From 35ecfea41039b33a900787d4baaf5a3b0ccd2d09 Mon Sep 17 00:00:00 2001 From: Kavoos Bojnourdi Date: Mon, 10 Aug 2015 20:23:24 +0200 Subject: [PATCH] - User service now use PermissionManagerEJB to authenticate and check user permissions --- .../edf/gde/ejb/PermissionsManagerEJB.java | 32 ++- .../com/edf/gde/services/BaseService.java | 35 +++ .../com/edf/gde/services/UserService.java | 9 +- .../src/java/com/edf/gde/tools/Base64.java | 230 ++++++++++++++++++ .../java/com/edf/gde/tools/Credentials.java | 34 +++ 5 files changed, 333 insertions(+), 7 deletions(-) create mode 100644 projects/GDE_App/GDE-war/src/java/com/edf/gde/tools/Base64.java create mode 100644 projects/GDE_App/GDE-war/src/java/com/edf/gde/tools/Credentials.java diff --git a/projects/GDE_App/GDE-ejb/src/java/com/edf/gde/ejb/PermissionsManagerEJB.java b/projects/GDE_App/GDE-ejb/src/java/com/edf/gde/ejb/PermissionsManagerEJB.java index 606f70f..c44fa37 100644 --- a/projects/GDE_App/GDE-ejb/src/java/com/edf/gde/ejb/PermissionsManagerEJB.java +++ b/projects/GDE_App/GDE-ejb/src/java/com/edf/gde/ejb/PermissionsManagerEJB.java @@ -3,7 +3,9 @@ */ package com.edf.gde.ejb; +import com.edf.gde.dao.UserDao; import com.edf.gde.entities.GroupPermission; +import com.edf.gde.entities.User; import com.edf.gde.entities.UserGroup; import java.util.List; import javax.ejb.Stateless; @@ -30,8 +32,8 @@ public class PermissionsManagerEJB { groupPermission.setGroupId(groupId); em.persist(groupPermission); } - - public boolean checkPermission(long userId, String serviceName, int methodIndex) { + + public void checkPermission(long userId, String serviceName, int methodIndex) { Query query = em.createNamedQuery("UserGroup.findByUserId"); query.setParameter("userId", userId); List userGroups = query.getResultList(); @@ -41,14 +43,32 @@ public class PermissionsManagerEJB { gQuery.setParameter("groupId", ug.getGroupId()); gQuery.setParameter("serviceName", serviceName); gQuery.setParameter("methodIndex", methodIndex); - List gps = gQuery.getResultList(); - if (gps.size() > 0) { + if (gps.size() == 0) { /* If GroupPermission object exists with this parameters then return true */ - return true; + throw new RuntimeException("Unauthorized access"); } } - return false; + } + + public void checkPermission(String userLogin, String serviceName, int methodIndex) { + UserDao userDao = new UserDao(em); + User user = userDao.findUser(userLogin); + Query query = em.createNamedQuery("UserGroup.findByUserId"); + query.setParameter("userId", user.getId()); + List userGroups = query.getResultList(); + for (UserGroup ug : userGroups) { + Query gQuery = em.createNamedQuery("GroupPermission.findPermission"); + gQuery.setParameter("groupId", ug.getGroupId()); + gQuery.setParameter("serviceName", serviceName); + gQuery.setParameter("methodIndex", methodIndex); + List gps = gQuery.getResultList(); + if (gps.size() == 0) { + /* If GroupPermission object exists with this parameters then return true */ + throw new RuntimeException("Unauthorized access"); + } + } } + } diff --git a/projects/GDE_App/GDE-war/src/java/com/edf/gde/services/BaseService.java b/projects/GDE_App/GDE-war/src/java/com/edf/gde/services/BaseService.java index e155544..af303b5 100644 --- a/projects/GDE_App/GDE-war/src/java/com/edf/gde/services/BaseService.java +++ b/projects/GDE_App/GDE-war/src/java/com/edf/gde/services/BaseService.java @@ -1,11 +1,17 @@ package com.edf.gde.services; +import com.edf.gde.tools.Credentials; +import com.edf.gde.tools.Base64; + import com.edf.gde.transferables.CommandTO; import com.google.gson.Gson; import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.util.StringTokenizer; import java.util.logging.Level; import