Mo betta user management.
git-svn-id: https://samskivert.googlecode.com/svn/trunk@71 6335cc39-0255-0410-8fd6-9bcaacd3b74c
This commit is contained in:
+12
@@ -0,0 +1,12 @@
|
|||||||
|
//
|
||||||
|
// $Id: InvalidPasswordException.java,v 1.1 2001/03/02 02:08:50 mdb Exp $
|
||||||
|
|
||||||
|
package com.samskivert.servlet.user;
|
||||||
|
|
||||||
|
public class InvalidPasswordException extends Exception
|
||||||
|
{
|
||||||
|
public InvalidPasswordException (String message)
|
||||||
|
{
|
||||||
|
super(message);
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -1,13 +1,16 @@
|
|||||||
#
|
#
|
||||||
# $Id: Makefile,v 1.1 2001/03/02 01:21:06 mdb Exp $
|
# $Id: Makefile,v 1.2 2001/03/02 02:08:50 mdb Exp $
|
||||||
|
|
||||||
ROOT = ../../../..
|
ROOT = ../../../..
|
||||||
|
|
||||||
SRCS = \
|
SRCS = \
|
||||||
|
InvalidPasswordException.java \
|
||||||
InvalidUsernameException.java \
|
InvalidUsernameException.java \
|
||||||
|
NoSuchUserException.java \
|
||||||
User.java \
|
User.java \
|
||||||
UserExistsException.java \
|
UserExistsException.java \
|
||||||
UserManager.java \
|
UserManager.java \
|
||||||
UserRepository.java \
|
UserRepository.java \
|
||||||
|
UserUtil.java \
|
||||||
|
|
||||||
include $(ROOT)/build/Makefile.java
|
include $(ROOT)/build/Makefile.java
|
||||||
|
|||||||
@@ -0,0 +1,12 @@
|
|||||||
|
//
|
||||||
|
// $Id: NoSuchUserException.java,v 1.1 2001/03/02 02:08:50 mdb Exp $
|
||||||
|
|
||||||
|
package com.samskivert.servlet.user;
|
||||||
|
|
||||||
|
public class NoSuchUserException extends Exception
|
||||||
|
{
|
||||||
|
public NoSuchUserException (String message)
|
||||||
|
{
|
||||||
|
super(message);
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
//
|
//
|
||||||
// $Id: User.java,v 1.1 2001/03/02 01:21:06 mdb Exp $
|
// $Id: User.java,v 1.2 2001/03/02 02:08:50 mdb Exp $
|
||||||
|
|
||||||
package com.samskivert.servlet.user;
|
package com.samskivert.servlet.user;
|
||||||
|
|
||||||
@@ -53,7 +53,7 @@ public class User
|
|||||||
*/
|
*/
|
||||||
public void setPassword (String password)
|
public void setPassword (String password)
|
||||||
{
|
{
|
||||||
this.password = UserRepository.encryptPassword(username, password);
|
this.password = UserUtil.encryptPassword(username, password);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -63,4 +63,16 @@ public class User
|
|||||||
{
|
{
|
||||||
this.email = email;
|
this.email = email;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Compares the supplied password with the password associated with
|
||||||
|
* this user record.
|
||||||
|
*
|
||||||
|
* @return true if the passwords match, false if they do not.
|
||||||
|
*/
|
||||||
|
public boolean passwordsMatch (String password)
|
||||||
|
{
|
||||||
|
String epasswd = UserUtil.encryptPassword(username, password);
|
||||||
|
return this.password.equals(epasswd);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,20 +1,16 @@
|
|||||||
//
|
//
|
||||||
// $Id: UserManager.java,v 1.1 2001/03/02 01:21:06 mdb Exp $
|
// $Id: UserManager.java,v 1.2 2001/03/02 02:08:50 mdb Exp $
|
||||||
|
|
||||||
package com.samskivert.servlet.user;
|
package com.samskivert.servlet.user;
|
||||||
|
|
||||||
import java.net.URLEncoder;
|
import java.net.URLEncoder;
|
||||||
import java.sql.SQLException;
|
import java.sql.SQLException;
|
||||||
import java.util.Properties;
|
import java.util.Properties;
|
||||||
import javax.servlet.http.Cookie;
|
import javax.servlet.http.*;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.servlet.http.HttpUtils;
|
|
||||||
|
|
||||||
import com.samskivert.Log;
|
import com.samskivert.Log;
|
||||||
import com.samskivert.servlet.RedirectException;
|
import com.samskivert.servlet.RedirectException;
|
||||||
import com.samskivert.util.Interval;
|
import com.samskivert.util.*;
|
||||||
import com.samskivert.util.IntervalManager;
|
|
||||||
import com.samskivert.util.StringUtil;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The user manager provides easy access to user objects for servlets. It
|
* The user manager provides easy access to user objects for servlets. It
|
||||||
@@ -99,9 +95,9 @@ public class UserManager
|
|||||||
public User loadUser (HttpServletRequest req)
|
public User loadUser (HttpServletRequest req)
|
||||||
throws SQLException
|
throws SQLException
|
||||||
{
|
{
|
||||||
String authcode = getUserAuthCookie(req);
|
String authcode = getAuthCode(req);
|
||||||
if (authcode != null) {
|
if (authcode != null) {
|
||||||
return _repository.getUserBySession(authcode);
|
return _repository.loadUserBySession(authcode);
|
||||||
} else {
|
} else {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
@@ -136,7 +132,55 @@ public class UserManager
|
|||||||
return user;
|
return user;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected static String getUserAuthCookie (HttpServletRequest req)
|
/**
|
||||||
|
* Attempts to authenticate the requester and initiate an
|
||||||
|
* authenticated session for them. An authenticated session involves
|
||||||
|
* their receiving a cookie that provides them to be authenticated and
|
||||||
|
* an entry in the session database being created that maps their
|
||||||
|
* information to their userid. If this call completes, the session
|
||||||
|
* was established and the proper cookies were set in the supplied
|
||||||
|
* response object. If invalid authentication information is provided
|
||||||
|
* or some other error occurs, an exception will be thrown.
|
||||||
|
*/
|
||||||
|
public void login (String username, String password,
|
||||||
|
HttpServletResponse rsp)
|
||||||
|
throws SQLException, NoSuchUserException, InvalidPasswordException
|
||||||
|
{
|
||||||
|
// load up the requested user
|
||||||
|
User user = _repository.loadUser(username);
|
||||||
|
if (user == null) {
|
||||||
|
throw new NoSuchUserException("error.no_such_user");
|
||||||
|
}
|
||||||
|
if (!user.passwordsMatch(password)) {
|
||||||
|
throw new InvalidPasswordException("error.invalid_password");
|
||||||
|
}
|
||||||
|
|
||||||
|
// generate a new session for this user
|
||||||
|
String authcode = _repository.createNewSession(user);
|
||||||
|
// stick it into a cookie for their browsing convenience
|
||||||
|
Cookie acookie = new Cookie(USERAUTH_COOKIE, authcode);
|
||||||
|
acookie.setPath("/");
|
||||||
|
acookie.setMaxAge(24*60*60); // expire in two days
|
||||||
|
rsp.addCookie(acookie);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void logout (HttpServletRequest req, HttpServletResponse rsp)
|
||||||
|
{
|
||||||
|
String authcode = getAuthCode(req);
|
||||||
|
|
||||||
|
// nothing to do if they don't already have an auth cookie
|
||||||
|
if (authcode == null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// set them up the bomb
|
||||||
|
Cookie rmcookie = new Cookie(USERAUTH_COOKIE, authcode);
|
||||||
|
rmcookie.setPath("/");
|
||||||
|
rmcookie.setMaxAge(0);
|
||||||
|
rsp.addCookie(rmcookie);
|
||||||
|
}
|
||||||
|
|
||||||
|
protected static String getAuthCode (HttpServletRequest req)
|
||||||
{
|
{
|
||||||
Cookie[] cookies = req.getCookies();
|
Cookie[] cookies = req.getCookies();
|
||||||
if (cookies == null) {
|
if (cookies == null) {
|
||||||
|
|||||||
@@ -1,9 +1,10 @@
|
|||||||
//
|
//
|
||||||
// $Id: UserRepository.java,v 1.1 2001/03/02 01:21:06 mdb Exp $
|
// $Id: UserRepository.java,v 1.2 2001/03/02 02:08:50 mdb Exp $
|
||||||
|
|
||||||
package com.samskivert.servlet.user;
|
package com.samskivert.servlet.user;
|
||||||
|
|
||||||
import java.sql.*;
|
import java.sql.*;
|
||||||
|
import java.util.Calendar;
|
||||||
import java.util.Properties;
|
import java.util.Properties;
|
||||||
|
|
||||||
import org.apache.regexp.*;
|
import org.apache.regexp.*;
|
||||||
@@ -11,7 +12,6 @@ import org.apache.regexp.*;
|
|||||||
import com.samskivert.Log;
|
import com.samskivert.Log;
|
||||||
import com.samskivert.jdbc.MySQLRepository;
|
import com.samskivert.jdbc.MySQLRepository;
|
||||||
import com.samskivert.jdbc.jora.*;
|
import com.samskivert.jdbc.jora.*;
|
||||||
import com.samskivert.util.Crypt;
|
|
||||||
|
|
||||||
public class UserRepository extends MySQLRepository
|
public class UserRepository extends MySQLRepository
|
||||||
{
|
{
|
||||||
@@ -73,7 +73,7 @@ public class UserRepository extends MySQLRepository
|
|||||||
// create a new user object and stick it into the database
|
// create a new user object and stick it into the database
|
||||||
final User user = new User();
|
final User user = new User();
|
||||||
user.username = username;
|
user.username = username;
|
||||||
user.password = encryptPassword(username, password);
|
user.password = UserUtil.encryptPassword(username, password);
|
||||||
user.realname = realname;
|
user.realname = realname;
|
||||||
user.email = email;
|
user.email = email;
|
||||||
user.created = new Date(System.currentTimeMillis());
|
user.created = new Date(System.currentTimeMillis());
|
||||||
@@ -99,21 +99,13 @@ public class UserRepository extends MySQLRepository
|
|||||||
return user.userid;
|
return user.userid;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Encrypts the user's password according to our preferred scheme.
|
|
||||||
*/
|
|
||||||
public static String encryptPassword (String username, String password)
|
|
||||||
{
|
|
||||||
return Crypt.crypt(username.substring(0, 2), password);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Looks up a user by username.
|
* Looks up a user by username.
|
||||||
*
|
*
|
||||||
* @return the user with the specified user id or null if no user with
|
* @return the user with the specified user id or null if no user with
|
||||||
* that id exists.
|
* that id exists.
|
||||||
*/
|
*/
|
||||||
public User getUser (String username)
|
public User loadUser (String username)
|
||||||
throws SQLException
|
throws SQLException
|
||||||
{
|
{
|
||||||
// look up the user
|
// look up the user
|
||||||
@@ -135,7 +127,7 @@ public class UserRepository extends MySQLRepository
|
|||||||
* @return the user with the specified user id or null if no user with
|
* @return the user with the specified user id or null if no user with
|
||||||
* that id exists.
|
* that id exists.
|
||||||
*/
|
*/
|
||||||
public User getUser (int userid)
|
public User loadUser (int userid)
|
||||||
throws SQLException
|
throws SQLException
|
||||||
{
|
{
|
||||||
// look up the user
|
// look up the user
|
||||||
@@ -157,7 +149,7 @@ public class UserRepository extends MySQLRepository
|
|||||||
* @return the user associated with the specified session or null of
|
* @return the user associated with the specified session or null of
|
||||||
* no session exists with the supplied identifier.
|
* no session exists with the supplied identifier.
|
||||||
*/
|
*/
|
||||||
public User getUserBySession (String sessionKey)
|
public User loadUserBySession (String sessionKey)
|
||||||
throws SQLException
|
throws SQLException
|
||||||
{
|
{
|
||||||
// look up the user
|
// look up the user
|
||||||
@@ -203,6 +195,39 @@ public class UserRepository extends MySQLRepository
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates a new session for the specified user and returns the
|
||||||
|
* randomly generated session identifier for that session. Sessions
|
||||||
|
* are set to expire in two days which prevents someone from being
|
||||||
|
* screwed if they log in at 11:59pm, but also prevents them from
|
||||||
|
* leaving their browser authenticated for too long.
|
||||||
|
*/
|
||||||
|
public String createNewSession (final User user)
|
||||||
|
throws SQLException
|
||||||
|
{
|
||||||
|
// generate a random session identifier
|
||||||
|
final String authcode = UserUtil.genAuthCode(user);
|
||||||
|
|
||||||
|
// figure out what 48 hours from now is
|
||||||
|
Calendar cal = Calendar.getInstance();
|
||||||
|
cal.add(Calendar.DATE, 2);
|
||||||
|
final Date expires = new Date(cal.getTime().getTime());
|
||||||
|
|
||||||
|
// insert the session into the database
|
||||||
|
execute(new Operation () {
|
||||||
|
public void invoke () throws SQLException
|
||||||
|
{
|
||||||
|
_session.execute("insert into sessions " +
|
||||||
|
"(authcode, userid, expires) values('" +
|
||||||
|
authcode + "', " + user.userid + ", " +
|
||||||
|
expires + ")");
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
// and let the user know what the session identifier is
|
||||||
|
return authcode;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Prunes any expired sessions from the sessions table.
|
* Prunes any expired sessions from the sessions table.
|
||||||
*/
|
*/
|
||||||
@@ -229,8 +254,8 @@ public class UserRepository extends MySQLRepository
|
|||||||
try {
|
try {
|
||||||
UserRepository rep = new UserRepository(props);
|
UserRepository rep = new UserRepository(props);
|
||||||
|
|
||||||
System.out.println(rep.getUser("mdb"));
|
System.out.println(rep.loadUser("mdb"));
|
||||||
System.out.println(rep.getUserBySession("auth"));
|
System.out.println(rep.loadUserBySession("auth"));
|
||||||
|
|
||||||
rep.createUser("samskivert", "foobar", "Michael Bayne",
|
rep.createUser("samskivert", "foobar", "Michael Bayne",
|
||||||
"mdb@samskivert.com");
|
"mdb@samskivert.com");
|
||||||
@@ -246,8 +271,6 @@ public class UserRepository extends MySQLRepository
|
|||||||
|
|
||||||
protected Table _utable;
|
protected Table _utable;
|
||||||
|
|
||||||
protected static final int MINIMUM_USERNAME_LENGTH = 2;
|
|
||||||
|
|
||||||
/** Used to check usernames for invalid characteres. */
|
/** Used to check usernames for invalid characteres. */
|
||||||
protected static RE _userre;
|
protected static RE _userre;
|
||||||
static {
|
static {
|
||||||
@@ -257,4 +280,7 @@ public class UserRepository extends MySQLRepository
|
|||||||
Log.warning("Unable to initialize user regexp?! " + rese);
|
Log.warning("Unable to initialize user regexp?! " + rese);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** The minimum allowable length of a username. */
|
||||||
|
protected static final int MINIMUM_USERNAME_LENGTH = 3;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,47 @@
|
|||||||
|
//
|
||||||
|
// $Id: UserUtil.java,v 1.1 2001/03/02 02:08:50 mdb Exp $
|
||||||
|
|
||||||
|
package com.samskivert.servlet.user;
|
||||||
|
|
||||||
|
import java.security.*;
|
||||||
|
|
||||||
|
import com.samskivert.util.Crypt;
|
||||||
|
import com.samskivert.util.StringUtil;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* User related utility functions.
|
||||||
|
*/
|
||||||
|
public class UserUtil
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Generates a new random session identifier for the supplied user.
|
||||||
|
*/
|
||||||
|
public static String genAuthCode (User user)
|
||||||
|
{
|
||||||
|
// concatenate a bunch of secret stuff together
|
||||||
|
StringBuffer buf = new StringBuffer();
|
||||||
|
buf.append(user.password);
|
||||||
|
buf.append(System.currentTimeMillis());
|
||||||
|
buf.append(Math.random());
|
||||||
|
// and MD5 hash it
|
||||||
|
try {
|
||||||
|
MessageDigest digest = MessageDigest.getInstance("MD5");
|
||||||
|
byte[] enc = digest.digest(buf.toString().getBytes());
|
||||||
|
return StringUtil.hexlate(enc);
|
||||||
|
|
||||||
|
} catch (NoSuchAlgorithmException nsae) {
|
||||||
|
throw new RuntimeException("JVM missing MD5 message digest " +
|
||||||
|
"algorithm implementation. User " +
|
||||||
|
"management facilities require MD5 " +
|
||||||
|
"encoding capabilities.");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Encrypts the user's password according to our preferred scheme.
|
||||||
|
*/
|
||||||
|
public static String encryptPassword (String username, String password)
|
||||||
|
{
|
||||||
|
return Crypt.crypt(username.substring(0, 2), password);
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user