1 package com.instantbank.collections.security.realm;
2
3 import weblogic.security.acl.AbstractListableRealm;
4 import weblogic.security.acl.User;
5 import java.security.acl.Group;
6 import java.util.Hashtable;
7 import java.util.Enumeration;
8 import java.util.Properties;
9 import java.sql.Connection;
10 import java.sql.DriverManager;
11 import java.sql.PreparedStatement;
12 import java.sql.ResultSet;
13 import java.sql.SQLException;
14 import weblogic.management.configuration.BasicRealmMBean;
15 import weblogic.management.configuration.CustomRealmMBean;
16 import weblogic.management.Admin;
17
18
24 public class InstantbankRealm extends AbstractListableRealm {
25 private Hashtable HT;
26 private int numberOfUsers = 0;
27 private int numberOfGroups = 0;
28 private int numberOfMembers = 0;
29
30 BasicRealmMBean basicRealmMBean = Admin.getActiveDomain().getSecurity().getRealm().getCachingRealm().getBasicRealm();
31 CustomRealmMBean customRealmMBean = (CustomRealmMBean)basicRealmMBean;
32 Properties configData = customRealmMBean.getConfigurationData();
33 String urlDB = configData.getProperty("URL");
34 String userDB = configData.getProperty("USER");
35 String passwordDB = configData.getProperty("PASSWORD");
36 String driverDB = configData.getProperty("DRIVER");
37 String serverDB = configData.getProperty("SERVER");
38 Properties dbprops = new Properties();
39
40
41
47 public InstantbankRealm() throws SQLException, Exception {
48 super("InstantbankRealm");
49 }
50
51
52 protected User authUserPassword(String name, String password) {
53 InstantbankRealmUser DBUser = null;
54 DBUser = getDBUser(name);
55 if(DBUser != null) {
56 if(!DBUser.getUserStatus().equals(new Long(2))) {
57 if(DBUser.getName().equals(name) && DBUser.getPassword().equals(password)) {
58 return DBUser;
59 }
60 else {
61 setSignOnAttempts(DBUser.getUserId());
62 if(getDBAvailableSignOnAttempts(DBUser.getUserId())) {
63 setUserStatus(DBUser.getUserId(), new Long(2));
64 }
65 }
66 }
67 }
68 return null;
69 }
70
71
72 private Connection DataBaseConnection() throws Exception {
73 Connection con;
74 dbprops.put("user", userDB);
75 dbprops.put("password", passwordDB);
76 dbprops.put("server", serverDB);
77 Class.forName(driverDB).newInstance();
78 con = DriverManager.getConnection(urlDB, dbprops);
79
80 return con;
81 }
82
83
84 private boolean getDBAvailableSignOnAttempts(Long userId) {
85 Long availableSignOnAttempts = null;
86 Connection con = null;
87 PreparedStatement ps = null;
88 ResultSet result = null;
89 Long userCurrentSignOnAttempts = null;
90
91 try {
92 con = DataBaseConnection();
93 ps = con.prepareStatement(
94 "SELECT user_current_sign_on_attempts, " +
95 "cmp_invalid_sign_on_attempts " +
96 "FROM users, companies " +
97 "WHERE cmp_id = user_cmp_id " +
98 "AND user_id = " + userId
99 );
100 result = ps.executeQuery();
101 if(result.next()) {
102 availableSignOnAttempts = new Long(result.getLong("cmp_invalid_sign_on_attempts"));
103 userCurrentSignOnAttempts = new Long(result.getLong("user_current_sign_on_attempts"));
104 if(availableSignOnAttempts.longValue() <= userCurrentSignOnAttempts.longValue()) {
105 return true;
106 }
107 }
108 }
109 catch(SQLException se) {
110 se.printStackTrace();
111 }
112 catch(Exception e) {
113 e.printStackTrace();
114 }
115 finally {
116 try {
117 if(result != null) {
118 result.close();
119 }
120 if(ps != null) {
121 ps.close();
122 }
123 if(con != null) {
124 con.close();
125 }
126 }
127 catch(SQLException se) {
128 se.printStackTrace();
129 }
130 }
131 return false;
132 }
133
134
135 private InstantbankRealmGroup getDBGroup(String name) {
136 PreparedStatement ps = null;
137 ResultSet result = null;
138 Long groupId = null;
139 String groupName = null;
140 InstantbankRealmGroup DBGroup = null;
141 Connection con = null;
142
143 try {
144 con = DataBaseConnection();
145 ps = con.prepareStatement("SELECT * FROM security_roles WHERE srol_name = '" + name + "'");
146 result = ps.executeQuery();
147 if(result.next()) {
148 groupId = new Long(result.getLong("srol_id"));
149 groupName = result.getString("srol_name");
150 DBGroup = new InstantbankRealmGroup(groupName, groupId, this);
151 }
152 }
153 catch(SQLException se) {
154 se.printStackTrace();
155 }
156 catch(Exception e) {
157 e.printStackTrace();
158 }
159 finally {
160 try {
161 if(result != null) {
162 result.close();
163 }
164 if(ps != null) {
165 ps.close();
166 }
167 if(con != null) {
168 con.close();
169 }
170 }
171 catch(SQLException se) {
172 se.printStackTrace();
173 }
174 }
175 return DBGroup;
176 }
177
178
179 private Hashtable getDBGroups() {
180 PreparedStatement ps = null;
181 ResultSet result = null;
182 Long groupId = null;
183 String groupName = null;
184 Hashtable allGroups = new Hashtable();
185 Connection con = null;
186
187 try {
188 con = DataBaseConnection();
189 ps = con.prepareStatement("SELECT * FROM security_roles");
190 result = ps.executeQuery();
191 for(int i = 0; result.next(); i++) {
192 groupId = new Long(result.getLong("srol_id"));
193 groupName = result.getString("srol_name");
194 allGroups.put(groupName, new InstantbankRealmGroup(groupName, groupId, this));
195 }
196 }
197 catch(SQLException se) {
198 se.printStackTrace();
199 }
200 catch(Exception e) {
201 e.printStackTrace();
202 }
203 finally {
204 try {
205 if(result != null) {
206 result.close();
207 }
208 if(ps != null) {
209 ps.close();
210 }
211 if(con != null) {
212 con.close();
213 }
214 }
215 catch(SQLException se) {
216 se.printStackTrace();
217 }
218 }
219 return allGroups;
220 }
221
222
223 private Hashtable getDBMembers(Long groupId) {
224 Connection con = null;
225 Hashtable members = new Hashtable();
226 PreparedStatement ps = null;
227 String sql;
228 ResultSet result = null;
229 Long userId = null;
230 String userAlias = null;
231 String userPwd = null;
232 Long userPrf = null;
233 Long userStt = null;
234
235 try {
236 con = DataBaseConnection();
237 sql = "SELECT ";
238 sql += "user_id, cmp_number, user_userid, user_password, user_sprf_id, user_status_flag ";
239 sql += "FROM ";
240 sql += "users, companies, security_profiles, profile_roles_links,security_roles ";
241 sql += "WHERE ";
242 sql += "(sprf_id = user_sprf_id) and ";
243 sql += "(cmp_id = user_cmp_id) and ";
244 sql += "(prl_sprf_id = user_sprf_id) and ";
245 sql += "(srol_id = prl_srol_id) and ";
246 sql += "(srol_id = " + groupId + ")";
247 ps = con.prepareStatement(sql);
248 result = ps.executeQuery();
249 for(int i = 0; result.next(); i++) {
250 userId = new Long(result.getLong("user_id"));
251 userAlias = result.getString("user_userid") + ":" + result.getString("cmp_number");
252 userPwd = result.getString("user_password");
253 userPrf = new Long(result.getLong("user_sprf_id"));
254 userStt = new Long(result.getLong("user_status_flag"));
255 members.put(userAlias, new InstantbankRealmUser(userAlias, userPwd, userId, userPrf, userStt, this));
256 }
257 }
258 catch(SQLException se) {
259 se.printStackTrace();
260 }
261 catch(Exception e) {
262 e.printStackTrace();
263 }
264 finally {
265 try {
266 if(result != null) {
267 result.close();
268 }
269 if(ps != null) {
270 ps.close();
271 }
272 if(con != null) {
273 con.close();
274 }
275 }
276 catch(SQLException se) {
277 se.printStackTrace();
278 }
279 }
280 return members;
281 }
282
283
284 private InstantbankRealmUser getDBUser(String userName) {
285 Connection con = null;
286 String companyNumber;
287 InstantbankRealmUser DBUser = null;
288 String newUserName;
289 PreparedStatement ps = null;
290 int pUnderScore;
291 ResultSet result = null;
292 String userAlias = null;
293 Long userId = null;
294 Long userPrf = null;
295 String userPwd = null;
296 Long userStt = null;
297
298 try {
299 con = DataBaseConnection();
300 if(userName.lastIndexOf(new String(":")) != -1) {
301 pUnderScore = userName.lastIndexOf(new String(":"));
302 newUserName = userName.substring(0, pUnderScore);
303 companyNumber = userName.substring(pUnderScore + 1, userName.length());
304 }
305 else {
306 newUserName = userName;
307 companyNumber = "";
308 }
309 ps = con.prepareStatement("SELECT * FROM users,companies WHERE (cmp_id = user_cmp_id) and (user_userid = '" + newUserName + "') and (cmp_number = '" + companyNumber + "')");
310 result = ps.executeQuery();
311 if(result.next()) {
312 userId = new Long(result.getLong("user_id"));
313 userAlias = result.getString("user_userid") + ":" + result.getString("cmp_number");
314 userPwd = result.getString("user_password");
315 userPrf = new Long(result.getLong("user_sprf_id"));
316 userStt = new Long(result.getLong("user_status_flag"));
317 DBUser = new InstantbankRealmUser(userAlias, userPwd, userId, userPrf, userStt, this);
318 }
319 }
320 catch(SQLException se) {
321 se.printStackTrace();
322 DBUser = null;
323 }
324 catch(Exception e) {
325 e.printStackTrace();
326 DBUser = null;
327 }
328 finally {
329 try {
330 if(result != null) {
331 result.close();
332 }
333 if(ps != null) {
334 ps.close();
335 }
336 if(con != null) {
337 con.close();
338 }
339 }
340 catch(SQLException se) {
341 se.printStackTrace();
342 }
343 return DBUser;
344 }
345 }
346
347
348 private Hashtable getDBUsers() {
349 Hashtable allUsers = new Hashtable();
350 Connection con = null;
351 PreparedStatement ps = null;
352 ResultSet result = null;
353 String sql;
354 String userAlias = null;
355 Long userId = null;
356 Long userPrf = null;
357 String userPwd = null;
358 Long userStt = null;
359
360 try {
361 con = DataBaseConnection();
362 sql = "SELECT ";
363 sql += "user_id,";
364 sql += "user_userid,";
365 sql += "user_password,";
366 sql += "user_sprf_id,";
367 sql += "user_status_flag,";
368 sql += "cmp_number ";
369 sql += "FROM ";
370 sql += "users,";
371 sql += "companies ";
372 sql += "WHERE ";
373 sql += "user_cmp_id = cmp_id";
374 ps = con.prepareStatement(sql);
375 result = ps.executeQuery();
376 for(int i = 0; result.next(); i++) {
377 userId = new Long(result.getLong("user_id"));
378 userAlias = result.getString("user_userid") + ":" + result.getString("cmp_number");
379 userPwd = result.getString("user_password");
380 userPrf = new Long(result.getLong("user_sprf_id"));
381 userStt = new Long(result.getLong("user_status_flag"));
