API tools faq
paste
Guest User

Untitled

a guest
Feb 1st, 2012
246
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.49 KB | None | 0 0
raw download clone embed print report
  1.  
  2. package com.DX_57.SR_57;
  3. /** include default packages for Beans */
  4. import java.io.Serializable;
  5. import javax.enterprise.context.SessionScoped;
  6. // or import javax.faces.bean.SessionScoped;
  7. import javax.inject.Named;
  8. /** include package for SHA-256 encryption */
  9. import java.security.MessageDigest;
  10. import java.security.NoSuchAlgorithmException;
  11. /** include SQL Packages */
  12. import java.sql.Connection;
  13. import java.sql.PreparedStatement;
  14. import java.sql.ResultSet;
  15. import java.sql.SQLException;
  16. import javax.sql.DataSource;
  17. import javax.annotation.Resource;
  18. import javax.faces.context.FacesContext;
  19. import javax.inject.Inject;
  20. import javax.servlet.http.HttpServletRequest;
  21. import javax.servlet.http.HttpSession;
  22. // or import javax.faces.bean.ManagedBean;
  23. import org.DX_57.osgi.CL_27.api.CryptoSHA;
  24. import org.glassfish.osgicdi.OSGiService;
  25. import org.DX_57.osgi.SH_27.api.SessionHandle;
  26.  
  27.  
  28. @Named("loginController")
  29.  
  30. @SessionScoped
  31.  
  32. public class userCheck implements Serializable {
  33. private String user = null;
  34. private String password = null;
  35. private String error_Message = null;
  36. private String error_Database = null;
  37.  
  38. public userCheck(){
  39. }
  40.  
  41. /** Call the Oracle JDBC Connection driver */
  42. @Resource(name="jdbc/Oracle")
  43. private DataSource ds;
  44.  
  45. /** Call OSGI Bundle SH_27 Session Handle */
  46. /** Use transient in order to disable serialization when calling OSGI Bundle */
  47. @Inject @OSGiService(dynamic=true) transient SessionHandle hello;
  48.  
  49. public String CallOSGI() throws SQLException{
  50. return hello.CheckUserDB("Duke");
  51. }
  52.  
  53. /** Call OSGI Bundle CL_27 Crypto Library */
  54. @Inject @OSGiService(dynamic=true) transient CryptoSHA cryptoString;
  55.  
  56. public String zwwe(){
  57. return cryptoString.sayHello("Duke");
  58. }
  59.  
  60.  
  61. /** get the content of the variables from the JSF Login page */
  62. public void setUser(String newValue) {
  63. user = newValue;
  64. }
  65.  
  66. public String getUser(){
  67. return user;
  68. }
  69.  
  70. public void setPassword(String newValue) {
  71. password = newValue;
  72. }
  73.  
  74. public String getPassword(){
  75. return password;
  76. }
  77.  
  78. public String geterror_Database(){
  79. return error_Database;
  80. }
  81.  
  82. public String geterror_Message(){
  83. return error_Message;
  84. }
  85.  
  86. /** method for converting simple string into SHA-256 hash */
  87. public String string_hash(String hash) throws NoSuchAlgorithmException{
  88.  
  89. MessageDigest md = MessageDigest.getInstance("SHA-256");
  90. md.update(hash.getBytes());
  91.  
  92. byte byteData[] = md.digest();
  93.  
  94. /** convert the byte to hex format */
  95. StringBuilder sb = new StringBuilder();
  96. for (int i = 0; i < byteData.length; i++) {
  97. sb.append(Integer.toString((byteData[i] & 0xff) + 0x100, 16).substring(1));
  98. }
  99. return sb.toString();
  100. }
  101.  
  102. /** method for checking password into the Oracle database */
  103. public String CheckUserDB(String userToCheck) throws SQLException {
  104. String storedPassword = null;
  105. error_Message = null;
  106. String SQL_Statement = null;
  107.  
  108. if (ds == null) throw new SQLException( error_Database = "No data source");
  109. Connection conn = ds.getConnection();
  110. if (conn == null) throw new SQLException( error_Database = "No connection");
  111.  
  112. try {
  113. conn.setAutoCommit(false);
  114. boolean committed = false;
  115. try {
  116. SQL_Statement = "SELECT Passwd from USERS WHERE Username = ?";
  117.  
  118. PreparedStatement passwordQuery = conn.prepareStatement(SQL_Statement);
  119. passwordQuery.setString(1, userToCheck);
  120.  
  121. ResultSet result = passwordQuery.executeQuery();
  122.  
  123. if(result.next()){
  124. storedPassword = result.getString("Passwd");
  125. }
  126.  
  127. conn.commit();
  128. committed = true;
  129. } finally {
  130. if (!committed) conn.rollback();
  131. }
  132. }
  133. finally {
  134. conn.close();
  135.  
  136. }
  137. /** if the user is not found or password don't match display error message*/
  138. if (storedPassword == null){
  139. error_Message = "Invalid Username!";
  140. } else {
  141. error_Message = "Invalid Password!";
  142. }
  143.  
  144. return storedPassword;
  145. }
  146.  
  147. /** method for inserting user credentials into user sessions table */
  148.  
  149. /*
  150. *CREATE TABLE "ACTIVESESSIONS"(
  151. "SessionId" Char(20 ) NOT NULL,
  152. "UserId" Varchar2(30 ) NOT NULL,
  153. "LoginTime" Timestamp(6),
  154. "LastRefreshTime" Timestamp(6),
  155. "UserIP" Varchar2(30 ),
  156. "UserBrowserID" Varchar2(30 )
  157. )
  158. /
  159. */
  160.  
  161. public void SessionRegister (String UpdateUser) throws SQLException{
  162. String SQL_Statement = null;
  163. error_Message = null;
  164.  
  165. /** get user session id */
  166. FacesContext fCtx = FacesContext.getCurrentInstance();
  167. HttpSession session = (HttpSession) fCtx.getExternalContext().getSession(false);
  168. String sessionId = session.getId();
  169.  
  170. /** get user IP address */
  171. FacesContext context = FacesContext.getCurrentInstance();
  172. HttpServletRequest request = (HttpServletRequest)context.getExternalContext().getRequest();
  173. String remoteHost = request.getRemoteAddr();
  174.  
  175.  
  176. if (ds == null) throw new SQLException( error_Database = "No data source");
  177. Connection conn = ds.getConnection();
  178. if (conn == null) throw new SQLException( error_Database = "No connection");
  179.  
  180. try {
  181. conn.setAutoCommit(false);
  182. boolean committed = false;
  183. try { /* insert into Oracle the default system(Linux) time */
  184. SQL_Statement = "INSERT INTO ACTIVESESSIONS (SessionId, UserId, LoginTime, LastRefreshTime,"
  185. + "UserIP, UserBrowserID)VALUES ('" + sessionId + "', '" + UpdateUser
  186. + "' , current_timestamp, current_timestamp, '" + remoteHost + "', 'jjjk')";
  187.  
  188. PreparedStatement insertQuery = conn.prepareStatement(SQL_Statement);
  189. insertQuery.executeUpdate();
  190.  
  191. conn.commit();
  192. committed = true;
  193. } finally {
  194. if (!committed) conn.rollback();
  195. }
  196. }
  197. finally {
  198. conn.close();
  199.  
  200. }
  201.  
  202. return;
  203. }
  204.  
  205. /** compare the user and the password */
  206. public String userCompare() throws NoSuchAlgorithmException, SQLException {
  207. String hash_passwd = null;
  208. String passwdQuery = null;
  209.  
  210.  
  211.  
  212. /** check the password into Oracle using the username */
  213. passwdQuery = CheckUserDB(user);
  214.  
  215. /** convert the plain password in SHA-256 hash */
  216. hash_passwd = string_hash(password);
  217.  
  218. /** compare the encrypted passwords */
  219. if (password.equals(passwdQuery)){ // naro4no nekriptirani se sravnqvat
  220. /** insert into users session table the time when the user login */
  221. SessionRegister(user);
  222. /* success */
  223.  
  224. String stri = CallOSGI();
  225.  
  226. return "0";
  227. } else {
  228. /* failer */
  229. return "1";
  230. }
  231. }
  232.  
  233. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!