Changed login and logout tags to jaas. Added new user creation hash function. Cl…

…eaned Session handler to JAAS type of authentication

Changed login and logout tags to jaas. Added new user creation hash function. Cl…
…eaned Session handler to JAAS type of authentication
Tuomas Riihimäki
Commit f31c3c31 authored Apr 18, 2010 by Tuomas Riihimäki
Showing with 72 additions and 95 deletions
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/UserFacade.java
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBeanLocal.java
code/LanBortalUtilities/src/fi/insomnia/bortal/utilities/PasswordFunctions.java
code/LanBortalWeb/WebContent/auth/login.xhtml
code/LanBortalWeb/WebContent/auth/logout.xhtml
code/LanBortalWeb/WebContent/layout/default-template.xhtml
code/LanBortalWeb/WebContent/resources/tools/login/login.xhtml
code/LanBortalWeb/src/fi/insomnia/bortal/handler/SessionHandler.java
code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java
--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBean.java
@@ -148,4 +148,10 @@ public class SessionHandlerBean implements SessionHandlerBeanLocal, SessionHandl
        foo.add("admin");
        return foo.elements();
    }
+    @Override
+    public User getCurrentUser() {
+        // TODO Auto-generated method stub
+        return null;
+    }
 }
--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java
@@ -11,6 +11,7 @@ import org.slf4j.LoggerFactory;
 import fi.insomnia.bortal.facade.UserFacade;
 import fi.insomnia.bortal.model.User;
+import fi.insomnia.bortal.utilities.PasswordFunctions;
 /**
 * Session Bean implementation class UserBean
@@ -39,8 +40,8 @@ public class UserBean implements UserBeanLocal {
        User returnUser = new User();
        returnUser.setNick(nick);
-        // TODO: Hash function....
+        String salted = PasswordFunctions.createPassword(password);
-        returnUser.setPassword(password);
+        returnUser.setPassword(salted);
        // Tallennetaan olio kantaan...
        userFacade.create(returnUser);
        return returnUser;

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/UserFacade.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/UserFacade.java
@@ -4,7 +4,6 @@ import javax.ejb.LocalBean;
 import javax.ejb.Stateless;
 import javax.persistence.EntityManager;
 import javax.persistence.PersistenceContext;
-import javax.persistence.Query;
 import javax.persistence.TypedQuery;
 import fi.insomnia.bortal.model.User;

--- a/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBeanLocal.java
+++ b/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/SessionHandlerBeanLocal.java
@@ -9,15 +9,10 @@ public interface SessionHandlerBeanLocal {
    boolean hasPermission(String target, User user, RolePermission permission);
-    /**
-     * 
-     * @param username
-     * @param password
-     * @return User on success, null on fail
-     */
-    User tryLogin(String username, String password);
    User getDefaultUser();
    void testing();
+    User getCurrentUser();
 }
--- a/code/LanBortalUtilities/src/fi/insomnia/bortal/utilities/PasswordFunctions.java
+++ b/code/LanBortalUtilities/src/fi/insomnia/bortal/utilities/PasswordFunctions.java
@@ -79,4 +79,11 @@ public class PasswordFunctions {
 		}
 		return sb.toString();
 	}
+	public static String createPassword(String password) {
+		// TODO Auto-generated method stub
+		return null;
+	}
 }
--- a/code/LanBortalWeb/WebContent/auth/login.xhtml
+++ b/code/LanBortalWeb/WebContent/auth/login.xhtml
@@ -11,21 +11,19 @@
 		<ui:define name="header">Add new user</ui:define>
 		<ui:define name="content">
-			<
 			<form method="post" action="j_security_check">
-			<table border="0">
+			<h:panelGrid columns="2">
-				<tr>
+				<h:outputText value="#{i18n['login.username']}" />
-					<td>#{i18n['login.username']}</td>
+				<input type="text" name="j_username" />
-					<td><input type="text" name="j_username" /></td>
-				</tr>
-				<tr>
-					<td>#{i18n['login.password']}</td>
-					<td><input type="password" name="j_password" /></td>
-				</tr>
-			</table>
-			<input type="submit" value="#{i18n['login.submit']}" />
+				<h:outputText value="#{i18n['login.password']}" />
+				<input type="password" name="j_password" />
+			</h:panelGrid>
+			<h:outputText>
+				<input type="submit" value="#{i18n['login.submit']}" />
+			</h:outputText>
 			</form>
 		</ui:define>
 		<ui:define name="footer">footer</ui:define>
 	</ui:composition>

--- a/code/LanBortalWeb/WebContent/auth/logout.xhtml
+++ b/code/LanBortalWeb/WebContent/auth/logout.xhtml
@@ -10,7 +10,8 @@
 		<ui:define name="title">CreateUser</ui:define>
 		<ui:define name="header">Add new user</ui:define>
 		<ui:define name="content">
-			Logged out.${userView.logout() }
+			<h:outputText value="#{i18n['logoutmessage'] }" />
+			${userView.logout() }
 		</ui:define>
 		<ui:define name="footer">footer</ui:define>
 	</ui:composition>

