Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package daos;
- import java.sql.Connection;
- import java.sql.DriverManager;
- import java.sql.PreparedStatement;
- import java.sql.ResultSet;
- import java.sql.SQLException;
- public class MerUsersDAO {
- private static final String DBCONSTRING = "jdbc:mysql://localhost:3306/merwebappdb";
- private static final String DBUSER = "root";
- private static final String DBPASSWORD="censored";
- private static final String GETUSERSTATEMENT="SELECT COUNT(*) FROM registered_users WHERE userid=? AND password=?";
- private static final String GETPERMSSTATEMENT="SELECT COUNT(*) FROM pageperms WHERE pageurl=? AND userid=?";
- public MerUsersDAO() {
- try {
- Class.forName("com.mysql.jdbc.Driver");
- } catch (ClassNotFoundException e) {
- System.err.println("Couldn't load mysql driver.");
- }
- }
- /**Check to see if a given user is a valid user, with the correct password.
- * This is a login verifier, and should be used with the AUTHENTICATION FILTER.
- * @param username
- * @param password
- * @return true if valid user; false otherwise
- * @throws Exception if database contains more than one user with this username/password
- */
- public boolean isUserValid(String username, String password) throws DBIntegrityException{
- try(Connection conn=DriverManager.getConnection(DBCONSTRING,DBUSER,DBPASSWORD);
- PreparedStatement userRecStmt=conn.prepareStatement(GETUSERSTATEMENT))
- {
- userRecStmt.setString(1,username);
- userRecStmt.setString(2,password);
- ResultSet userCount = userRecStmt.executeQuery(); //this is a count bc the sql was SELECT COUNT(*) FROM..
- if(userCount.next()) //first item, only entry should be the count of matching records
- { int matchingCount = userCount.getInt(1);
- System.out.printf("Found %d user(s) matching the username %s and password %s.%n",matchingCount,username,password);
- if(matchingCount==1) //should match exactly 1
- return true;
- else if(matchingCount>1)
- throw new DBIntegrityException(String.format("Found more than one (%d) user(s) matching the username %s and password %s.%n"
- + "User id/password combinations should be unique!%n",matchingCount,username,password));
- }
- else
- { System.out.printf("Did not find any user(s) matching the username %s and password %s.%n",username,password);
- //proceed to return false on exit of try-catch block.
- }
- } catch (SQLException e) {
- e.printStackTrace();
- }
- return false;
- }
- /**Checks to see whether the user has permission to access a given page.
- * This is an authorization check, and should be used by the AUTHORIZATION FILTER.
- * For the sake of this demo, I'm keeping per-page permissions, vs. permission classes,
- * and those will be maintained in a table called "pageperms" in database merwebappdb.
- * (yes, I know that this is an asstarded way of doing things, but it makes the coding more interesting.)
- *mysql> CREATE TABLE pageperms(pageurl varchar(255),userid varchar(255), UNIQUE KEY (pageurl, userid));
- * mysql> INSERT INTO pageperms VALUES("/Whatever.jsp","merid");
- * @param url page to which access is sought (url is the relative one as specified in struts.xml.)
- * In this table, there can be multiple entries for each userid and pageurl. They are not unique.
- * @param username user seeking access
- * @return true if user has access to page; false otherwise
- * @throws DBIntegrityException if there is more than one of the same permission PAIR.
- * though each user can have multiple page permissions, and each page multiple users with permissions
- * to it, record of such permission should only occur once per (userid/pageurl) combo.
- */
- public boolean hasPermissionsToPage(String url, String username) throws DBIntegrityException
- {
- try(Connection conn = DriverManager.getConnection(DBCONSTRING,DBUSER,DBPASSWORD);
- PreparedStatement authznStmt = conn.prepareStatement(GETPERMSSTATEMENT)){
- authznStmt.setString(1, url);
- authznStmt.setString(2, username);
- ResultSet foundauthd = authznStmt.executeQuery();
- if(foundauthd.next())
- {
- int count = foundauthd.getInt(1);
- if(count==1) //exactly 1 match is the only correct match
- {
- System.out.printf("Found exactly one match giving the user %s permission to the page %s.%n",username,url);
- return true;
- }
- else if(count>1)
- {
- throw new DBIntegrityException(String.format("Found more than one (%d) records granting user %s permission to page %s.%n",
- count,username,url));
- }
- }
- else{
- System.out.printf("Did not find any match giving the user %s permission to the page %s.%n",username,url);
- //proceed to return false.
- }
- } catch (SQLException e) {
- e.printStackTrace();
- }
- return false;
- }
- /**Exception indicating some flaw in the data in the database (such as multiple users
- * with the same username.)
- */
- public class DBIntegrityException extends Exception{
- private static final long serialVersionUID = 3669280035176647166L;
- public DBIntegrityException(String message)
- {
- super(message);
- }
- }
- public static void main(String[] args) throws Exception{
- MerUsersDAO mdao = new MerUsersDAO();
- System.out.println(mdao.isUserValid("merid", "merpassword"));
- System.out.println(mdao.isUserValid("impostor", "someotherpassword"));
- System.out.println(mdao.hasPermissionsToPage("/Whatever.jsp","merid"));
- System.out.println(mdao.isUserValid("/Whatever.jsp","impostor"));
- }
- }
- /*Sample output:
- Found 1 user(s) matching the username merid and password merpassword.
- true
- Found 0 user(s) matching the username impostor and password someotherpassword.
- false
- Found exactly one match giving the user merid permission to the page /Whatever.jsp.
- true
- Found 0 user(s) matching the username /Whatever.jsp and password impostor.
- false
- */
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement