API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 16th, 2016
84
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.08 KB | None | 0 0
raw download clone embed print report
  1. /**
  2. * Title: blogAdmin<p>
  3. * Description: Used to create and manage new threads, entries, groups and users in/for the journal.<p>
  4. * @author Nathan Binford
  5. * @version 1.2
  6. */
  7. package org.nb.blog;
  8.  
  9. import java.sql.*;
  10. import java.util.Date;
  11. import org.nb.Preferences;
  12. import org.xml.sax.SAXException;
  13. import javax.xml.parsers.ParserConfigurationException;
  14. import java.io.*;
  15. import java.security.*;
  16. import java.security.spec.*;
  17. import javax.crypto.*;
  18. import javax.crypto.spec.*;
  19.  
  20. public class blogAdmin
  21. {
  22. blogUser user; /** Authenticated User */
  23. private Preferences pref; /** Application settings */
  24.  
  25. /**
  26. *Constructor
  27. */
  28. public blogAdmin(blogUser user, String prefPath) throws blogException
  29. {
  30. if (user != null)
  31. this.user = user; //set active user
  32. else
  33. throw new blogException("Authentication Failure. Invalid user name and password.");
  34. try
  35. {
  36. pref = new Preferences(prefPath);
  37. }
  38. catch (ParserConfigurationException e) { throw new blogException("Cannot load preferences file. Message: " + e.getMessage()); }
  39. catch (SAXException e) { throw new blogException("Cannot load preferences file. Message: " + e.getMessage()); }
  40. catch (IOException e) { throw new blogException("Cannot load preferences file. Message: " + e.getMessage()); }
  41. }
  42.  
  43. /**
  44. *Create new thread and make it a child of the thread whose threadID matches parent (for top-level threads - those w/o parents - set parent = 0).
  45. */
  46. public void createThread(blogThread thread) throws blogException
  47. {
  48. Connection conn;
  49. Statement stmt;
  50.  
  51. try
  52. {
  53. //open database and write to it
  54. Class.forName(pref.getPreference("DB", "ClassString"));
  55. conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
  56. stmt = conn.createStatement();
  57.  
  58. //check rights on parent thread if adding as a child
  59. if (thread.getParent() != 0)
  60. {
  61. if (user.checkRights(thread.getParent()).indexOf("write") == -1)
  62. throw new blogException("Authentication Error. User does not have sufficent access rights.");
  63. }
  64.  
  65. //if user does have rights or doesn't need them, then add the thread
  66. stmt.executeUpdate("INSERT INTO threads (parent, title, description, owner) VALUES (" + thread.getParent() + ", '" + thread.getTitle() + "', '" + thread.getDescription() + "', '" + user.getUser() + "')");
  67. stmt.close();
  68. conn.close();
  69. }
  70. catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
  71. catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
  72. }
  73.  
  74. /**
  75. *Creates a new entry.
  76. */
  77. public void createEntry(blogEntry entry) throws blogException
  78. {
  79. Connection conn;
  80. Statement stmt;
  81. int threadID;
  82.  
  83. //check user's access rights
  84. if ((user.checkRights(entry.getThreadID()).indexOf("write")) != -1)
  85. {
  86. try
  87. {
  88. //open the database and search for the given thread
  89. Class.forName(pref.getPreference("DB", "ClassString"));
  90. conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
  91. stmt = conn.createStatement();
  92.  
  93. stmt.executeUpdate("INSERT INTO entries (threadID, name, author, date, content) VALUES (" + entry.getThreadID() + ", '" + entry.getName() + "', '" + entry.getAuthor() + "', '" + entry.getDate() + "', '" + entry.getContent() + "')");
  94.  
  95. stmt.close();
  96. conn.close();
  97. }
  98. catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
  99. catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
  100. }
  101. else
  102. throw new blogException("Authentication Error. User does not have sufficent access rights.");
  103. }
  104.  
  105. /*
  106. *Delete a thread and all of its children.
  107. **/
  108. public void deleteThread(int threadID) throws blogException
  109. {
  110. Connection conn;
  111. Statement stmt;
  112. ResultSet rs;
  113.  
  114. if ((user.checkRights(threadID).indexOf("write")) != -1)
  115. {
  116. try
  117. {
  118. //open db
  119. Class.forName(pref.getPreference("DB", "ClassString"));
  120. conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
  121. stmt = conn.createStatement();
  122.  
  123. //check the rights on all children
  124. rs = stmt.executeQuery("SELECT threadID FROM threads WHERE parent = " + threadID);
  125. while (rs.next())
  126. deleteThread(rs.getInt("threadID"));
  127. rs.close();
  128.  
  129. //user has access (blogException is thrown otherwise), continue
  130. stmt.execute("DELETE FROM threads WHERE threadID = " + threadID); //delete thread
  131. stmt.execute("DELETE FROM entries WHERE threadID = " + threadID); //delete thread's entries
  132. stmt.execute("DELETE FROM threadPrivs WHERE threadID = " + threadID); //delete privilege records
  133.  
  134. stmt.close();
  135. conn.close();
  136. }
  137. catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
  138. catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
  139. }
  140. else
  141. throw new blogException("Authentication Error. User does not have sufficent access rights to this thread, or a child of this thread.");
  142. }
  143.  
  144. /*
  145. *Delete an entry
  146. **/
  147. public void deleteEntry(int entryID, int threadID) throws blogException
  148. {
  149. Connection conn;
  150. Statement stmt;
  151.  
  152. if ((user.checkRights(threadID).indexOf("write")) != -1)
  153. {
  154. try
  155. {
  156. Class.forName(pref.getPreference("DB", "ClassString"));
  157. conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
  158. stmt = conn.createStatement();
  159. stmt.execute("DELETE FROM entries WHERE entryID = " + entryID); //delete entry
  160.  
  161. stmt.close();
  162. conn.close();
  163. }
  164. catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
  165. catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
  166. }
  167. else
  168. throw new blogException("Authentication Error. User does not have sufficent access rights.");
  169. }
  170.  
  171. /**
  172. *Create a user
  173. */
  174. public void createUser(String usr, String password, String group) throws blogException
  175. {
  176. Connection conn;
  177. Statement stmt;
  178. ResultSet rs;
  179. SecretKey key;
  180. Cipher cip;
  181. String keyStr;
  182.  
  183. try
  184. {
  185. BufferedReader r = new BufferedReader(new FileReader(pref.getPreference("KEY", "KeyFile")));
  186.  
  187. //user must be administrator to perform this action, is the user?
  188. if (user.getUser().equals(pref.getPreference("USERS", "AdministrativeUser")))
  189. {
  190. //register JCE provider
  191. Provider sunJce = new com.sun.crypto.provider.SunJCE();
  192. Security.addProvider(sunJce);
  193.  
  194. //read in private key record from file
  195. if ((keyStr = r.readLine()) != null)
  196. {
  197. //create SecretKey from key record
  198. key = new SecretKeySpec(keyStr.getBytes(), "DES");
  199.  
  200. //encrypt supplied password using key
  201. cip = Cipher.getInstance("DES");
  202. cip.init(Cipher.ENCRYPT_MODE, key);
  203. password = new String(cip.doFinal(password.getBytes()));
  204. }
  205. r.close();
  206.  
  207. Class.forName(pref.getPreference("DB", "ClassString"));
  208. conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
  209. stmt = conn.createStatement();
  210.  
  211. //check to see if group exists
  212. rs = stmt.executeQuery("SELECT groupID FROM groups WHERE groupID = '" + group + "'");
  213. if (!(rs.next()))
  214. {
  215. rs.close();
  216. throw new blogException("Invalid data. Group " + group + " does not exist.");
  217. }
  218.  
  219. //create user
  220. stmt.execute("INSERT INTO users (user, password, groupID) VALUES ('" + usr + "', '" + password + "', '" + group + "')");
  221.  
  222. rs.close();
  223. stmt.close();
  224. conn.close();
  225. }
  226. else
  227. throw new blogException("Authentication Error. User does not have sufficent access rights.");
  228. }
  229. catch (IllegalBlockSizeException e) { throw new blogException("Encryption Failure. Private Key Invalid."); }
  230. catch (BadPaddingException e) { throw new blogException("Encryption Failure. Private Key Invalid."); }
  231. catch (NoSuchPaddingException e) { throw new blogException("Encryption Failure. Private Key Invalid."); }
  232. catch (InvalidKeyException e) { throw new blogException("Encryption Failure. Private Key Invalid."); }
  233. catch (NoSuchAlgorithmException e) { throw new blogException("Encryption Failure. DES Algorithm Not Available."); }
  234. catch (FileNotFoundException e) { throw new blogException("File Access Failure. Cannot locate key file specified."); }
  235. catch (IOException e) { throw new blogException("File Access Failure: " + e.getMessage()); }
  236. catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
  237. catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
  238. }
  239.  
  240. /**
  241. *Create a group
  242. */
  243. public void createGroup(String group) throws blogException
  244. {
  245. Connection conn;
  246. Statement stmt;
  247.  
  248. //user must be administrator to perform this action, is the user?
  249. if (!(user.getUser().equals(pref.getPreference("Users", "AdministrativeUser"))))
  250. {
  251. try
  252. {
  253. Class.forName(pref.getPreference("DB", "ClassString"));
  254. conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
  255. stmt = conn.createStatement();
  256.  
  257. //create group
  258. stmt.execute("INSERT INTO groups (groupID) VALUES ('" + group + "')");
  259.  
  260. stmt.close();
  261. conn.close();
  262. }
  263. catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
  264. catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
  265. }
  266. else
  267. throw new blogException("Authentication Error. User must be administrator to perform this action.");
  268. }
  269.  
  270. public static final int RIGHT_READ = 1; /** Used in context with setGroupRights, sets rights to read-only **/
  271. public static final int RIGHT_READ_WRITE = 2; /** Used in context with setGroupRights, sets rights to read and write **/
  272.  
  273. /**
  274. *Sets the access rights on a thread for a group.
  275. */
  276. public void setGroupRights(String group, int threadID, int rightsFlg) throws blogException
  277. {
  278. Connection conn;
  279. Statement stmt;
  280. ResultSet rs;
  281. String rights;
  282.  
  283. //user must be administrator to perform this action, is user?
  284. if (!(user.getUser().equals(pref.getPreference("Users", "AdministrativeUser"))))
  285. {
  286. //get rights to set
  287. switch (rightsFlg)
  288. {
  289. case 1:
  290. rights = "read";
  291. break;
  292. case 2:
  293. rights = "read,write";
  294. break;
  295. default:
  296. throw new blogException("Invalid data. Access rights setting not a valid option.");
  297. }
  298.  
  299. try
  300. {
  301. Class.forName(pref.getPreference("DB", "ClassString"));
  302. conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
  303. stmt = conn.createStatement();
  304.  
  305. //set group access rights to thread
  306. //has rights entry already been made?
  307. rs = stmt.executeQuery("SELECT groupID FROM threadPrivs WHERE groupID = '" + group + "' AND threadID = " + threadID);
  308. if (!rs.next())
  309. //if so
  310. stmt.execute("INSERT INTO threadPrivs (rights, groupID, threadID) VALUES ('" + rights + "', '" + group + "', " + threadID + ")");
  311. else
  312. //if not
  313. stmt.executeUpdate("UPDATE threadPrivs SET rights = '" + rights + "' WHERE threadID = " + threadID + " AND groupID = '" + group + "'");
  314.  
  315. rs.close();
  316. stmt.close();
  317. conn.close();
  318. }
  319. catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
  320. catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
  321. }
  322. else
  323. throw new blogException("Authentication Error. User must be administrator to perform this action.");
  324. }
  325. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!