📄 dbauthorizationfactory.java
字号:
package com.gs.db.dbimp;
import com.gs.db.Authorization;
import com.gs.db.AuthorizationFactory;
import com.gs.db.UnauthorizedException;
import com.gs.util.StringUtils;
import com.gs.db.AlreadyLoginException;
import java.sql.*;
/**
* A subclass of AuthorizationFactory for the default Ioffice implementation. It makes an
* SQL query to the user table to see if the supplied username and password
* match a user record. If they do, the appropaite Authorization token is
* returned. If no matching User record is found or the user has not been admitted as valid
* user, an UnauthorizedException is thrown.<p>
*
* Because each call to createAuthorization(String, String) makes a database
* connection, Authorization tokens should be cached whenever possible. When
* using a servlet or JSP skins, a good method is to cache the token in the
* session. The SkinUtils.getUserAuthorization() methods automatically handles
* this logic.<p>
*/
public class DbAuthorizationFactory extends AuthorizationFactory {
/** DATABASE QUERIES **/
private static final String AUTHORIZE =
"SELECT userid,status FROM gsUser WHERE user_id=? AND passwordhash=?";
// AND status<>0";
private static final String SEARCH_LOGIN =
"SELECT lastpulse FROM gsLogins WHERE userid=?";
private static final String INSERT_LOGIN =
"INSERT INTO gsLogins(userid,ipaddr, logintime, lastpulse,doingwhat) "
+"VALUES(?,'',?,?,'login')";
private static final String UPDATE_LOGIN =
"UPDATE gsLogins set ipaddr=' ', logintime=?, lastpulse=?,doingwhat='login' WHERE userid=?";
private static final String TEST_WAIT_ADMIT =
"SELECT userid FROM iofficeuserprop WHERE userid=? AND myname='waitAdmit' AND propvalue='yes' ";
/**
* The same token can be used for all anonymous users, so cache it.
*/
private static final Authorization anonymousAuth = new DbAuthorization(-1);
/**
* Creates Authorization tokens for users. This method is implemented by
* concrete subclasses of AuthorizationFactory.
*
* @param username the username to create an Authorization with.
* @param password the password to create an Authorization with.
* @return an Authorization token if the username and password are correct.
* @throws UnauthorizedException if the username and password do not match
* any existing user.
*/
public Authorization createAuthorization(String username, String password)
throws UnauthorizedException,AlreadyLoginException
{
if (username == null || password == null) {
throw new UnauthorizedException();
}
//Ioffice stores all passwords in hashed form. So, hash the plain text
//password for comparison.
password = StringUtils.hash(password);
int userID = 0;
Connection con = null;
PreparedStatement pstmt = null;
try {
con = DbConnectionManager.getConnection();
pstmt = con.prepareStatement(AUTHORIZE);
pstmt.setString(1, username);
pstmt.setString(2, password);
ResultSet rs = pstmt.executeQuery();
//If the query had no results, the username and password
//did not match a user record. Therefore, throw an exception.
if (!rs.next()) {
throw new UnauthorizedException("用户名或者密码无效");
}
userID = rs.getInt("userid");
int userStatus = rs.getInt("status");
if ( userStatus == 0 ) {
throw new UnauthorizedException("该id已被禁止无法授权登陆,请联系管理员");
}
//check if the user has a property "waitAdmin=yes"
pstmt = con.prepareStatement(TEST_WAIT_ADMIT);
pstmt.setInt(1,userID);
rs = pstmt.executeQuery();
if ( rs.next())
{
//need admittance
throw new UnauthorizedException("尚未转正无法授权登陆,请联系管理员");
}
int loginStatus = getLoginStatus( userID );
if ( 0==loginStatus )
{
//no record
insertLoginRecord( userID );
return new DbAuthorization(userID);
}
else if ( 1 == loginStatus )
{
// record too old
updateLoginRecord( userID );
return new DbAuthorization(userID);
}
else
throw new AlreadyLoginException();
//Got this far, so the user must be authorized.
