1    package com.instantbank.collections.security.realm;
2    
3    import weblogic.security.acl.AbstractListableRealm;
4    import weblogic.security.acl.User;
5    import java.security.acl.Group;
6    import java.util.Hashtable;
7    import java.util.Enumeration;
8    import java.util.Properties;
9    import java.sql.Connection;
10   import java.sql.DriverManager;
11   import java.sql.PreparedStatement;
12   import java.sql.ResultSet;
13   import java.sql.SQLException;
14   import weblogic.management.configuration.BasicRealmMBean;
15   import weblogic.management.configuration.CustomRealmMBean;
16   import weblogic.management.Admin;
17   
18   /**
19    * A Class class.
20    * <P>
21    *
22    * @author Indudata Ltd.
23    */
24   public class InstantbankRealm extends AbstractListableRealm {
25     private Hashtable HT;
26     private int numberOfUsers = 0;
27     private int numberOfGroups = 0;
28     private int numberOfMembers = 0;
29   
30     BasicRealmMBean basicRealmMBean = Admin.getActiveDomain().getSecurity().getRealm().getCachingRealm().getBasicRealm();
31     CustomRealmMBean customRealmMBean = (CustomRealmMBean)basicRealmMBean;
32     Properties configData = customRealmMBean.getConfigurationData();
33     String urlDB = configData.getProperty("URL");
34     String userDB = configData.getProperty("USER");
35     String passwordDB = configData.getProperty("PASSWORD");
36     String driverDB = configData.getProperty("DRIVER");
37     String serverDB = configData.getProperty("SERVER");
38     Properties dbprops = new Properties();
39   
40   
41     /**
42      * Constructor
43      *
44      * @throws SQLException Description of the Exception
45      * @throws Exception Description of the Exception
46      */
47     public InstantbankRealm() throws SQLException, Exception {
48       super("InstantbankRealm");
49     }
50   
51   
52     protected User authUserPassword(String name, String password) {
53       InstantbankRealmUser DBUser = null;
54       DBUser = getDBUser(name);
55       if(DBUser != null) {
56         if(!DBUser.getUserStatus().equals(new Long(2))) {
57           if(DBUser.getName().equals(name) && DBUser.getPassword().equals(password)) {
58             return DBUser;
59           }
60           else {
61             setSignOnAttempts(DBUser.getUserId());
62             if(getDBAvailableSignOnAttempts(DBUser.getUserId())) {
63               setUserStatus(DBUser.getUserId(), new Long(2));
64             }
65           }
66         }
67       }
68       return null;
69     }
70   
71   
72     private Connection DataBaseConnection() throws Exception {
73       Connection con;
74       dbprops.put("user", userDB);
75       dbprops.put("password", passwordDB);
76       dbprops.put("server", serverDB);
77       Class.forName(driverDB).newInstance();
78       con = DriverManager.getConnection(urlDB, dbprops);
79       //con = DriverManager.getConnection(urlDB, userDB, passwordDB);
80       return con;
81     }
82   
83   
84     private boolean getDBAvailableSignOnAttempts(Long userId) {
85       Long availableSignOnAttempts = null;
86       Connection con = null;
87       PreparedStatement ps = null;
88       ResultSet result = null;
89       Long userCurrentSignOnAttempts = null;
90   
91       try {
92         con = DataBaseConnection();
93         ps = con.prepareStatement(
94           "SELECT user_current_sign_on_attempts, " +
95           "cmp_invalid_sign_on_attempts " +
96           "FROM users, companies " +
97           "WHERE cmp_id = user_cmp_id " +
98           "AND user_id = " + userId
99           );
100        result = ps.executeQuery();
101        if(result.next()) {
102          availableSignOnAttempts = new Long(result.getLong("cmp_invalid_sign_on_attempts"));
103          userCurrentSignOnAttempts = new Long(result.getLong("user_current_sign_on_attempts"));
104          if(availableSignOnAttempts.longValue() <= userCurrentSignOnAttempts.longValue()) {
105            return true;
106          }
107        }
108      }
109      catch(SQLException se) {
110        se.printStackTrace();
111      }
112      catch(Exception e) {
113        e.printStackTrace();
114      }
115      finally {
116        try {
117          if(result != null) {
118            result.close();
119          }
120          if(ps != null) {
121            ps.close();
122          }
123          if(con != null) {
124            con.close();
125          }
126        }
127        catch(SQLException se) {
128          se.printStackTrace();
129        }
130      }
131      return false;
132    }
133  
134  
135    private InstantbankRealmGroup getDBGroup(String name) {
136      PreparedStatement ps = null;
137      ResultSet result = null;
138      Long groupId = null;
139      String groupName = null;
140      InstantbankRealmGroup DBGroup = null;
141      Connection con = null;
142  
143      try {
144        con = DataBaseConnection();
145        ps = con.prepareStatement("SELECT * FROM security_roles WHERE srol_name = '" + name + "'");
146        result = ps.executeQuery();
147        if(result.next()) {
148          groupId = new Long(result.getLong("srol_id"));
149          groupName = result.getString("srol_name");
150          DBGroup = new InstantbankRealmGroup(groupName, groupId, this);
151        }
152      }
153      catch(SQLException se) {
154        se.printStackTrace();
155      }
156      catch(Exception e) {
157        e.printStackTrace();
158      }
159      finally {
160        try {
161          if(result != null) {
162            result.close();
163          }
164          if(ps != null) {
165            ps.close();
166          }
167          if(con != null) {
168            con.close();
169          }
170        }
171        catch(SQLException se) {
172          se.printStackTrace();
173        }
174      }
175      return DBGroup;
176    }
177  
178  
179    private Hashtable getDBGroups() {
180      PreparedStatement ps = null;
181      ResultSet result = null;
182      Long groupId = null;
183      String groupName = null;
184      Hashtable allGroups = new Hashtable();
185      Connection con = null;
186  
187      try {
188        con = DataBaseConnection();
189        ps = con.prepareStatement("SELECT * FROM security_roles");
190        result = ps.executeQuery();
191        for(int i = 0; result.next(); i++) {
192          groupId = new Long(result.getLong("srol_id"));
193          groupName = result.getString("srol_name");
194          allGroups.put(groupName, new InstantbankRealmGroup(groupName, groupId, this));
195        }
196      }
197      catch(SQLException se) {
198        se.printStackTrace();
199      }
200      catch(Exception e) {
201        e.printStackTrace();
202      }
203      finally {
204        try {
205          if(result != null) {
206            result.close();
207          }
208          if(ps != null) {
209            ps.close();
210          }
211          if(con != null) {
212            con.close();
213          }
214        }
215        catch(SQLException se) {
216          se.printStackTrace();
217        }
218      }
219      return allGroups;
220    }
221  
222  
223    private Hashtable getDBMembers(Long groupId) {
224      Connection con = null;
225      Hashtable members = new Hashtable();
226      PreparedStatement ps = null;
227      String sql;
228      ResultSet result = null;
229      Long userId = null;
230      String userAlias = null;
231      String userPwd = null;
232      Long userPrf = null;
233      Long userStt = null;
234  
235      try {
236        con = DataBaseConnection();
237        sql = "SELECT ";
238        sql += "user_id, cmp_number, user_userid, user_password, user_sprf_id, user_status_flag ";
239        sql += "FROM ";
240        sql += "users, companies, security_profiles, profile_roles_links,security_roles ";
241        sql += "WHERE ";
242        sql += "(sprf_id = user_sprf_id) and ";
243        sql += "(cmp_id = user_cmp_id) and ";
244        sql += "(prl_sprf_id = user_sprf_id) and ";
245        sql += "(srol_id = prl_srol_id) and ";
246        sql += "(srol_id = " + groupId + ")";
247        ps = con.prepareStatement(sql);
248        result = ps.executeQuery();
249        for(int i = 0; result.next(); i++) {
250          userId = new Long(result.getLong("user_id"));
251          userAlias = result.getString("user_userid") + ":" + result.getString("cmp_number");
252          userPwd = result.getString("user_password");
253          userPrf = new Long(result.getLong("user_sprf_id"));
254          userStt = new Long(result.getLong("user_status_flag"));
255          members.put(userAlias, new InstantbankRealmUser(userAlias, userPwd, userId, userPrf, userStt, this));
256        }
257      }
258      catch(SQLException se) {
259        se.printStackTrace();
260      }
261      catch(Exception e) {
262        e.printStackTrace();
263      }
264      finally {
265        try {
266          if(result != null) {
267            result.close();
268          }
269          if(ps != null) {
270            ps.close();
271          }
272          if(con != null) {
273            con.close();
274          }
275        }
276        catch(SQLException se) {
277          se.printStackTrace();
278        }
279      }
280      return members;
281    }
282  
283  
284    private InstantbankRealmUser getDBUser(String userName) {
285      Connection con = null;
286      String companyNumber;
287      InstantbankRealmUser DBUser = null;
288      String newUserName;
289      PreparedStatement ps = null;
290      int pUnderScore;
291      ResultSet result = null;
292      String userAlias = null;
293      Long userId = null;
294      Long userPrf = null;
295      String userPwd = null;
296      Long userStt = null;
297  
298      try {
299        con = DataBaseConnection();
300        if(userName.lastIndexOf(new String(":")) != -1) {
301          pUnderScore = userName.lastIndexOf(new String(":"));
302          newUserName = userName.substring(0, pUnderScore);
303          companyNumber = userName.substring(pUnderScore + 1, userName.length());
304        }
305        else {
306          newUserName = userName;
307          companyNumber = "";
308        }
309        ps = con.prepareStatement("SELECT * FROM users,companies WHERE (cmp_id = user_cmp_id) and (user_userid = '" + newUserName + "') and (cmp_number = '" + companyNumber + "')");
310        result = ps.executeQuery();
311        if(result.next()) {
312          userId = new Long(result.getLong("user_id"));
313          userAlias = result.getString("user_userid") + ":" + result.getString("cmp_number");
314          userPwd = result.getString("user_password");
315          userPrf = new Long(result.getLong("user_sprf_id"));
316          userStt = new Long(result.getLong("user_status_flag"));
317          DBUser = new InstantbankRealmUser(userAlias, userPwd, userId, userPrf, userStt, this);
318        }
319      }
320      catch(SQLException se) {
321        se.printStackTrace();
322        DBUser = null;
323      }
324      catch(Exception e) {
325        e.printStackTrace();
326        DBUser = null;
327      }
328      finally {
329        try {
330          if(result != null) {
331            result.close();
332          }
333          if(ps != null) {
334            ps.close();
335          }
336          if(con != null) {
337            con.close();
338          }
339        }
340        catch(SQLException se) {
341          se.printStackTrace();
342        }
343        return DBUser;
344      }
345    }
346  
347  
348    private Hashtable getDBUsers() {
349      Hashtable allUsers = new Hashtable();
350      Connection con = null;
351      PreparedStatement ps = null;
352      ResultSet result = null;
353      String sql;
354      String userAlias = null;
355      Long userId = null;
356      Long userPrf = null;
357      String userPwd = null;
358      Long userStt = null;
359  
360      try {
361        con = DataBaseConnection();
362        sql = "SELECT ";
363        sql += "user_id,";
364        sql += "user_userid,";
365        sql += "user_password,";
366        sql += "user_sprf_id,";
367        sql += "user_status_flag,";
368        sql += "cmp_number ";
369        sql += "FROM ";
370        sql += "users,";
371        sql += "companies ";
372        sql += "WHERE ";
373        sql += "user_cmp_id = cmp_id";
374        ps = con.prepareStatement(sql);
375        result = ps.executeQuery();
376        for(int i = 0; result.next(); i++) {
377          userId = new Long(result.getLong("user_id"));
378          userAlias = result.getString("user_userid") + ":" + result.getString("cmp_number");
379          userPwd = result.getString("user_password");
380          userPrf = new Long(result.getLong("user_sprf_id"));
381          userStt = new Long(result.getLong("user_status_flag"));
382          allUsers.put(userAlias, new InstantbankRealmUser(userAlias, userPwd, userId, userPrf, userStt, this));
383        }
384      }
385      catch(SQLException se) {
386        se.printStackTrace();
387      }
388      catch(Exception e) {
389        e.printStackTrace();
390      }
391      finally {
392        try {
393          if(result != null) {
394            result.close();
395          }
396          if(ps != null) {
397            ps.close();
398          }
399          if(con != null) {
400            con.close();
401          }
402        }
403        catch(SQLException se) {
404          se.printStackTrace();
405        }
406      }
407      return allUsers;
408    }
409  
410  
411    public Group getGroup(String name) {
412      return getDBGroup(name);
413    }
414  
415  
416    protected Hashtable getGroupMembersInternal(String name) {
417      int j = 0;
418      String memberName;
419      Hashtable members = new Hashtable();
420      InstantbankRealmGroup groupTmp;
421  
422      groupTmp = getDBGroup(name);
423      if(groupTmp != null) {
424        members = getDBMembers(groupTmp.getGroupId());
425      }
426      return members;
427    }
428  
429  
430    public Enumeration getGroups() {
431      HT = new Hashtable();
432  
433      HT = getDBGroups();
434      return HT.elements();
435    }
436  
437  
438    public User getUser(String name) {
439      return getDBUser(name);
440    }
441  
442  
443    private String getUserStr(String userStr) {
444      return userStr.substring(0, userStr.lastIndexOf(new String(":")));
445    }
446  
447  
448    public Enumeration getUsers() {
449      HT = new Hashtable();
450  
451      HT = getDBUsers();
452      return HT.elements();
453    }
454  
455  
456    public void setSignOnAttempts(Long userId) {
457      Connection con = null;
458      PreparedStatement ps = null;
459      ResultSet rs = null;
460  
461      try {
462        con = DataBaseConnection();
463        ps = con.prepareStatement(
464          "update users set " +
465          "user_current_sign_on_attempts = user_current_sign_on_attempts + 1 " +
466          "where user_id = ?"
467          );
468        ps.setLong(1, userId.longValue());
469  
470        int n = ps.executeUpdate();
471        if(n != 1) {
472          throw new Exception("Failed to update User sign on attempts to the database");
473        }
474        con.commit();
475      }
476      catch(SQLException se) {
477        try {
478          con.rollback();
479        }
480        catch(Exception e) {
481        }
482        se.printStackTrace();
483      }
484      catch(Exception e) {
485        try {
486          con.rollback();
487        }
488        catch(Exception e1) {
489        }
490        e.printStackTrace();
491      }
492      finally {
493        try {
494          if(ps != null) {
495            ps.close();
496          }
497          if(con != null) {
498            con.close();
499          }
500        }
501        catch(SQLException se) {
502          se.printStackTrace();
503        }
504      }
505    }
506  
507  
508    public void setUserStatus(Long userId, Long status) {
509      Connection con = null;
510      PreparedStatement ps = null;
511      ResultSet rs = null;
512  
513      try {
514        con = DataBaseConnection();
515        ps = con.prepareStatement(
516          "update users set " +
517          "user_status_flag = ? " +
518          "where user_id = ?"
519          );
520        ps.setLong(1, status.longValue());
521        ps.setLong(2, userId.longValue());
522  
523        int n = ps.executeUpdate();
524        if(n != 1) {
525          throw new Exception("Failed to update User status to the database");
526        }
527        con.commit();
528      }
529      catch(SQLException se) {
530        try {
531          con.rollback();
532        }
533        catch(Exception e) {
534        }
535        se.printStackTrace();
536      }
537      catch(Exception e) {
538        try {
539          con.rollback();
540        }
541        catch(Exception e1) {
542        }
543        e.printStackTrace();
544      }
545      finally {
546        try {
547          if(ps != null) {
548            ps.close();
549          }
550          if(con != null) {
551            con.close();
552          }
553        }
554        catch(SQLException se) {
555          se.printStackTrace();
556        }
557      }
558    }
559  }
560