/** * Validates the login. Writes the isValid flag into the session along with the current user. * * @return true if OK, false if there's a problem */ private boolean validateLogin( HttpSession session, HttpServletRequest req, HttpServletResponse res) throws Exception { // Creates a user database access bean. UserManager userManager = new UserManager(); // (no setSession() here, since user may not exist yet) // Validates the login String username = req.getParameter("Username"); String password = req.getParameter("Password"); boolean isValid = userManager.isValidUser(username, password); boolean isAdmin = userManager.isAdmin(username); // To allow bootstrapping the system, if there are no users // yet, set this session valid, and grant admin privileges. if (userManager.getRecords().isEmpty()) { isValid = true; isAdmin = true; } if (isValid) { // Writes User object and validity flag to the session session.setAttribute("user", new User(username, password, isAdmin)); session.setAttribute("isValid", new Boolean(isValid)); } else { Util.putMessagePage(res, "Invalid user or password"); return false; } return isValid; }
public Message startAuthentication(AuthenticationMessage msg) throws AuthenticationException, GeneralSecurityException { if (msg instanceof RequestLoginMessage) { RequestLoginMessage rlm = (RequestLoginMessage) msg; username = rlm.getLogin(); if (!allowRoot && username.equals("root")) { throw new AuthenticationException("Must authenticate as a regular user first."); } // generate challange byte[] passhash = UserManager.v().getPassHash(username); if (passhash == null) { throw new AuthenticationException("User has no password"); } ChallangeMessage cm = new ChallangeMessage(); SecureRandom rand = new SecureRandom(); rand.nextBytes(randNumber); cm.setChallange(randNumber, passhash); state = CL_CHALLANGE_SENT; // send the challange return cm; } else if (msg instanceof ChallangeCheckStatusMessage) { // After authentication is complete the client sends this message // It can be safely ignored. We don't care that the client has // actually authenticated us. return null; } throw new AuthenticationException("State Error"); }
public Message updateState(AuthenticationMessage msg) throws AuthenticationException, GeneralSecurityException { switch (state) { case CL_CHALLANGE_SENT: { ChallangeResponseMessage crm = null; byte[] resp; if (msg instanceof ChallangeResponseMessage) { crm = (ChallangeResponseMessage) msg; resp = crm.getResponse(); } else { throw new AuthenticationException("State Error"); } if (!Arrays.equals(randNumber, resp)) { throw new AuthenticationException("Authentication Failed"); } state = SR_AUTH_SERVER; // wait for challenge ChallangeCheckStatusMessage check = new ChallangeCheckStatusMessage(); check.setOk(true); return check; } case SR_AUTH_SERVER: { ChallangeMessage cm = null; if (msg instanceof ChallangeMessage) { cm = (ChallangeMessage) msg; } else { throw new AuthenticationException("State Error"); } // send reponse ChallangeResponseMessage crm = new ChallangeResponseMessage(); byte[] passhash = UserManager.v().getPassHash(username); if (passhash == null) { throw new AuthenticationException("User has no password"); } crm.produceResponse(cm.getChallange(), passhash); authenticated = true; logger.info("User " + username + " logged in"); state = DONE_STATE; // complete the challenege-response return crm; } default: { if (msg instanceof ChallangeCheckStatusMessage) { return null; } } } throw new AuthenticationException("State Incomplete"); }
/** * Displays a given Meeting page for a HTTP Get, or creates a new Meeting for a HTTP Post * * <p>- Requires a cookie for the session user - Requires a meetingId request parameter for a GET * - Requires description, createdByUserId, datepicker, meetingTime, groupId request parameters * for a POST * * @param req The HTTP Request * @param res The HTTP Response */ public void meetingAction(HttpServletRequest req, HttpServletResponse res) { // Ensure there is a cookie for the session user if (AccountController.redirectIfNoCookie(req, res)) return; Map<String, Object> viewData = new HashMap<String, Object>(); viewData.put("title", "Meeting"); // Initialise Manager connections MeetingManager meetingMan = new MeetingManager(); GroupManager groupMan = new GroupManager(); if (req.getMethod() == HttpMethod.Get) { // Get request parameter int meetingId = Integer.parseInt(req.getParameter("meetingId")); Meeting meeting = meetingMan.get(meetingId); if (meeting != null) { List<User> meetingUsers = groupMan.getGroupUsers(meeting.getGroupId()); viewData.put("meetingUsers", meetingUsers); viewData.put("meeting", meeting); view(req, res, "/views/group/Meeting.jsp", viewData); } else { httpNotFound(req, res); } } else if (req.getMethod() == HttpMethod.Post) { // Get details from request String description = req.getParameter("description"); int createdByUserId = Integer.parseInt(req.getParameter("createdByUserId")); Date dateCreated = new Date(); String meetingDate = req.getParameter("datepicker"); String meetingTime = req.getParameter("meetingTime"); // Parse meeting date time details DateFormat format = new SimpleDateFormat("MM/dd/yyyy HH:mm"); Date dateDue = new Date(); try { dateDue = format.parse(meetingDate + " " + meetingTime); } catch (ParseException e) { // Unable to parse date. This shouldn't happen since we are // performing javascript validation. } int groupId = Integer.parseInt(req.getParameter("groupId")); // Create a Meeting Meeting meeting = new Meeting(); meeting.setDescription(description); meeting.setCreatedByUserId(createdByUserId); meeting.setDateCreated(dateCreated); meeting.setDateDue(dateDue); meeting.setGroupId(groupId); meetingMan.createMeeting(meeting); int meetingId = meetingMan.getIdFor(meeting); meeting.setId(meetingId); UserManager userMan = new UserManager(); User createdByUser = userMan.get(createdByUserId); // Create a notification for all users in group NotificationManager notificationMan = new NotificationManager(); List<User> users = groupMan.getGroupUsers(groupId); for (User u : users) { Notification notification = new Notification( u.getId(), u, groupId, null, "Meeting " + description + " was created by " + createdByUser.getFullName(), "/group/meeting?meetingId=" + meetingId); notificationMan.createNotification(notification); } // Update the User Session to show new meeting HttpSession session = req.getSession(); Session userSession = (Session) session.getAttribute("userSession"); User admin = userSession.getUser(); admin.getMeetings().add(meeting); // Show meeting page viewData.put("meetingUsers", users); viewData.put("meeting", meeting); view(req, res, "/views/group/Meeting.jsp", viewData); } }