Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /**
- * Title: blogAdmin<p>
- * Description: Used to create and manage new threads, entries, groups and users in/for the journal.<p>
- * @author Nathan Binford
- * @version 1.2
- */
- package org.nb.blog;
- import java.sql.*;
- import java.util.Date;
- import org.nb.Preferences;
- import org.xml.sax.SAXException;
- import javax.xml.parsers.ParserConfigurationException;
- import java.io.*;
- import java.security.*;
- import java.security.spec.*;
- import javax.crypto.*;
- import javax.crypto.spec.*;
- public class blogAdmin
- {
- blogUser user; /** Authenticated User */
- private Preferences pref; /** Application settings */
- /**
- *Constructor
- */
- public blogAdmin(blogUser user, String prefPath) throws blogException
- {
- if (user != null)
- this.user = user; //set active user
- else
- throw new blogException("Authentication Failure. Invalid user name and password.");
- try
- {
- pref = new Preferences(prefPath);
- }
- catch (ParserConfigurationException e) { throw new blogException("Cannot load preferences file. Message: " + e.getMessage()); }
- catch (SAXException e) { throw new blogException("Cannot load preferences file. Message: " + e.getMessage()); }
- catch (IOException e) { throw new blogException("Cannot load preferences file. Message: " + e.getMessage()); }
- }
- /**
- *Create new thread and make it a child of the thread whose threadID matches parent (for top-level threads - those w/o parents - set parent = 0).
- */
- public void createThread(blogThread thread) throws blogException
- {
- Connection conn;
- Statement stmt;
- try
- {
- //open database and write to it
- Class.forName(pref.getPreference("DB", "ClassString"));
- conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
- stmt = conn.createStatement();
- //check rights on parent thread if adding as a child
- if (thread.getParent() != 0)
- {
- if (user.checkRights(thread.getParent()).indexOf("write") == -1)
- throw new blogException("Authentication Error. User does not have sufficent access rights.");
- }
- //if user does have rights or doesn't need them, then add the thread
- stmt.executeUpdate("INSERT INTO threads (parent, title, description, owner) VALUES (" + thread.getParent() + ", '" + thread.getTitle() + "', '" + thread.getDescription() + "', '" + user.getUser() + "')");
- stmt.close();
- conn.close();
- }
- catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
- catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
- }
- /**
- *Creates a new entry.
- */
- public void createEntry(blogEntry entry) throws blogException
- {
- Connection conn;
- Statement stmt;
- int threadID;
- //check user's access rights
- if ((user.checkRights(entry.getThreadID()).indexOf("write")) != -1)
- {
- try
- {
- //open the database and search for the given thread
- Class.forName(pref.getPreference("DB", "ClassString"));
- conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
- stmt = conn.createStatement();
- stmt.executeUpdate("INSERT INTO entries (threadID, name, author, date, content) VALUES (" + entry.getThreadID() + ", '" + entry.getName() + "', '" + entry.getAuthor() + "', '" + entry.getDate() + "', '" + entry.getContent() + "')");
- stmt.close();
- conn.close();
- }
- catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
- catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
- }
- else
- throw new blogException("Authentication Error. User does not have sufficent access rights.");
- }
- /*
- *Delete a thread and all of its children.
- **/
- public void deleteThread(int threadID) throws blogException
- {
- Connection conn;
- Statement stmt;
- ResultSet rs;
- if ((user.checkRights(threadID).indexOf("write")) != -1)
- {
- try
- {
- //open db
- Class.forName(pref.getPreference("DB", "ClassString"));
- conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
- stmt = conn.createStatement();
- //check the rights on all children
- rs = stmt.executeQuery("SELECT threadID FROM threads WHERE parent = " + threadID);
- while (rs.next())
- deleteThread(rs.getInt("threadID"));
- rs.close();
- //user has access (blogException is thrown otherwise), continue
- stmt.execute("DELETE FROM threads WHERE threadID = " + threadID); //delete thread
- stmt.execute("DELETE FROM entries WHERE threadID = " + threadID); //delete thread's entries
- stmt.execute("DELETE FROM threadPrivs WHERE threadID = " + threadID); //delete privilege records
- stmt.close();
- conn.close();
- }
- catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
- catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
- }
- else
- throw new blogException("Authentication Error. User does not have sufficent access rights to this thread, or a child of this thread.");
- }
- /*
- *Delete an entry
- **/
- public void deleteEntry(int entryID, int threadID) throws blogException
- {
- Connection conn;
- Statement stmt;
- if ((user.checkRights(threadID).indexOf("write")) != -1)
- {
- try
- {
- Class.forName(pref.getPreference("DB", "ClassString"));
- conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
- stmt = conn.createStatement();
- stmt.execute("DELETE FROM entries WHERE entryID = " + entryID); //delete entry
- stmt.close();
- conn.close();
- }
- catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
- catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
- }
- else
- throw new blogException("Authentication Error. User does not have sufficent access rights.");
- }
- /**
- *Create a user
- */
- public void createUser(String usr, String password, String group) throws blogException
- {
- Connection conn;
- Statement stmt;
- ResultSet rs;
- SecretKey key;
- Cipher cip;
- String keyStr;
- try
- {
- BufferedReader r = new BufferedReader(new FileReader(pref.getPreference("KEY", "KeyFile")));
- //user must be administrator to perform this action, is the user?
- if (user.getUser().equals(pref.getPreference("USERS", "AdministrativeUser")))
- {
- //register JCE provider
- Provider sunJce = new com.sun.crypto.provider.SunJCE();
- Security.addProvider(sunJce);
- //read in private key record from file
- if ((keyStr = r.readLine()) != null)
- {
- //create SecretKey from key record
- key = new SecretKeySpec(keyStr.getBytes(), "DES");
- //encrypt supplied password using key
- cip = Cipher.getInstance("DES");
- cip.init(Cipher.ENCRYPT_MODE, key);
- password = new String(cip.doFinal(password.getBytes()));
- }
- r.close();
- Class.forName(pref.getPreference("DB", "ClassString"));
- conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
- stmt = conn.createStatement();
- //check to see if group exists
- rs = stmt.executeQuery("SELECT groupID FROM groups WHERE groupID = '" + group + "'");
- if (!(rs.next()))
- {
- rs.close();
- throw new blogException("Invalid data. Group " + group + " does not exist.");
- }
- //create user
- stmt.execute("INSERT INTO users (user, password, groupID) VALUES ('" + usr + "', '" + password + "', '" + group + "')");
- rs.close();
- stmt.close();
- conn.close();
- }
- else
- throw new blogException("Authentication Error. User does not have sufficent access rights.");
- }
- catch (IllegalBlockSizeException e) { throw new blogException("Encryption Failure. Private Key Invalid."); }
- catch (BadPaddingException e) { throw new blogException("Encryption Failure. Private Key Invalid."); }
- catch (NoSuchPaddingException e) { throw new blogException("Encryption Failure. Private Key Invalid."); }
- catch (InvalidKeyException e) { throw new blogException("Encryption Failure. Private Key Invalid."); }
- catch (NoSuchAlgorithmException e) { throw new blogException("Encryption Failure. DES Algorithm Not Available."); }
- catch (FileNotFoundException e) { throw new blogException("File Access Failure. Cannot locate key file specified."); }
- catch (IOException e) { throw new blogException("File Access Failure: " + e.getMessage()); }
- catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
- catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
- }
- /**
- *Create a group
- */
- public void createGroup(String group) throws blogException
- {
- Connection conn;
- Statement stmt;
- //user must be administrator to perform this action, is the user?
- if (!(user.getUser().equals(pref.getPreference("Users", "AdministrativeUser"))))
- {
- try
- {
- Class.forName(pref.getPreference("DB", "ClassString"));
- conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
- stmt = conn.createStatement();
- //create group
- stmt.execute("INSERT INTO groups (groupID) VALUES ('" + group + "')");
- stmt.close();
- conn.close();
- }
- catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
- catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
- }
- else
- throw new blogException("Authentication Error. User must be administrator to perform this action.");
- }
- public static final int RIGHT_READ = 1; /** Used in context with setGroupRights, sets rights to read-only **/
- public static final int RIGHT_READ_WRITE = 2; /** Used in context with setGroupRights, sets rights to read and write **/
- /**
- *Sets the access rights on a thread for a group.
- */
- public void setGroupRights(String group, int threadID, int rightsFlg) throws blogException
- {
- Connection conn;
- Statement stmt;
- ResultSet rs;
- String rights;
- //user must be administrator to perform this action, is user?
- if (!(user.getUser().equals(pref.getPreference("Users", "AdministrativeUser"))))
- {
- //get rights to set
- switch (rightsFlg)
- {
- case 1:
- rights = "read";
- break;
- case 2:
- rights = "read,write";
- break;
- default:
- throw new blogException("Invalid data. Access rights setting not a valid option.");
- }
- try
- {
- Class.forName(pref.getPreference("DB", "ClassString"));
- conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
- stmt = conn.createStatement();
- //set group access rights to thread
- //has rights entry already been made?
- rs = stmt.executeQuery("SELECT groupID FROM threadPrivs WHERE groupID = '" + group + "' AND threadID = " + threadID);
- if (!rs.next())
- //if so
- stmt.execute("INSERT INTO threadPrivs (rights, groupID, threadID) VALUES ('" + rights + "', '" + group + "', " + threadID + ")");
- else
- //if not
- stmt.executeUpdate("UPDATE threadPrivs SET rights = '" + rights + "' WHERE threadID = " + threadID + " AND groupID = '" + group + "'");
- rs.close();
- stmt.close();
- conn.close();
- }
- catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
- catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
- }
- else
- throw new blogException("Authentication Error. User must be administrator to perform this action.");
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement