Changeset 4995

Timestamp:

04/16/14 15:35:03 (10 years ago)

Author:

olhsha@mpi.nl

Message:

adding spring security tables, hashing and the method for posting record in the spring security tables

Location:

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src

Files:

• main/java/eu/dasish/annotation/backend/Helpers.java (modified) (2 diffs)
• main/java/eu/dasish/annotation/backend/PrincipalExists.java (modified) (1 diff)
• main/java/eu/dasish/annotation/backend/dao/DBIntegrityService.java (modified) (2 diffs)
• main/java/eu/dasish/annotation/backend/dao/PrincipalDao.java (modified) (2 diffs)
• main/java/eu/dasish/annotation/backend/dao/impl/DBIntegrityServiceImlp.java (modified) (3 diffs)
• main/java/eu/dasish/annotation/backend/dao/impl/JdbcPrincipalDao.java (modified) (4 diffs)
• main/java/eu/dasish/annotation/backend/dao/impl/JdbcResourceDao.java (modified) (2 diffs)
• main/java/eu/dasish/annotation/backend/rest/AutheticationResource.java (modified) (1 diff)
• main/java/eu/dasish/annotation/backend/rest/PrincipalResource.java (modified) (2 diffs)
• main/java/eu/dasish/annotation/backend/rest/ResourceResource.java (modified) (2 diffs)
• main/resources/spring-config/springSecurity.xml (modified) (1 diff)
• main/sql/principal_non-shibb.sql (added)
• test/java/eu/dasish/annotation/backend/dao/impl/DBIntegrityServiceTest.java (modified) (2 diffs)
• test/java/eu/dasish/annotation/backend/dao/impl/JdbcPrincipalDaoTest.java (modified) (3 diffs)

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/Helpers.java

@@ -18 +18 @@
 package eu.dasish.annotation.backend;
 
+import eu.dasish.annotation.schema.Principal;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.Map;
-import java.util.Set;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
-import org.slf4j.Logger;
+import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -74 +74 @@
         return welcome;
     }
+    
+    public static Principal createPrincipalElement(String name, String e_mail) {
+        Principal result = new Principal();
+        result.setDisplayName(name);
+        result.setEMail(e_mail);
+        return result;
+    }
+    
+    public static String hashPswd(String pswd, int strength, String salt) {
+    ShaPasswordEncoder encoder = new ShaPasswordEncoder(strength);
+    return encoder.encodePassword(pswd, salt);
+    }
 }

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/PrincipalExists.java

@@ -24 +24 @@
 public class PrincipalExists extends Exception{
     
-    public PrincipalExists(String email){
-        super("The principal with the e-mail "+email+" already exists in the database and cannot be added now. Note, e-mail are case insensitive in the database. ");
+    public PrincipalExists(String remoteID){
+        super("The principal with the remoteID "+remoteID+" already exists in the database and cannot be added. ");
     }
     

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/dao/DBIntegrityService.java

@@ -317 +317 @@
     Number addPrincipal(Principal principal, String remoteID) throws NotInDataBaseException, PrincipalExists;
 
+    public int addSpringUser(String username, String password, int strength, String salt);
+    
        /// notebooks ////
     Number createNotebook(Notebook notebook, Number ownerID) throws NotInDataBaseException;
@@ -322 +324 @@
     boolean createAnnotationInNotebook(Number notebookID, Annotation annotation, Number ownerID) throws NotInDataBaseException;
 
-    public Principal createPrincipalRecord(String remoteID);
-    
+   
     /**
      * DELETERS

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/dao/PrincipalDao.java

@@ -42 +42 @@
      
      // where is it used??
-     public boolean principalExists(Principal principal);
+     public boolean principalExists(String remoteID);
      
      public String getTypeOfPrincipalAccount(Number internalID);
@@ -59 +59 @@
      public Number addPrincipal(Principal principal, String remoteID) throws NotInDataBaseException;
      
+     public int addSpringUser(String username, String password, int strength, String salt);
+     
+     public int addSpringAuthorities(String username);
+     
      public int deletePrincipal(Number intenralID) throws PrincipalCannotBeDeleted;
      
-     public Principal createShibbolizedPrincipal(String remoteID);
+     
 }

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/dao/impl/DBIntegrityServiceImlp.java

@@ -680 +680 @@
     @Override
     public Number addPrincipal(Principal principal, String remoteID) throws NotInDataBaseException, PrincipalExists {
-        if (principalDao.principalExists(principal)) {
-            throw new PrincipalExists(principal.getEMail());
+        if (principalDao.principalExists(remoteID)) {
+            throw new PrincipalExists(remoteID);
         } else {
             return principalDao.addPrincipal(principal, remoteID);
@@ -705 +705 @@
         Number newAnnotationID = this.addPrincipalsAnnotation(ownerID, annotation);
         return notebookDao.addAnnotationToNotebook(notebookID, newAnnotationID);
+    }
+    
+    @Override
+    public int addSpringUser(String username, String password, int strength, String salt){
+        int users = principalDao.addSpringUser(username, password, strength, salt);
+        int authorities = principalDao.addSpringAuthorities(username);        
+        return users+authorities;
     }
 
