001: /* Copyright 2005 The JA-SIG Collaborative. All rights reserved.
002: * See license distributed with this file and
003: * available online at http://www.uportal.org/license.html
004: */
005: package org.jasig.portal.channels.cusermanager.provider;
006:
007: import java.sql.Connection;
008: import java.sql.ResultSet;
009: import java.sql.Types;
010: import java.text.MessageFormat;
011: import java.util.Enumeration;
012: import java.util.Iterator;
013: import java.util.Vector;
014:
015: import org.apache.commons.logging.Log;
016: import org.apache.commons.logging.LogFactory;
017: import org.jasig.portal.IUserIdentityStore;
018: import org.jasig.portal.RDBMServices;
019: import org.jasig.portal.RDBMUserIdentityStore;
020: import org.jasig.portal.channels.cusermanager.Constants;
021: import org.jasig.portal.channels.cusermanager.IDataHandler;
022: import org.jasig.portal.groups.IEntityGroup;
023: import org.jasig.portal.groups.IGroupMember;
024: import org.jasig.portal.security.IPerson;
025: import org.jasig.portal.security.provider.PersonImpl;
026: import org.jasig.portal.services.GroupService;
027: import org.jasig.portal.tools.DeleteUser;
028:
029: /**
030: * @author smb1@cornell.edu
031: * @version $Revision: 42285 $ $Date: 2007-08-06 09:56:27 -0700 (Mon, 06 Aug 2007) $
032: */
033: public class DefaultDataHandlerImpl implements IDataHandler {
034: private static final Log LOG = LogFactory
035: .getLog(DefaultDataHandlerImpl.class);
036:
037: protected static final String SINGLEQUOTE = "'";
038: protected static final String WILDCARD = "%";
039:
040: protected static final String UPDMASK = "{0}={1}, ";
041:
042: protected static final String UPDCONDMASK = " where USER_NAME={0}";
043:
044: protected static final String COUNTUSERS = "select count( USER_NAME ) as cnt"
045: + " from UP_PERSON_DIR" + UPDCONDMASK;
046:
047: protected static final String ADDUSER = "insert into UP_PERSON_DIR ({0}) "
048: + "values ({1})";
049:
050: protected static final String UPDPWD = ("update UP_PERSON_DIR set "
051: + "ENCRPTD_PSWD={0}, LST_PSWD_CGH_DT={1} where USER_NAME={2} ")
052: .toUpperCase();
053:
054: protected static final String USERSELECT = "select * from UP_PERSON_DIR {0} "
055: + "order by USER_NAME, FIRST_NAME, LAST_NAME";
056:
057: protected static final String ALLUSERS = MessageFormat.format(
058: USERSELECT, new Object[] { "" });
059:
060: protected static final String GETTHISUSER = MessageFormat.format(
061: USERSELECT, new Object[] { "where USER_NAME = {0} " });
062:
063: protected static final String SEARCHUSERS = MessageFormat
064: .format(
065: USERSELECT,
066: new Object[] { "where USER_NAME like {0} "
067: + "or LAST_NAME like {0} or FIRST_NAME like {0} " });
068:
069: private IUserIdentityStore rdbmuser = new RDBMUserIdentityStore();
070:
071: static {
072: LOG.debug("USERSELECT: " + USERSELECT);
073: LOG.debug("ALLUSERS: " + ALLUSERS);
074: LOG.debug("GETTHISUSER: " + GETTHISUSER);
075: LOG.debug("SEARCHUSERS: " + SEARCHUSERS);
076: LOG.debug("ADDUSER: " + ADDUSER);
077: LOG.debug("UPDMASK: " + UPDMASK);
078: LOG.debug("UPDCONDMASK: " + UPDCONDMASK);
079: LOG.debug("UPDPWD: " + UPDPWD);
080: }// static
081:
082: public IPerson[] getAllUsers() throws Exception {
083: return runQuery(ALLUSERS);
084: }// getAllUsers
085:
086: public IPerson[] getAllUsersLike(String SearchString)
087: throws Exception {
088: return runQuery(SEARCHUSERS, SearchString + WILDCARD);
089: }// getAllUsersLike
090:
091: public IPerson getUser(String UID) throws Exception {
092: return runQuery(GETTHISUSER, UID)[0];
093: }// getUser
094:
095: public void setUserInformation(IPerson AnIndividual)
096: throws Exception {
097:
098: // build sql and update table
099: StringBuffer updsql = new StringBuffer(
100: "update UP_PERSON_DIR set ".toUpperCase());
