
|
| 126 | 121 |
return rc; |
| 127 | 122 |
} |
| 128 | 123 |
} |
| src/main/java/my/com/upass/services/CheckPasswordReusedService.java | ||
|---|---|---|
| 35 | 35 |
/** |
| 36 | 36 |
* <Class description> |
| 37 | 37 |
*/ |
| 38 |
public class CheckPasswordReusedService |
|
| 39 |
{
|
|
| 38 |
public class CheckPasswordReusedService {
|
|
| 39 |
|
|
| 40 | 40 |
private MinimalUPassControllerV2 upc; |
| 41 | 41 |
|
| 42 |
public CheckPasswordReusedService(MinimalUPassControllerV2 upc) |
|
| 43 |
{
|
|
| 42 |
public CheckPasswordReusedService(MinimalUPassControllerV2 upc) {
|
|
| 44 | 43 |
this.upc = upc; |
| 45 | 44 |
} |
| 46 | 45 |
|
| 47 |
public int CheckPasswordReused(String userAlias, String password)
|
|
| 48 |
{
|
|
| 46 |
public int checkPasswordReused(String userAlias, String hashedPassword) {
|
|
| 47 |
|
|
| 49 | 48 |
String token; |
| 50 | 49 |
|
| 51 |
if (userAlias == null || password == null) |
|
| 52 |
{
|
|
| 50 |
if (userAlias == null || hashedPassword == null) {
|
|
| 53 | 51 |
return MinimalConstants.ERR_INVALID_INPUT; |
| 54 | 52 |
} |
| 55 |
|
|
| 56 |
try |
|
| 57 |
{
|
|
| 53 |
try {
|
|
| 58 | 54 |
UserDAO userDao = MinimalDAOFactory.minimalInstance().getUserDAO(); |
| 59 | 55 |
MinimalUserBean userBean = userDao.getUserFromStore(userAlias, null); |
| 60 | 56 |
|
| 61 |
if (userBean == null) |
|
| 62 |
{
|
|
| 57 |
if (userBean == null) {
|
|
| 63 | 58 |
return MinimalConstants.ERR_USERALIAS_NOT_FOUND; |
| 64 | 59 |
} |
| 60 |
// verify user state, must be active (not inactive|locked|deleted) |
|
| 61 |
switch (userBean.getUstate()) {
|
|
| 65 | 62 |
|
| 66 |
// verify user state, must be active (not inactive|locked|deleted) |
|
| 67 |
switch (userBean.getUstate()) |
|
| 68 |
{
|
|
| 69 | 63 |
case (MinimalConstants.UID_STATE_ACTIVE): |
| 70 | 64 |
break; |
| 71 | 65 |
case (MinimalConstants.UID_STATE_TMP_LOCKED): |
| 72 | 66 |
Date now = new Date(); |
| 73 |
if (userBean.getUdateLockedTo().after(now)) |
|
| 74 |
{
|
|
| 67 |
if (userBean.getUdateLockedTo().after(now)) {
|
|
| 75 | 68 |
return MinimalConstants.ERR_INVALID_STATE; |
| 76 | 69 |
} |
| 77 | 70 |
break; |
| 78 | 71 |
default: |
| 79 | 72 |
return MinimalConstants.ERR_INVALID_STATE; |
| 80 | 73 |
} |
| 74 |
if (upc.isInMigrationPeriod()) {
|
|
| 75 |
final String plainPassword = hashedPassword; |
|
| 76 |
hashedPassword = PasswordController.sha256(plainPassword); |
|
| 77 |
} |
|
| 78 |
String doubleHashedPassword = PasswordController.sha256(userBean.getUserAlias(), hashedPassword); |
|
| 81 | 79 |
|
| 82 |
PasswordController pc = MinimalUPassFactory.getPasswordController( |
|
| 83 |
userBean, upc.getConfigurationsMap()); |
|
| 84 |
String cipherText = pc.SHA256(userBean.getUserAlias(), password); |
|
| 80 |
if (userBean.getPhistoryList() != null) {
|
|
| 85 | 81 |
|
| 86 |
if (userBean.getPhistoryList() != null) |
|
| 87 |
{
|
|
| 88 | 82 |
StringTokenizer stz = new StringTokenizer( |
| 89 | 83 |
userBean.getPhistoryList(), ":"); |
| 90 |
while (stz.hasMoreTokens()) |
|
| 91 |
{
|
|
| 84 |
|
|
| 85 |
while (stz.hasMoreTokens()) {
|
|
| 92 | 86 |
token = stz.nextToken(); |
| 93 |
if (cipherText.equals(token)) |
|
| 94 |
{
|
|
| 87 |
if (doubleHashedPassword.equals(token)) {
|
|
| 95 | 88 |
return MinimalConstants.ERR_REUSED_PASSWD; |
| 96 | 89 |
} |
| 97 | 90 |
} |
| 98 | 91 |
} |
| 99 | 92 |
return MinimalConstants.ERR_SUCCESS; |
| 100 |
} catch (Exception e) |
|
| 101 |
{
|
|
| 93 |
|
|
| 94 |
} catch (Exception e) {
|
|
| 102 | 95 |
e.printStackTrace(); |
| 103 | 96 |
return MinimalConstants.ERR_SYSTEM_NOT_READY; |
| 104 | 97 |
} |
| src/main/java/my/com/upass/services/CreateUserService.java | ||
|---|---|---|
| 61 | 61 |
|
| 62 | 62 |
public ReturnBundle addUser( |
| 63 | 63 |
String userAlias, int userType, String userDesc, |
| 64 |
String userPassword, int userState, Session txSession, boolean checkPassword) {
|
|
| 64 |
String userHashedPassword, int userState, Session txSession, boolean usePassword) {
|
|
| 65 | 65 |
|
| 66 | 66 |
final ReturnBundle ret = new ReturnBundle(); |
| 67 | 67 |
ret.code = MinimalConstants.ERR_SYSTEM_NOT_READY; |
| ... | ... | |
| 70 | 70 |
ret.code = MinimalConstants.ERR_INVALID_INPUT; |
| 71 | 71 |
return ret; |
| 72 | 72 |
} |
| 73 |
if (checkPassword && userPassword == null) {
|
|
| 73 |
if (usePassword && userHashedPassword == null) {
|
|
| 74 | 74 |
ret.code = MinimalConstants.ERR_INVALID_INPUT; |
| 75 | 75 |
return ret; |
| 76 | 76 |
} |
| ... | ... | |
| 93 | 93 |
|
| 94 | 94 |
PasswordController pc = MinimalUPassFactory.getPasswordController(ub, |
| 95 | 95 |
upc.getConfigurationsMap()); |
| 96 |
ret.code = pc.VerifyUserAlias(userAlias);
|
|
| 96 |
ret.code = pc.verifyUserAlias(userAlias);
|
|
| 97 | 97 |
|
| 98 | 98 |
if (ret.code != MinimalConstants.ERR_SUCCESS) {
|
| 99 | 99 |
return ret; |
| 100 | 100 |
} |
| 101 |
if (checkPassword) {
|
|
| 102 |
ret.code = pc.GeneratePassword(userPassword, true); |
|
| 101 |
if (usePassword) {
|
|
| 102 |
if (upc.isInMigrationPeriod()) {
|
|
| 103 |
final String userPlainPassword = userHashedPassword; |
|
| 104 |
userHashedPassword = PasswordController.sha256(userPlainPassword); |
|
| 105 |
} |
|
| 106 |
ret.code = pc.generatePassword(userHashedPassword, true); |
|
| 103 | 107 |
|
| 104 | 108 |
if (ret.code != MinimalConstants.ERR_SUCCESS) {
|
| 105 | 109 |
return ret; |
| ... | ... | |
| 135 | 139 |
|
| 136 | 140 |
public ReturnBundle addUser( |
| 137 | 141 |
String userAlias, int userType, String userDesc, |
| 138 |
String userPassword, int userState, Session txSession) {
|
|
| 142 |
String userHashedPassword, int userState, Session txSession) {
|
|
| 139 | 143 |
|
| 140 | 144 |
return addUser( |
| 141 |
userAlias, userType, userDesc, userPassword, userState, txSession, true); |
|
| 145 |
userAlias, userType, userDesc, userHashedPassword, userState, txSession, true);
|
|
| 142 | 146 |
} |
| 143 | 147 |
|
| 144 | 148 |
public int addUser( |
| 145 | 149 |
String userAlias, int userType, String userDesc, |
| 146 |
String userPassword, int userState, int appId) {
|
|
| 150 |
String userHashedPassword, int userState, int appId) {
|
|
| 147 | 151 |
|
| 148 |
ReturnBundle ret = addUser(userAlias, userType, userDesc, userPassword, userState, null); |
|
| 152 |
ReturnBundle ret = addUser(userAlias, userType, userDesc, userHashedPassword, userState, null);
|
|
| 149 | 153 |
|
| 150 | 154 |
int rc = ret.code; |
| 151 | 155 |
if (rc == MinimalConstants.ERR_SUCCESS |
| ... | ... | |
| 163 | 167 |
} |
| 164 | 168 |
|
| 165 | 169 |
public ReturnBundle addUser( |
| 166 |
MinimalUserBean user, Session txSession, boolean checkPassword) {
|
|
| 170 |
MinimalUserBean user, Session txSession, boolean userPassword) {
|
|
| 167 | 171 |
|
| 168 | 172 |
return addUser( |
| 169 | 173 |
user.getUserAlias(), user.getUserType(), user.getDescription(), |
| 170 |
user.getPcipherText(), user.getPstate(), txSession, checkPassword);
|
|
| 174 |
user.getHashedPassword(), user.getPstate(), txSession, userPassword);
|
|
| 171 | 175 |
} |
| 172 | 176 |
} |
| src/main/java/my/com/upass/services/ModifyUserService.java | ||
|---|---|---|
| 16 | 16 |
import java.util.List; |
| 17 | 17 |
import java.util.Map; |
| 18 | 18 |
|
| 19 |
import my.com.upass.Config; |
|
| 20 |
import my.com.upass.ConfigBean; |
|
| 21 | 19 |
import my.com.upass.MinimalConstants; |
| 22 | 20 |
import my.com.upass.MinimalUPassControllerV2; |
| 23 | 21 |
import my.com.upass.UPassException; |
| ... | ... | |
| 56 | 54 |
|
| 57 | 55 |
public int modifyUser( |
| 58 | 56 |
String userAlias, int userType, String userDesc, |
| 59 |
String userPassword, int userState) {
|
|
| 57 |
String hashedPassword, int userState) {
|
|
| 60 | 58 |
|
| 61 |
return modifyUser(userAlias, userType, userDesc, userPassword, userState, true);
|
|
| 59 |
return modifyUser(userAlias, userType, userDesc, hashedPassword, userState, true);
|
|
| 62 | 60 |
} |
| 63 | 61 |
|
| 64 | 62 |
public int modifyUser( |
| 65 | 63 |
String userAlias, int userType, String userDesc, |
| 66 |
String userPassword, int userState, boolean updateLdap) {
|
|
| 64 |
String hashedPassword, int userState, boolean updateLdap) {
|
|
| 67 | 65 |
|
| 68 | 66 |
int rc = MinimalConstants.ERR_SYSTEM_NOT_READY; |
| 69 | 67 |
if (userAlias == null) {
|
| ... | ... | |
| 80 | 78 |
if (ub == null) {
|
| 81 | 79 |
return MinimalConstants.ERR_USERALIAS_NOT_FOUND; |
| 82 | 80 |
} |
| 81 |
|
|
| 83 | 82 |
PasswordController pc = null; |
| 84 |
if (userPassword != null) {
|
|
| 83 |
String plainPassword = null; |
|
| 84 |
|
|
| 85 |
if (hashedPassword != null) {
|
|
| 85 | 86 |
// Generate new paswword |
| 86 | 87 |
pc = MinimalUPassFactory.getPasswordController( |
| 87 | 88 |
ub, upc.getConfigurationsMap()); |
| 89 |
/* |
|
| 90 |
* If we are in migration period then the given hashPassword will |
|
| 91 |
* actually be in plain text, and we need to hash it here. |
|
| 92 |
*/ |
|
| 93 |
if (upc.isInMigrationPeriod()) {
|
|
| 94 |
plainPassword = hashedPassword; |
|
| 95 |
hashedPassword = PasswordController.sha256(plainPassword); |
|
| 96 |
} |
|
| 88 | 97 |
// rc = pc.GeneratePassword(userPassword, false); //disable |
| 89 | 98 |
// password hist check 20081220 |
| 90 |
rc = pc.GeneratePassword(userPassword, true);
|
|
| 99 |
rc = pc.generatePassword(hashedPassword, true);
|
|
| 91 | 100 |
|
| 92 | 101 |
if (rc != MinimalConstants.ERR_SUCCESS) {
|
| 93 | 102 |
return rc; |
| ... | ... | |
| 107 | 116 |
} |
| 108 | 117 |
|
| 109 | 118 |
// update ldap |
| 110 |
if (updateLdap |
|
| 111 |
&& pc != null && upc.isInMigrationPeriod()) {
|
|
| 112 |
|
|
| 119 |
if (updateLdap && plainPassword != null) {
|
|
| 113 | 120 |
Map attrMap = new HashMap(); |
| 114 |
attrMap.put(MaybankLdapConstant.ATTR_PASSWORD, userPassword);
|
|
| 121 |
attrMap.put(MaybankLdapConstant.ATTR_PASSWORD, plainPassword);
|
|
| 115 | 122 |
MinimalUPassControllerV2.getMaybankLdapDAO().updateUser(userAlias, attrMap); |
| 116 | 123 |
} |
| 117 | 124 |
session.getTransaction().commit(); |
| ... | ... | |
| 203 | 210 |
} |
| 204 | 211 |
return null; |
| 205 | 212 |
} |
| 206 |
|
|
| 213 |
|
|
| 207 | 214 |
public List/* <UserProfile> */listProfilesByExamples( |
| 208 |
List/* <UserProfile> */exampleProfiles, Date fromDate, Date toDate, Session txSession) throws UPassException {
|
|
| 215 |
List/* <UserProfile> */exampleProfiles, Date fromDate, Date toDate, Session txSession) |
|
| 216 |
throws UPassException {
|
|
| 209 | 217 |
|
| 210 | 218 |
// int rc = MinimalConstants.ERR_SYSTEM_NOT_READY; |
| 211 | 219 |
if (exampleProfiles == null) {
|
| src/main/java/my/com/upass/services/VerifyStaticPasswordService.java | ||
|---|---|---|
| 51 | 51 |
} |
| 52 | 52 |
|
| 53 | 53 |
public int verifyStaticPassword( |
| 54 |
String userAlias, String password,
|
|
| 54 |
String userAlias, String hashedPassword,
|
|
| 55 | 55 |
boolean chkUserType, int userType, Session txSession) {
|
| 56 | 56 |
|
| 57 | 57 |
return verifyUserCredetial( |
| 58 |
userAlias, password, chkUserType, userType, false, txSession);
|
|
| 58 |
userAlias, hashedPassword, chkUserType, userType, false, txSession);
|
|
| 59 | 59 |
} |
| 60 | 60 |
|
| 61 | 61 |
public ReturnBundle verifyStaticPassword_returnUser( |
| 62 |
String userAlias, String password,
|
|
| 62 |
String userAlias, String hashedPassword,
|
|
| 63 | 63 |
boolean chkUserType, int userType, Session txSession) {
|
| 64 | 64 |
|
| 65 | 65 |
return verifyUserCredetial_returnUser( |
| 66 |
userAlias, password, chkUserType, userType, false, txSession);
|
|
| 66 |
userAlias, hashedPassword, chkUserType, userType, false, txSession);
|
|
| 67 | 67 |
} |
| 68 | 68 |
|
| 69 | 69 |
/** |
| 70 | 70 |
* Verify password validity only |
| 71 | 71 |
* |
| 72 | 72 |
* @param userAlias |
| 73 |
* @param password
|
|
| 73 |
* @param hashedPassword
|
|
| 74 | 74 |
* @param chkUserType |
| 75 | 75 |
* @param userType |
| 76 | 76 |
* @return |
| 77 | 77 |
*/ |
| 78 | 78 |
public int verifyStaticPassword( |
| 79 |
String userAlias, String password,
|
|
| 79 |
String userAlias, String hashedPassword,
|
|
| 80 | 80 |
boolean chkUserType, int userType) {
|
| 81 | 81 |
|
| 82 |
return verifyUserCredetial(userAlias, password, chkUserType, userType, false, null);
|
|
| 82 |
return verifyUserCredetial(userAlias, hashedPassword, chkUserType, userType, false, null);
|
|
| 83 | 83 |
} |
| 84 | 84 |
|
| 85 | 85 |
/** |
| 86 | 86 |
* Verify user dormant period and password validity |
| 87 | 87 |
* |
| 88 | 88 |
* @param userAlias |
| 89 |
* @param password
|
|
| 89 |
* @param hashedPassword
|
|
| 90 | 90 |
* @param chkUserType |
| 91 | 91 |
* @param userType |
| 92 | 92 |
* @return |
| 93 | 93 |
*/ |
| 94 | 94 |
public int login( |
| 95 |
String userAlias, String password,
|
|
| 95 |
String userAlias, String hashedPassword,
|
|
| 96 | 96 |
boolean chkUserType, int userType) {
|
| 97 | 97 |
|
| 98 |
return verifyUserCredetial(userAlias, password, chkUserType, userType, true, null);
|
|
| 98 |
return verifyUserCredetial(userAlias, hashedPassword, chkUserType, userType, true, null);
|
|
| 99 | 99 |
} |
| 100 | 100 |
|
| 101 | 101 |
/** |
| ... | ... | |
| 103 | 103 |
* The logic is duplicated from verifyStaticPassword. |
| 104 | 104 |
* |
| 105 | 105 |
* @param userAlias |
| 106 |
* @param password
|
|
| 106 |
* @param hashedPassword
|
|
| 107 | 107 |
* @param chkUserType |
| 108 | 108 |
* @param userType |
| 109 | 109 |
* @return |
| 110 | 110 |
*/ |
| 111 | 111 |
public int verifyUserCredetial( |
| 112 |
String userAlias, String password,
|
|
| 112 |
String userAlias, String hashedPassword,
|
|
| 113 | 113 |
boolean chkUserType, int userType, |
| 114 | 114 |
boolean dormantCheck, Session txSession) {
|
| 115 | 115 |
|
| 116 | 116 |
final ReturnBundle ret = verifyUserCredetial_returnUser( |
| 117 |
userAlias, password, chkUserType, userType, dormantCheck, txSession);
|
|
| 117 |
userAlias, hashedPassword, chkUserType, userType, dormantCheck, txSession);
|
|
| 118 | 118 |
return ret.code; |
| 119 | 119 |
} |
| 120 | 120 |
|
| 121 | 121 |
public ReturnBundle verifyUserCredetial_returnUser( |
| 122 |
String userAlias, String password,
|
|
| 122 |
String userAlias, String hashedPassword,
|
|
| 123 | 123 |
boolean chkUserType, int userType, |
| 124 | 124 |
boolean dormantCheck, Session txSession) {
|
| 125 | 125 |
|
| 126 | 126 |
ReturnBundle ret = new ReturnBundle(); |
| 127 | 127 |
ret.code = MinimalConstants.ERR_SYSTEM_NOT_READY; |
| 128 | 128 |
|
| 129 |
if (userAlias == null || password == null) {
|
|
| 129 |
if (userAlias == null || hashedPassword == null) {
|
|
| 130 | 130 |
ret.code = MinimalConstants.ERR_INVALID_INPUT; |
| 131 | 131 |
return ret; |
| 132 | 132 |
} |
| ... | ... | |
| 140 | 140 |
} |
| 141 | 141 |
|
| 142 | 142 |
// -- migration period checking : START -- |
| 143 |
if (upc.isInMigrationPeriod() |
|
| 144 |
&& ret.user.getHashedPassword() == null) { // password null, so the user haven't get migrated.
|
|
| 143 |
if (upc.isInMigrationPeriod()) {
|
|
| 145 | 144 |
|
| 146 |
// authenticate to ldap |
|
| 147 |
if (!MinimalUPassControllerV2.getMaybankLdapDAO().authenticate(userAlias, password)) {
|
|
| 148 |
ret.code = MinimalConstants.ERR_INVALID_CREDENTIAL; |
|
| 149 |
return ret; |
|
Also available in: Unified diff