--- a/code/LanBortalWeb/WebContent/layout/default-template.xhtml
+++ b/code/LanBortalWeb/WebContent/layout/default-template.xhtml
@@ -20,7 +20,7 @@
    <div id="links">
      <!-- **** INSERT LINKS HERE **** -->
        <ui:insert name="somelinks">
-          <a href="http://www.insomnia.fi">www.insomnia.fi</a>
+          <a href="http://www.insomnia.fi">www.insomnia.fi</a>    <tools:loginLogout />
    	</ui:insert>
    </div>
    <div id="logo"><h1><ui:insert name="globaltitle">Lan Bortal</ui:insert></h1></div>
@@ -79,8 +79,7 @@
      <div id="column2">
    	<h:messages globalOnly="true"/>
-        <tools:loginLogout /><br />
           <ui:insert name="content">
 			Default content..
        </ui:insert>

--- a/code/LanBortalWeb/WebContent/resources/tools/login/login.xhtml
+++ b/code/LanBortalWeb/WebContent/resources/tools/login/login.xhtml
@@ -14,26 +14,30 @@
    </composite:interface>
    <composite:implementation>
-        <h:form>
+        <form>
            <c:choose>
                <c:when test="#{not empty cc.attrs.isOneliner}">
-                    <h:inputText value="#{sessionHandler.username}" />
+					<input type="text" name="j_username" />
-                    <h:inputSecret value="#{sessionHandler.password}" />
+					<input type="password" name="j_password" />
-                    <h:commandButton value="#{i18n['login.submit']}" action="#{sessionHandler.login}" />
+ 	                <input type="submit" value="#{i18n['login.submit']}" />
                </c:when>
                <c:otherwise>
                    <h:panelGrid columns="2">
-                        <h:outputText value="#{i18n['login.username']}" /> <h:inputText value="#{sessionHandler.username}" />
+            			<h:outputText value="#{i18n['login.username']}" />
-                        <h:outputText value="#{i18n['login.password']}" /> <h:inputSecret value="#{sessionHandler.password}" />
+						<input type="text" name="j_username" />
-                        <h:commandButton  value="#{i18n['login.submit']}" action="#{sessionHandler.login}" />
+						<h:outputText value="#{i18n['login.password']}" />
+						<input type="password" name="j_password" />
                    </h:panelGrid>
+ 	                <input type="submit" value="#{i18n['login.submit']}" />
                </c:otherwise>
            </c:choose>
-        </h:form>
+        </form>
    </composite:implementation>

--- a/code/LanBortalWeb/src/fi/insomnia/bortal/handler/SessionHandler.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/handler/SessionHandler.java
@@ -27,8 +27,6 @@ public class SessionHandler {
    @EJB
    private SessionHandlerBeanLocal handlerbean;
    private User user = null;
-    private String username = "";
-    private String password = "";
    /** Creates a new instance of SessionHandler */
    public SessionHandler() {
@@ -46,17 +44,24 @@ public class SessionHandler {
        return hasPermission(target, perm);
    }
-    public String getHostname()
+    private HttpSession getHttpSession() {
-    {
        FacesContext ctx = FacesContext.getCurrentInstance();
-        HttpSession sess =(HttpSession) ctx.getExternalContext().getSession(false);
+        HttpSession sess = (HttpSession) ctx.getExternalContext().getSession(false);
-        return HostnameFilter.getHostname(sess);
+        return sess;
+    }
+    public String getHostname() {
+        HttpSession sess = getHttpSession();
+        String ret = "";
+        if (sess != null) {
+            ret = HostnameFilter.getHostname(getHttpSession());
+        }
+        return ret;
    }
    public boolean hasPermission(String target, RolePermission permission) {
-        return true;
+        return handlerbean.hasPermission(target, getUser(), permission);
-        // return handlerbean.hasPermission(target, getUser(), permission);
    }
@@ -73,60 +78,31 @@ public class SessionHandler {
    }
    public void setUser(User user) {
-        this.user = user;
+        if (user == null) {
+            this.user = getUser();
+        } else if (canExecute("impersonateUser")) {
+            this.user = user;
+        }
    }
    public User getUser() {
        if (user == null) {
-            user = handlerbean.getDefaultUser();
+            user = handlerbean.getCurrentUser();
        }
        return user;
    }
    public String logout() {
        user = null;
-        return "logout";
+        FacesContext ctx = FacesContext.getCurrentInstance();
-    }
+        HttpSession sess = (HttpSession) ctx.getExternalContext().getSession(false);
+        if (sess != null) {
-    public String login() {
+            sess.invalidate();
-        user = handlerbean.tryLogin(username, password);
-        if (user == null) {
-            return "loginFailed";
-        } else {
-            return "loginSuccess";
        }
-    }
+        return "logout";
-    /**
-     * @return the username
-     */
-    public String getUsername() {
-        return username;
-    }
-    /**
-     * @param username the username to set
-     */
-    public void setUsername(String username) {
-        this.username = username;
-    }
-    /**
-     * @return the password
-     */
-    public String getPassword() {
-        return password;
-    }
-    /**
-     * @param password the password to set
-     */
-    public void setPassword(String password) {
-        this.password = password;
    }
 }
--- a/code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java
@@ -119,14 +119,5 @@ public class UserView {
        return sessionhandler;
    }
-    public void logout() {
-        FacesContext ctx = FacesContext.getCurrentInstance();
-        HttpSession sess = (HttpSession) ctx.getExternalContext().getSession(false);
-        if(sess != null)
-        {
-            logger.warn("Inalidating session");
-            sess.invalidate();
-        }
-    }
 }