101: String tmpcond = null;
102: String worker = null;
103: Enumeration E = AnIndividual.getAttributeNames();
104: while (E.hasMoreElements()) {
105: worker = (String) E.nextElement();
106:
107: // Do not process attributs with "-" in them
108: // if( worker.indexOf( "-" ) == -1 ) {
109: if (worker.toLowerCase().indexOf(Constants.PWDFIELD) == -1) { // don't process password fields
110: if (!worker.equals(Constants.UNFIELD))
111: updsql
112: .append(MessageFormat
113: .format(
114: UPDMASK,
115: new Object[] {
116: worker
117: .toUpperCase(),
118: SINGLEQUOTE
119: + (String) AnIndividual
120: .getAttribute(worker)
121: + SINGLEQUOTE }));
122: else
123: tmpcond = MessageFormat.format(UPDCONDMASK
124: .toUpperCase(),
125: new Object[] { SINGLEQUOTE
126: + (String) AnIndividual
127: .getAttribute(worker)
128: + SINGLEQUOTE });
129: }// if, password flds
130: // }// if, -
131: }// while
132:
133: // strip off trailing comma
134: updsql.setLength(updsql.length() - 2);
135: updsql.append(tmpcond);
136:
137: LOG.debug("Issuing: " + updsql.toString());
138:
139: Connection C = getDBConn();
140: C.createStatement().executeUpdate(updsql.toString());
141: releaseConn(C);
142:
143: }// setUserInformation
144:
145: public void addUser(IPerson AnIndividual) throws Exception {
146:
147: // first see if the username exists and throw if ot does.
148: boolean preexisting = false;
149:
150: Connection C = getDBConn();
151: ResultSet R = C
152: .createStatement()
153: .executeQuery(
154:
155: MessageFormat
156: .format(
157: COUNTUSERS,
158: new Object[] { SINGLEQUOTE
159: + AnIndividual
160: .getAttribute(Constants.UNFIELD)
161: + SINGLEQUOTE })
162:
163: );
164:
165: R.next();
166: if (R.getInt("cnt") > 0)
167: preexisting = true;
168:
169: releaseConn(R, C);
170:
171: if (preexisting)
172: throw new Exception(MessageFormat.format(
173: Constants.USER_EXISTS,
174: new Object[] { (String) AnIndividual
175: .getAttribute(Constants.UNFIELD) }));
176:
177: // clear to add user
178:
179: StringBuffer fields = new StringBuffer("");
180: StringBuffer values = new StringBuffer("");
181:
182: String worker = null;
183: Enumeration E = AnIndividual.getAttributeNames();
184: while (E.hasMoreElements()) {
185: worker = (String) E.nextElement();
186:
187: fields.append(worker + ", ");
188: values.append(SINGLEQUOTE
189: + AnIndividual.getAttribute(worker) + SINGLEQUOTE
190: + ", ");
191: }// while
192:
193: // Adjust len of str buffers
194: fields.setLength(fields.length() - 2);
195: values.setLength(values.length() - 2);
196:
197: C = getDBConn();
198: C.createStatement().execute(
199:
200: MessageFormat.format(ADDUSER, new Object[] {
201: fields.toString(), values.toString() })
202:
203: );
204:
205: releaseConn(C);
206:
207: }// addUser
208:
209: /** OriginalPassword is null if called in "UserManager" mode. */
210: public void setUserPassword(IPerson AnIndividual,
211: String OriginalPassword) throws Exception {
212:
213: if (OriginalPassword != null)
214: if (!Md5passwd.verifyPassword((String) AnIndividual
215: .getAttribute(Constants.UNFIELD), OriginalPassword))
216: throw new Exception(Constants.ERRMSG_PWDNOTMATACHED);
217:
218: String newpwd = Constants.ACCOUNTLOCK;
219:
220: if (!((String) AnIndividual
221: .getAttribute(Constants.ENCRYPTPWDFIELD))
222: .equals(Constants.NULLIFYUSER))
223: newpwd = Md5passwd.encode((String) AnIndividual
224: .getAttribute(Constants.ENCRYPTPWDFIELD));
225:
226: Connection C = getDBConn();
227:
228: C
229: .createStatement()
230: .execute(
231:
232: MessageFormat
233: .format(
234: UPDPWD,
235: new Object[] {
236: SINGLEQUOTE + newpwd
237: + SINGLEQUOTE,
238: RDBMServices
239: .getDbMetaData()
240: .sqlTimeStamp(
241: new java.util.Date()),
242: SINGLEQUOTE
243: + (String) AnIndividual
244: .getAttribute(Constants.UNFIELD)
245: + SINGLEQUOTE
246:
247: }));
248:
249: releaseConn(C);
250:
251: }// setUserPassword
252:
253: public void removeUser(IPerson AnIndividual) throws Exception {
254:
255: IPerson per = new PersonImpl();
256: per.setAttribute(IPerson.USERNAME, AnIndividual
257: .getAttribute(Constants.UNFIELD));
258:
259: int portalUID = -1;
260: try {
261: portalUID = rdbmuser.getPortalUID(per, false);
262: } catch (org.jasig.portal.AuthorizationException ae) { /* do nothing */
263: }
264:
265: if (portalUID > -1) {
266: rdbmuser.removePortalUID(portalUID);
267:
268: String userName = (String) AnIndividual
269: .getAttribute(Constants.UNFIELD);
270: IGroupMember gm = GroupService.getGroupMember(userName,
271: IPerson.class);
272:
273: for (Iterator itr = gm.getContainingGroups(); itr.hasNext();) {
274: IEntityGroup group = (IEntityGroup) itr.next();
275:
276: if (group.isEditable()) {
277: IEntityGroup lg = GroupService.findLockableGroup(
278: group.getKey(), this .getClass().getName());
279:
280: lg.removeMember(gm);
281: lg.update();
282:
283: LOG.info("Removed " + userName + " from "
284: + group.getKey());
285: }// if
286: }// for
287:
288: DeleteUser.deleteBookmarks(portalUID);
289: }// if
290:
291: AnIndividual.setAttribute(Constants.ENCRYPTPWDFIELD,
292: Constants.NULLIFYUSER);
293:
294: setUserPassword(AnIndividual, null);
295: }// removeUser
296:
297: private Connection getDBConn() {
298: return RDBMServices.getConnection();
299: }
300:
301: private void releaseConn(ResultSet R, Connection C)
302: throws Exception {
303: R.close();
304: releaseConn(C);
305: } // releaseConn
306:
307: private void releaseConn(Connection C) {
308: RDBMServices.releaseConnection(C);
309: }
310:
311: private IPerson[] runQuery(String Query) throws Exception {
312: return runQuery(Query, null);
313: }// runQuery
314:
315: private IPerson[] runQuery(String Query, String Conditional)
316: throws Exception {
317:
318: Connection C = getDBConn();
319: ResultSet R = C.createStatement().executeQuery(
320: (Conditional == null ? Query : MessageFormat.format(
321: Query, new Object[] { SINGLEQUOTE + Conditional
322: + SINGLEQUOTE })));
323:
324: IPerson[] people = mkIPeople(R);
325:
326: // be good doobies
327: releaseConn(R, C);
328:
329: return people;
330: }// runQuery
331:
332: private IPerson[] mkIPeople(ResultSet R) throws Exception {
333:
334: Vector v = new Vector();
335: IPerson person = null;
336:
337: while (R.next()) {
338:
339: person = new PersonImpl();
340:
341: for (int i = 1; i <= R.getMetaData().getColumnCount(); i++) {
342:
343: if (R.getMetaData().getColumnType(i) != Types.TIMESTAMP)
344: person.setAttribute(R.getMetaData()
345: .getColumnName(i).toLowerCase(),
346: (R.getString(i) == null ? "" : R
347: .getString(i)));
348: else
349: person.setAttribute(R.getMetaData()
350: .getColumnName(i).toLowerCase(), (R
351: .getString(i) == null ? ""
352: : RDBMServices.getDbMetaData()
353: .sqlTimeStamp(
354: new java.util.Date(R
355: .getTimestamp(i)
356: .getTime()))));
357:
358: }// for
359:
360: v.addElement(person);
361: }// while
362:
363: IPerson pwdtst = null;
364: IPerson[] people = new IPerson[v.size()];
365: for (int i = 0; i < people.length; i++) {
366: people[i] = (IPerson) v.elementAt(i);
367:
368: // if the user exists but has no layout information, the account
369: // is considered to be locked, this is technically inaccurate
370: try {
371: pwdtst = new PersonImpl();
372:
373: pwdtst.setAttribute(IPerson.USERNAME, people[i]
374: .getAttribute(Constants.UNFIELD));
375:
376: rdbmuser.getPortalUID(pwdtst, false);
377: } catch (org.jasig.portal.AuthorizationException ae) {
378:
379: people[i].setAttribute(Constants.ENCRYPTPWDFIELD,
380: Constants.ACCOUNTLOCKACKNOWLEDGE);
381: }// catch
382:
383: }// for
384:
385: return people;
386: }// mkIPerson
387:
388: }// eoc
|