java.util.logging.Logger; import javax.servlet.ServletException; +import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -53,7 +59,36 @@ public abstract class BaseService extends HttpServlet { return commandTO; } + public Credentials getCredentials(HttpServletRequest req) { + String authHeader = req.getHeader("Authorization"); + if (authHeader != null) { + StringTokenizer st = new StringTokenizer(authHeader); + if (st.hasMoreTokens()) { + String basic = st.nextToken(); + + if (basic.equalsIgnoreCase("Basic")) { + try { + String credentials = new String(Base64.decode(st.nextToken()), "UTF-8"); + int p = credentials.indexOf(":"); + if (p != -1) { + String login = credentials.substring(0, p).trim(); + String password = credentials.substring(p + 1).trim(); + + return new Credentials(login, password); + } else { + throw new RuntimeException(); + } + } catch (UnsupportedEncodingException ex) { + Logger.getLogger(BaseService.class.getName()).log(Level.SEVERE, null, ex); + } + } + } + } + throw new RuntimeException("No credentials !"); + } + // + /** * Handles the HTTP GET method. * diff --git a/projects/GDE_App/GDE-war/src/java/com/edf/gde/services/UserService.java b/projects/GDE_App/GDE-war/src/java/com/edf/gde/services/UserService.java index 96cf4aa..4d62d1f 100644 --- a/projects/GDE_App/GDE-war/src/java/com/edf/gde/services/UserService.java +++ b/projects/GDE_App/GDE-war/src/java/com/edf/gde/services/UserService.java @@ -1,8 +1,10 @@ package com.edf.gde.services; +import com.edf.gde.ejb.PermissionsManagerEJB; import com.edf.gde.ejb.UserEJB; import com.edf.gde.entities.Group; import com.edf.gde.entities.User; +import com.edf.gde.tools.Credentials; import com.edf.gde.transferables.CommandTO; import com.edf.gde.transferables.GroupTO; import com.edf.gde.transferables.UserTO; @@ -30,12 +32,17 @@ public class UserService extends BaseService { @EJB UserEJB userDAO; - + @EJB + PermissionsManagerEJB pm; + @Override public void processRequest(HttpServletRequest request, HttpServletResponse response) { + Logger logger = Logger.getLogger("processRequest"); CommandTO commandTO = getCommand(request); CommandResultTO resultTO = new CommandResultTO(); + Credentials credentials = getCredentials(request); + pm.checkPermission(credentials.getLogin(), "UserService", commandTO.getMethod()); try { switch (commandTO.getMethod()) { case CREATEUSER: { diff --git a/projects/GDE_App/GDE-war/src/java/com/edf/gde/tools/Base64.java b/projects/GDE_App/GDE-war/src/java/com/edf/gde/tools/Base64.java new file mode 100644 index 0000000..7752472 --- /dev/null +++ b/projects/GDE_App/GDE-war/src/java/com/edf/gde/tools/Base64.java @@ -0,0 +1,230 @@ +// Copyright 2003-2010 Christian d'Heureuse, Inventec Informatik AG, Zurich, Switzerland +// www.source-code.biz, www.inventec.ch/chdh +// +// This module is multi-licensed and may be used under the terms +// of any of the following licenses: +// +// EPL, Eclipse Public License, V1.0 or later, http://www.eclipse.org/legal +// LGPL, GNU Lesser General Public License, V2.1 or later, http://www.gnu.org/licenses/lgpl.html +// GPL, GNU General Public License, V2 or later, http://www.gnu.org/licenses/gpl.html +// AGPL, GNU Affero General Public License V3 or later, http://www.gnu.org/licenses/agpl.html +// AL, Apache License, V2.0 or later, http://www.apache.org/licenses +// BSD, BSD License, http://www.opensource.org/licenses/bsd-license.php +// MIT, MIT License, http://www.opensource.org/licenses/MIT +// +// Please contact the author if you need another license. +// This module is provided "as is", without warranties of any kind. +// +// Project home page: www.source-code.biz/base64coder/java + +package com.edf.gde.tools; + + + +/** +* A Base64 encoder/decoder. +* +*