@@ -850 +857 @@
     }
 
-    @Override
-    public Principal createPrincipalRecord(String remoteID) {
-        return principalDao.createShibbolizedPrincipal(remoteID);
-    }
+  
 
     //// priveee ///

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/dao/impl/JdbcPrincipalDao.java

@@ -18 +18 @@
 package eu.dasish.annotation.backend.dao.impl;
 
+import eu.dasish.annotation.backend.Helpers;
 import eu.dasish.annotation.backend.NotInDataBaseException;
 import eu.dasish.annotation.backend.PrincipalCannotBeDeleted;
@@ -103 +104 @@
 
     @Override
-    public boolean principalExists(Principal principal) {
-
-        String emailCriterion = principal.getEMail().toLowerCase();
+    public boolean principalExists(String remoteID) {
+
         StringBuilder sqlTargets = new StringBuilder("SELECT ");
-        sqlTargets.append(principal_id).append(" FROM ").append(principalTableName).append(" WHERE ").append("LOWER(").append(e_mail).append(")= ? LIMIT 1");
-        List<Number> result = this.loggedQuery(sqlTargets.toString(), internalIDRowMapper, emailCriterion);
+        sqlTargets.append(principal_id).append(" FROM ").append(principalTableName).append(" WHERE ").append(remote_id).append("= ? LIMIT 1");
+        List<Number> result = this.loggedQuery(sqlTargets.toString(), internalIDRowMapper, remoteID);
         if (result.size() > 0) {
             return true;
@@ -198 +198 @@
         return getInternalID(externalIdentifier);
     }
+    
+    @Override
+    public int addSpringUser(String username, String password, int strength, String salt){
+       Map<String, Object> params = new HashMap<String, Object>();
+        params.put("username", username);
+        params.put("password", Helpers.hashPswd(password, strength, salt));
+        StringBuilder sql = new StringBuilder("INSERT INTO ");
+        sql.append(springUserTableName).append("(").append(springUsername).append(",").
+                append(springPassword).append(") VALUES (:username, :password)");
+        final int affectedRows = this.loggedUpdate(sql.toString(), params);
+        return affectedRows; 
+    }
+    
+    @Override
+     public int addSpringAuthorities(String username){
+        Map<String, Object> params = new HashMap<String, Object>();
+        params.put("username", username);
+        StringBuilder sql = new StringBuilder("INSERT INTO ");
+        sql.append(springAuthoritiesTableName).append("(").append(springUsername).append(") VALUES (:username)");
+        final int affectedRows = this.loggedUpdate(sql.toString(), params);
+        return affectedRows;  
+    }
 
     ////////// UPDATERS ///////////////////////
@@ -232 +254 @@
     }
 
-    @Override
-    public Principal createShibbolizedPrincipal(String remoteID) {
-        Principal result = new Principal();
-        result.setDisplayName(remoteID);
-        result.setEMail(remoteID);
-        return result;
-    }
+   
 
     ////// DELETERS ////////////

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/dao/impl/JdbcResourceDao.java

@@ -50 +50 @@
     final static protected String versionTableName = "version";
     final static protected String principalTableName = "principal";
+    final static protected String springUserTableName = "users";
+    final static protected String springAuthoritiesTableName = "authorities";
     // joint tablenames
     final static protected String notebooksAnnotationsTableName = "notebooks_annotations";
@@ -57 +59 @@
     final static protected String targetsCachedRepresentationsTableName = "targets_cached_representations";
     // base string constants: field Names
+    final static protected String springUsername = "username";
+    final static protected String springPassword = "password";
     final static protected String account = "account";
     final static protected String admin = "admin";

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/rest/AutheticationResource.java

@@ -75 +75 @@
         httpServletResponse.sendRedirect(context.getInitParameter("eu.dasish.annotation.backend.logout"));
     }
+    
+   
 }

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/rest/PrincipalResource.java

@@ -138 +138 @@
 
     @POST
+    @Produces(MediaType.TEXT_PLAIN)
+    @Path("create/{remoteId}/{password}")
+    public String createSpringAuthenticationRecord(@PathParam("remoteId") String remoteId, @PathParam("password") String password) throws IOException {
+        int result = dbIntegrityService.addSpringUser(remoteId, password, 512, remoteId);
+        return result+ " record(s) has been added. Must be 2: 1 record for the principal, another for the authorities table.";
+    }
+
+    @POST
     @Consumes(MediaType.APPLICATION_XML)
     @Produces(MediaType.APPLICATION_XML)
@@ -251 +259 @@
                     loggerServer.debug(e2.toString());;
                     httpServletResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e2.toString());
-                    return "Nothis is deleted.";
+                    return "Nothing is deleted.";
                 }
             } catch (NotInDataBaseException e) {

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/rest/ResourceResource.java

@@ -18 +18 @@
 package eu.dasish.annotation.backend.rest;
 
