dbauthorizationfactory.java

一套大型Office网络办公系统

/*
 * DbAuthorizationFactory.java
 *
 * Created on 2002年7月16日, 下午2:36
 */

package com.codefad.easyoffice.db;

import com.codefad.easyoffice.Authorization;
import com.codefad.easyoffice.AuthorizationFactory;
import com.codefad.easyoffice.UnauthorizedException;

import java.sql.*;

/**
 *
 * @author  Chu daping
 */
public class DbAuthorizationFactory extends AuthorizationFactory {
    
    /** DATABASE QUERIES **/
    private static final String AUTHORIZE =
        "SELECT userID FROM userinf WHERE username=? AND password=?";

    /**
     * The same token can be used for all anonymous users, so cache it.
     */
    private static final Authorization anonymousAuth = new DbAuthorization(-1);
    
    /** Creates a new instance of DbAuthorizationFactory */
    public DbAuthorizationFactory() {
    }
    
    /**
     * Creates anonymous Authorization tokens.
     *
     * @return an anonymous Authorization token.
     */
    public Authorization createAnonymousAuthorization() {
        return anonymousAuth;
    }
    
    protected Authorization createAuthorization(String username, String password) throws UnauthorizedException {
        if (username == null || password == null) {
            throw new UnauthorizedException();
        }
        long userID = 0;
        Connection con = null;
        PreparedStatement pstmt = null;
        try {
            con = new SqlCon().getConnection();
            pstmt = con.prepareStatement(AUTHORIZE);
            pstmt.setString(1, username);
            pstmt.setString(2, password);

            ResultSet rs = pstmt.executeQuery();
            //If the query had no results, the username and password
            //did not match a user record. Therefore, throw an exception.
            if (!rs.next()) {
                throw new UnauthorizedException();
            }
            userID = rs.getLong(1);
        }
        catch( SQLException sqle ) {
            System.err.println("Exception in DbAuthorizationFactory:" + sqle);
            sqle.printStackTrace();
            throw new UnauthorizedException();
        }
        finally {
            try {  pstmt.close(); }
            catch (Exception e) { e.printStackTrace(); }
            try {  con.close();   }
            catch (Exception e) { e.printStackTrace(); }
        }
        //Got this far, so the user must be authorized.
        return new DbAuthorization(userID);
    }
    
}