+* This class is used to encode and decode data in Base64 format as described in RFC 1521. +* +* @author +* Christian d'Heureuse, Inventec Informatik AG, Zurich, Switzerland, www.source-code.biz +*/ +public class Base64 { + +// The line separator string of the operating system. +private static final String systemLineSeparator = System.getProperty("line.separator"); + +// Mapping table from 6-bit nibbles to Base64 characters. +private static final char[] map1 = new char[64]; + static { + int i=0; + for (char c='A'; c<='Z'; c++) map1[i++] = c; + for (char c='a'; c<='z'; c++) map1[i++] = c; + for (char c='0'; c<='9'; c++) map1[i++] = c; + map1[i++] = '+'; map1[i++] = '/'; } + +// Mapping table from Base64 characters to 6-bit nibbles. +private static final byte[] map2 = new byte[128]; + static { + for (int i=0; isun.misc.BASE64Encoder.encodeBuffer(byte[]). +* @param in An array containing the data bytes to be encoded. +* @return A String containing the Base64 encoded data, broken into lines. +*/ +public static String encodeLines (byte[] in) { + return encodeLines(in, 0, in.length, 76, systemLineSeparator); } + +/** +* Encodes a byte array into Base 64 format and breaks the output into lines. +* @param in An array containing the data bytes to be encoded. +* @param iOff Offset of the first byte in in to be processed. +* @param iLen Number of bytes to be processed in in, starting at iOff. +* @param lineLen Line length for the output data. Should be a multiple of 4. +* @param lineSeparator The line separator to be used to separate the output lines. +* @return A String containing the Base64 encoded data, broken into lines. +*/ +public static String encodeLines (byte[] in, int iOff, int iLen, int lineLen, String lineSeparator) { + int blockLen = (lineLen*3) / 4; + if (blockLen <= 0) throw new IllegalArgumentException(); + int lines = (iLen+blockLen-1) / blockLen; + int bufLen = ((iLen+2)/3)*4 + lines*lineSeparator.length(); + StringBuilder buf = new StringBuilder(bufLen); + int ip = 0; + while (ip < iLen) { + int l = Math.min(iLen-ip, blockLen); + buf.append(encode(in, iOff+ip, l)); + buf.append(lineSeparator); + ip += l; } + return buf.toString(); } + +/** +* Encodes a byte array into Base64 format. +* No blanks or line breaks are inserted in the output. +* @param in An array containing the data bytes to be encoded. +* @return A character array containing the Base64 encoded data. +*/ +public static char[] encode (byte[] in) { + return encode(in, 0, in.length); } + +/** +* Encodes a byte array into Base64 format. +* No blanks or line breaks are inserted in the output. +* @param in An array containing the data bytes to be encoded. +* @param iLen Number of bytes to process in in. +* @return A character array containing the Base64 encoded data. +*/ +public static char[] encode (byte[] in, int iLen) { + return encode(in, 0, iLen); } + +/** +* Encodes a byte array into Base64 format. +* No blanks or line breaks are inserted in the output. +* @param in An array containing the data bytes to be encoded. +* @param iOff Offset of the first byte in in to be processed. +* @param iLen Number of bytes to process in in, starting at iOff. +* @return A character array containing the Base64 encoded data. +*/ +public static char[] encode (byte[] in, int iOff, int iLen) { + int oDataLen = (iLen*4+2)/3; // output length without padding + int oLen = ((iLen+2)/3)*4; // output length including padding + char[] out = new char[oLen]; + int ip = iOff; + int iEnd = iOff + iLen; + int op = 0; + while (ip < iEnd) { + int i0 = in[ip++] & 0xff; + int i1 = ip < iEnd ? in[ip++] & 0xff : 0; + int i2 = ip < iEnd ? in[ip++] & 0xff : 0; + int o0 = i0 >>> 2; + int o1 = ((i0 & 3) << 4) | (i1 >>> 4); + int o2 = ((i1 & 0xf) << 2) | (i2 >>> 6); + int o3 = i2 & 0x3F; + out[op++] = map1[o0]; + out[op++] = map1[o1]; + out[op] = op < oDataLen ? map1[o2] : '='; op++; + out[op] = op < oDataLen ? map1[o3] : '='; op++; } + return out; } + +/** +* Decodes a string from Base64 format. +* No blanks or line breaks are allowed within the Base64 encoded input data. +* @param s A Base64 String to be decoded. +* @return A String containing the decoded data. +* @throws IllegalArgumentException If the input is not valid Base64 encoded data. +*/ +public static String decodeString (String s) { + return new String(decode(s)); } + +/** +* Decodes a byte array from Base64 format and ignores line separators, tabs and blanks. +* CR, LF, Tab and Space characters are ignored in the input data. +* This method is compatible with sun.misc.BASE64Decoder.decodeBuffer(String). +* @param s A Base64 String to be decoded. +* @return An array containing the decoded data bytes. +* @throws IllegalArgumentException If the input is not valid Base64 encoded data. +*/ +public static byte[] decodeLines (String s) { + char[] buf = new char[s.length()]; + int p = 0; + for (int ip = 0; ip < s.length(); ip++) { + char c = s.charAt(ip); + if (c != ' ' && c != '\r' && c != '\n' && c != '\t') + buf[p++] = c; } + return decode(buf, 0, p); } + +/** +* Decodes a byte array from Base64 format. +* No blanks or line breaks are allowed within the Base64 encoded input data. +* @param s A Base64 String to be decoded. +* @return An array containing the decoded data bytes. +* @throws IllegalArgumentException If the input is not valid Base64 encoded data. +*/ +public static byte[] decode (String s) { + return decode(s.toCharArray()); } + +/** +* Decodes a byte array from Base64 format. +* No blanks or line breaks are allowed within the Base64 encoded input data. +* @param in A character array containing the Base64 encoded data. +* @return An array containing the decoded data bytes. +* @throws IllegalArgumentException If the input is not valid Base64 encoded data. +*/ +public static byte[] decode (char[] in) { + return decode(in, 0, in.length); } + +/** +* Decodes a byte array from Base64 format. +* No blanks or line breaks are allowed within the Base64 encoded input data. +* @param in A character array containing the Base64 encoded data. +* @param iOff Offset of the first character in in to be processed. +* @param iLen Number of characters to process in in, starting at iOff. +* @return An array containing the decoded data bytes. +* @throws IllegalArgumentException If the input is not valid Base64 encoded data. +*/ +public static byte[] decode (char[] in, int iOff, int iLen) { + if (iLen%4 != 0) throw new IllegalArgumentException("Length of Base64 encoded input string is not a multiple of 4."); + while (iLen > 0 && in[iOff+iLen-1] == '=') iLen--; + int oLen = (iLen*3) / 4; + byte[] out = new byte[oLen]; + int ip = iOff; + int iEnd = iOff + iLen; + int op = 0; + while (ip < iEnd) { + int i0 = in[ip++]; + int i1 = in[ip++]; + int i2 = ip < iEnd ? in[ip++] : 'A'; + int i3 = ip < iEnd ? in[ip++] : 'A'; + if (i0 > 127 || i1 > 127 || i2 > 127 || i3 > 127) + throw new IllegalArgumentException("Illegal character in Base64 encoded data."); + int b0 = map2[i0]; + int b1 = map2[i1]; + int b2 = map2[i2]; + int b3 = map2[i3]; + if (b0 < 0 || b1 < 0 || b2 < 0 || b3 < 0) + throw new IllegalArgumentException("Illegal character in Base64 encoded data."); + int o0 = ( b0 <<2) | (b1>>>4); + int o1 = ((b1 & 0xf)<<4) | (b2>>>2); + int o2 = ((b2 & 3)<<6) | b3; + out[op++] = (byte)o0; + if (op