+import eu.dasish.annotation.backend.Helpers;
 import eu.dasish.annotation.backend.NotInDataBaseException;
 import eu.dasish.annotation.backend.PrincipalExists;
 import eu.dasish.annotation.backend.dao.DBIntegrityService;
+import eu.dasish.annotation.schema.Principal;
 import java.io.IOException;
 import javax.servlet.ServletContext;
@@ -70 +72 @@
                     try {
                         try {
-                            return dbIntegrityService.addPrincipal(dbIntegrityService.createPrincipalRecord(remotePrincipal), remotePrincipal);
+                            Principal newPrincipal = Helpers.createPrincipalElement(remotePrincipal, remotePrincipal);
+                            return dbIntegrityService.addPrincipal(newPrincipal, remotePrincipal);
                         } catch (PrincipalExists e2) {
                             loggerServer.info(e2.toString());

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/resources/spring-config/springSecurity.xml

@@ -21 +21 @@
 
 <beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:security="http://www.springframework.org/schema/security"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans
+       xmlns:security="http://www.springframework.org/schema/security"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans
     http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
     http://www.springframework.org/schema/security
     http://www.springframework.org/schema/security/spring-security-3.2.xsd">     
-    <security:http auto-config='true'>
+    
+    <bean id="passwordEncoderBean" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
+        <constructor-arg value="512" />
+    </bean>
+    
+    <security:http>
         <security:intercept-url pattern="/api/authentication/login" access="ROLE_USER" />
         <security:http-basic />
         <security:logout delete-cookies="JSESSIONID"/>
     </security:http>
+    
     <security:authentication-manager>
         <security:authentication-provider>
-            <security:user-service>
-                <security:user name="olhsha" password="olhapassword" authorities="ROLE_USER, ROLE_ADMIN" />
-            </security:user-service>
+            <security:password-encoder ref="passwordEncoderBean">
+                <security:salt-source user-property="username"/>
+            </security:password-encoder>
+            <security:jdbc-user-service data-source-ref="dataSource"/>
         </security:authentication-provider>
-    </security:authentication-manager>   
+    </security:authentication-manager> 
+      
 </beans>
 

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/test/java/eu/dasish/annotation/backend/dao/impl/DBIntegrityServiceTest.java

@@ -879 +879 @@
         mockeryDao.checking(new Expectations() {
             {
-                oneOf(principalDao).principalExists(freshPrincipal);
+                oneOf(principalDao).principalExists("guisil@mpi.nl");
                 will(returnValue(false));
 
@@ -896 +896 @@
         mockeryDao.checking(new Expectations() {
             {
-                oneOf(principalDao).principalExists(principal);
+                oneOf(principalDao).principalExists("olhsha@mpi.nl");
                 will(returnValue(true));
 

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/test/java/eu/dasish/annotation/backend/dao/impl/JdbcPrincipalDaoTest.java

@@ -18 +18 @@
 package eu.dasish.annotation.backend.dao.impl;
 
+import eu.dasish.annotation.backend.Helpers;
 import eu.dasish.annotation.backend.NotInDataBaseException;
 import eu.dasish.annotation.backend.PrincipalCannotBeDeleted;
@@ -152 +153 @@
     public void tesPrincipalExists() {
         System.out.println("test principalExists");
-        jdbcPrincipalDao.setServiceURI(TestBackendConstants._TEST_SERVLET_URI_principals);
-
-        Principal freshPrincipal = new Principal();
-        freshPrincipal.setDisplayName("Guilherme");
-        freshPrincipal.setEMail("guisil@mpi.nl");
-        assertEquals(false,jdbcPrincipalDao.principalExists(freshPrincipal));
-
-        Principal principal = new Principal();
-        principal.setDisplayName("Olha");
-        principal.setEMail("Olha.Shakaravska@mpi.nl");
-        assertTrue(jdbcPrincipalDao.principalExists(principal));
+        //jdbcPrincipalDao.setServiceURI(TestBackendConstants._TEST_SERVLET_URI_principals);        
+        assertEquals(false,jdbcPrincipalDao.principalExists("guisil@mpi.nl"));       
+        assertTrue(jdbcPrincipalDao.principalExists("olhsha@mpi.nl"));
     }
     
@@ -178 +171 @@
     }
     
-    @Test
-    public void testCreateShibbolizedPrincipal(){
-        System.out.println("test createShibbolizedPrincipal");
-        Principal result = jdbcPrincipalDao.createShibbolizedPrincipal("test.user@mail.com");
-        assertEquals("test.user@mail.com", result.getDisplayName());
-        assertEquals("test.user@mail.com", result.getEMail());
+   @Test
+   public void generateHashes() {
+        System.out.println("*****"); 
+        System.out.println("generate hashes");
+        System.out.println(Helpers.hashPswd("1234", 512, "olhsha@mpi.nl"));
+        System.out.println(Helpers.hashPswd("5678", 512, "olasei@mpi.nl"));
+        System.out.println("*****");
+        
     }