}
catch( SQLException sqle ) {
System.err.println("Exception in DbAuthorizationFactory:" + sqle);
sqle.printStackTrace();
throw new UnauthorizedException();
}
finally {
try { pstmt.close(); }
catch (Exception e) { e.printStackTrace(); }
try { con.close(); }
catch (Exception e) { e.printStackTrace(); }
}
}
public static Authorization createAuthorization2(String username, String password)
throws UnauthorizedException
{
if (username == null || password == null) {
throw new UnauthorizedException();
}
//Ioffice stores all passwords in hashed form. So, hash the plain text
//password for comparison.
password = StringUtils.hash(password);
int userID = 0;
Connection con = null;
PreparedStatement pstmt = null;
try {
con = DbConnectionManager.getConnection();
pstmt = con.prepareStatement(AUTHORIZE);
pstmt.setString(1, username);
pstmt.setString(2, password);
ResultSet rs = pstmt.executeQuery();
//If the query had no results, the username and password
//did not match a user record. Therefore, throw an exception.
if (!rs.next()) {
throw new UnauthorizedException("用户名或者密码无效");
}
userID = rs.getInt("userid");
int userStatus = rs.getInt("status");
if ( userStatus == 0 ) {
throw new UnauthorizedException("该id已被禁止无法授权登陆,请联系管理员");
}
//check if the user has a property "waitAdmin=yes"
pstmt = con.prepareStatement(TEST_WAIT_ADMIT);
pstmt.setInt(1,userID);
rs = pstmt.executeQuery();
if ( rs.next())
{
//need admittance
throw new UnauthorizedException("尚未转正无法授权登陆,请联系管理员");
}
return new DbAuthorization(userID);
//Got this far, so the user must be authorized.
}
catch( SQLException sqle ) {
System.err.println("Exception in DbAuthorizationFactory:" + sqle);
sqle.printStackTrace();
throw new UnauthorizedException();
}
finally {
try { pstmt.close(); }
catch (Exception e) { e.printStackTrace(); }
try { con.close(); }
catch (Exception e) { e.printStackTrace(); }
}
}
/**
* getLoginStatus check check the login record of a user( id=uid ),
* it is a internal function of this class.
* @return 0:no record ; 1:record too old; 2:record and not too old
*/
private int getLoginStatus(int uid)
{
// private static final String SEARCH_LOGIN =
if ( uid <= 0 ) return 0;
Connection con = null;
PreparedStatement pstmt = null;
try {
con = DbConnectionManager.getConnection();
pstmt = con.prepareStatement(SEARCH_LOGIN);
pstmt.setInt(1, uid);
ResultSet rs = pstmt.executeQuery();
if (!rs.next()) {
return 0; //no login record found, return true
}
//if you want to prevent multi-login of the same user, un-comment the
//following lines
long lastPulse = rs.getLong("lastPulse");
long maxInterval = (long)(1.1 * 1000 * PULSE_INTERVAL_SEC);
if ( new java.util.Date().getTime() > lastPulse + maxInterval ) {
return 1;
}
}
catch( SQLException sqle ) {
System.err.println("Exception in DbAuthorizationFactory:" + sqle);
sqle.printStackTrace();
}
finally {
try { pstmt.close(); }
catch (Exception e) { e.printStackTrace(); }
try { con.close(); }
catch (Exception e) { e.printStackTrace(); }
}
return 2;
}
private void insertLoginRecord(int uid)
{
long loginTime = new java.util.Date().getTime();
Connection con = null;
PreparedStatement pstmt = null;
try {
con = DbConnectionManager.getConnection();
pstmt = con.prepareStatement(INSERT_LOGIN);
pstmt.setInt(1, uid);
pstmt.setLong(2, loginTime);
pstmt.setLong(3, loginTime);
pstmt.execute();
}
catch( SQLException sqle ) {
System.err.println("Exception in DbAuthorizationFactory:" + sqle);
sqle.printStackTrace();
}
finally {
try { pstmt.close(); }
catch (Exception e) { e.printStackTrace(); }
try { con.close(); }
catch (Exception e) { e.printStackTrace(); }
}
}
private void updateLoginRecord(int uid)
{
long loginTime = new java.util.Date().getTime();
Connection con = null;
PreparedStatement pstmt = null;
try {
con = DbConnectionManager.getConnection();
pstmt = con.prepareStatement(UPDATE_LOGIN);
pstmt.setLong(1, loginTime);
pstmt.setLong(2, loginTime);
pstmt.setInt(3, uid);
pstmt.execute();
}
catch( SQLException sqle ) {
System.err.println("Exception in DbAuthorizationFactory:" + sqle);
sqle.printStackTrace();
}
finally {
try { pstmt.close(); }
catch (Exception e) { e.printStackTrace(); }
try { con.close(); }
catch (Exception e) { e.printStackTrace(); }
}
}
/**
* Creates anonymous Authorization tokens.
*
* @return an anonymous Authorization token.
*/
public Authorization createAnonymousAuthorization() {
return anonymousAuth;
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -