jdbcrealm.java

这是一个法律事务所系统源码

     * the query or anything we return false (don't authenticate). This
     * event is also logged.
     *
     * If there is some SQL exception the connection is set to null.
     * This will allow a retry on the next auth attempt. This might not
     * be the best thing to do but it will keep tomcat from needing a
     * restart if the database goes down.
     *
     * @param username Username of the Principal to look up
     * @param credentials Password or other credentials to use in
     *  authenticating this username
     */
    public synchronized boolean authenticate(String username, String credentials) {
        try {

            // Establish the database connection if necessary
            if ((dbConnection == null) || dbConnection.isClosed()) {
                log(sm.getString("jdbcRealm.authDBClosed"));
                dbConnection = DriverManager.getConnection(connectionURL);
                if( (dbConnection == null) || dbConnection.isClosed() ) {
                    log(sm.getString("jdbcRealm.authDBReOpenFail"));
                    return false;
                }
                dbConnection.setReadOnly(true);
            }

            // Create the authentication search prepared statement if necessary
            if (preparedAuthenticate == null) {
                String sql = "SELECT " + userCredCol + " FROM " + userTable +
                    " WHERE " + userNameCol + " = ?";
                if (debug >= 1)
                    log("JDBCRealm.authenticate: " + sql);
                preparedAuthenticate = dbConnection.prepareStatement(sql);
            }

            // Perform the authentication search
            preparedAuthenticate.setString(1, username);
            ResultSet rs1 = preparedAuthenticate.executeQuery();
            boolean found = false;
            if (rs1.next()) {
                if (credentials.equals(rs1.getString(1))) {
                    if (debug >= 2)
                        log(sm.getString("jdbcRealm.authenticateSuccess",
                                 username));
                    return true;
                }
            }
            rs1.close();
            if (debug >= 2)
                log(sm.getString("jdbcRealm.authenticateFailure",
                         username));

            return false;
        } catch( SQLException ex ) {

            // Log the problem for posterity
            log(sm.getString("jdbcRealm.authenticateSQLException",
                     username));
            log("SQLException: " + ex);

            // Clean up the JDBC objects so that they get recreated next time
            if (preparedAuthenticate != null) {
            try {
                preparedAuthenticate.close();
            } catch (Throwable t) {
                ;
            }
            preparedAuthenticate = null;
            }
            if (dbConnection != null) {
            try {
                dbConnection.close();
            } catch (Throwable t) {
                ;
            }
            dbConnection = null;
            }

            // Return "not authenticated" for this request
            return false;
        }
    }

    public synchronized String[] getUserRoles(String username) {
        try {
          if( (dbConnection == null) || dbConnection.isClosed() ) {
            log(sm.getString("jdbcRealm.getUserRolesDBClosed"));

            dbConnection = DriverManager.getConnection(connectionURL);

            if( dbConnection == null || dbConnection.isClosed() ) {
              log(sm.getString("jdbcRealm.getUserRolesDBReOpenFail"));
              return null;
            }
          }
          if (preparedRoles == null) {
                String sql = "SELECT " + roleNameCol + " FROM " +
                    userRoleTable + " WHERE " + userNameCol + " = ?";
                if (debug >= 1)
                    log("JDBCRealm.roles: " + sql);
                preparedRoles = dbConnection.prepareStatement(sql);
          }

          preparedRoles.clearParameters();
          preparedRoles.setString(1, username);

          ResultSet rs = preparedRoles.executeQuery();

          // Next we convert the resultset into a String[]
          Vector vrol=new Vector();

          while (rs.next()) {
              vrol.addElement(rs.getString(1));
          }

          String[] res=new String[vrol.size()];

          for(int i=0 ; i<vrol.size() ; i++ )
              res[i]=(String)vrol.elementAt(i);

          return res;
        }
        catch( SQLException ex ) {
          // Set the connection to null.
          // Next time we will try to get a new connection.
            log(sm.getString("jdbcRealm.getUserRolesSQLException",
                     username));
            log("SQLException: " + ex);
            if (preparedRoles != null) {
                try {
                    preparedRoles.close();
                } catch (Throwable t) {
                    ;
            }
            preparedRoles = null;
            }
            if (dbConnection != null) {
                try {
                    dbConnection.close();
                } catch (Throwable t) {
                    ;
                }
            dbConnection = null;
            }
        }
	    return null;
    }


    public void contextInit(Context ctx)
            throws org.apache.tomcat.core.TomcatException {
	// Validate and update our current component state
      if (!started) {
          started = true;
          try {
            Class.forName(driverName);
            if ((connectionName == null || connectionName.equals("")) &&
                (connectionPassword == null || connectionPassword.equals(""))) {
                dbConnection = DriverManager.getConnection(connectionURL);
            } else {
                dbConnection = DriverManager.getConnection(connectionURL,
                                                           connectionName,
                                                           connectionPassword);
            }
          }
          catch( ClassNotFoundException ex ) {
            throw new RuntimeException("JDBCRealm.start.readXml: " + ex);
          }
          catch( SQLException ex ) {
            throw new RuntimeException("JDBCRealm.start.readXml: " + ex);
          }
      }
    }

    public void contextShutdown(Context ctx)
            throws org.apache.tomcat.core.TomcatException {
      // Validate and update our current component state
      if (started) {
            if( dbConnection != null ) {
              try {
                dbConnection.close();
              }
              catch( SQLException ex ) {
                log("dbConnection.close Exception!!!");
              }
           }
      }
    }

    public void setContextManager( ContextManager cm ) {
      super.setContextManager( cm );

      this.cm=cm;
      // set-up a per/container note for maps
      try {
          // XXX make the name a "global" static - after everything is stable!
          reqRolesNote = cm.getNoteId( ContextManager.REQUEST_NOTE
                , "required.roles");
      } catch( TomcatException ex ) {
          ex.printStackTrace();
          throw new RuntimeException( "Invalid state ");
      }
    }

    public int authenticate( Request req, Response response ) {
        // Extract the credentials
        Hashtable cred=new Hashtable();
        SecurityTools.credentials( req, cred );
        // This realm will use only username and password callbacks
        String user=(String)cred.get("username");
        String password=(String)cred.get("password");
	
	if( authenticate( user, password ) ) {
     	    if( debug > 0 ) log( "Auth ok, user=" + user );
	    req.setRemoteUser( user );
            Context ctx = req.getContext();
            if (ctx != null)
                req.setAuthType(ctx.getAuthMethod());
	}
	return 0;
    }

    public int authorize( Request req, Response response, String roles[] )
    {
        if( roles==null ) {
            // request doesn't need authentication
            return 0;
        }

        Context ctx=req.getContext();

        String userRoles[]=null;

	String user=req.getRemoteUser();
	if( user==null ) 
            return 401; //HttpServletResponse.SC_UNAUTHORIZED
	
	if( debug > 0 )
            log( "Controled access for " + user + " " + req + " "
                 + req.getContainer() );
	
	userRoles = getUserRoles( user );
	req.setUserRoles( userRoles );

        if( debug > 0 ) {
            if ((userRoles != null) && (userRoles.length > 0))
                log( "Auth ok, first role=" + userRoles[0] );
            else
                log( "Auth ok, user has no roles");
        }

        if( SecurityTools.haveRole( userRoles, roles ))
            return 0;

        if( debug > 0 ) {
            if ((roles != null) && (roles.length > 0))
                log( "UnAuthorized " + roles[0] );
            else
                log( "UnAuthorized - no roles specified");
        }
	return 401; //HttpServletResponse.SC_UNAUTHORIZED
        // XXX check transport
    }

}