382 allUsers.put(userAlias, new InstantbankRealmUser(userAlias, userPwd, userId, userPrf, userStt, this));
383 }
384 }
385 catch(SQLException se) {
386 se.printStackTrace();
387 }
388 catch(Exception e) {
389 e.printStackTrace();
390 }
391 finally {
392 try {
393 if(result != null) {
394 result.close();
395 }
396 if(ps != null) {
397 ps.close();
398 }
399 if(con != null) {
400 con.close();
401 }
402 }
403 catch(SQLException se) {
404 se.printStackTrace();
405 }
406 }
407 return allUsers;
408 }
409
410
411 public Group getGroup(String name) {
412 return getDBGroup(name);
413 }
414
415
416 protected Hashtable getGroupMembersInternal(String name) {
417 int j = 0;
418 String memberName;
419 Hashtable members = new Hashtable();
420 InstantbankRealmGroup groupTmp;
421
422 groupTmp = getDBGroup(name);
423 if(groupTmp != null) {
424 members = getDBMembers(groupTmp.getGroupId());
425 }
426 return members;
427 }
428
429
430 public Enumeration getGroups() {
431 HT = new Hashtable();
432
433 HT = getDBGroups();
434 return HT.elements();
435 }
436
437
438 public User getUser(String name) {
439 return getDBUser(name);
440 }
441
442
443 private String getUserStr(String userStr) {
444 return userStr.substring(0, userStr.lastIndexOf(new String(":")));
445 }
446
447
448 public Enumeration getUsers() {
449 HT = new Hashtable();
450
451 HT = getDBUsers();
452 return HT.elements();
453 }
454
455
456 public void setSignOnAttempts(Long userId) {
457 Connection con = null;
458 PreparedStatement ps = null;
459 ResultSet rs = null;
460
461 try {
462 con = DataBaseConnection();
463 ps = con.prepareStatement(
464 "update users set " +
465 "user_current_sign_on_attempts = user_current_sign_on_attempts + 1 " +
466 "where user_id = ?"
467 );
468 ps.setLong(1, userId.longValue());
469
470 int n = ps.executeUpdate();
471 if(n != 1) {
472 throw new Exception("Failed to update User sign on attempts to the database");
473 }
474 con.commit();
475 }
476 catch(SQLException se) {
477 try {
478 con.rollback();
479 }
480 catch(Exception e) {
481 }
482 se.printStackTrace();
483 }
484 catch(Exception e) {
485 try {
486 con.rollback();
487 }
488 catch(Exception e1) {
489 }
490 e.printStackTrace();
491 }
492 finally {
493 try {
494 if(ps != null) {
495 ps.close();
496 }
497 if(con != null) {
498 con.close();
499 }
500 }
501 catch(SQLException se) {
502 se.printStackTrace();
503 }
504 }
505 }
506
507
508 public void setUserStatus(Long userId, Long status) {
509 Connection con = null;
510 PreparedStatement ps = null;
511 ResultSet rs = null;
512
513 try {
514 con = DataBaseConnection();
515 ps = con.prepareStatement(
516 "update users set " +
517 "user_status_flag = ? " +
518 "where user_id = ?"
519 );
520 ps.setLong(1, status.longValue());
521 ps.setLong(2, userId.longValue());
522
523 int n = ps.executeUpdate();
524 if(n != 1) {
525 throw new Exception("Failed to update User status to the database");
526 }
527 con.commit();
528 }
529 catch(SQLException se) {
530 try {
531 con.rollback();
532 }
533 catch(Exception e) {
534 }
535 se.printStackTrace();
536 }
537 catch(Exception e) {
538 try {
539 con.rollback();
540 }
541 catch(Exception e1) {
542 }
543 e.printStackTrace();
544 }
545 finally {
546 try {
547 if(ps != null) {
548 ps.close();
549 }
550 if(con != null) {
551 con.close();
552 }
553 }
554 catch(SQLException se) {
555 se.printStackTrace();
556 }
557 }
558 }
559 }
560