Ejemplo n.º 1
0
 /**
  * Special login method - it cannot be assumed that the database schema is unchanged, so do not
  * use standard methods.
  */
 public static boolean login(String username, String password) throws WikiException {
   WikiVersion oldVersion =
       new WikiVersion(Environment.getValue(Environment.PROP_BASE_WIKI_VERSION));
   if (!oldVersion.before(0, 7, 0)) {
     try {
       return (WikiBase.getDataHandler().authenticate(username, password));
     } catch (DataAccessException e) {
       logger.severe("Unable to authenticate user during upgrade", e);
       throw new WikiException(new WikiMessage("upgrade.error.fatal", e.getMessage()));
     }
   }
   try {
     Connection conn = DatabaseConnection.getConnection();
     WikiPreparedStatement stmt =
         new WikiPreparedStatement(
             "select 1 from jam_wiki_user_info where login = ? and encoded_password = ?");
     if (!StringUtils.isBlank(password)) {
       password = Encryption.encrypt(password);
     }
     stmt.setString(1, username);
     stmt.setString(2, password);
     WikiResultSet rs = stmt.executeQuery(conn);
     return (rs.size() > 0);
   } catch (SQLException e) {
     logger.severe("Database failure while authenticating user", e);
     throw new WikiException(new WikiMessage("upgrade.error.fatal", e.getMessage()));
   }
 }
Ejemplo n.º 2
0
 // FIXME - shouldn't need to pass in response
 private boolean register(
     HttpServletRequest request,
     HttpServletResponse response,
     ModelAndView next,
     WikiPageInfo pageInfo)
     throws Exception {
   pageInfo.setSpecial(true);
   pageInfo.setAction(WikiPageInfo.ACTION_REGISTER);
   pageInfo.setPageTitle(new WikiMessage("register.title"));
   String virtualWikiName = JAMWikiServlet.getVirtualWikiFromURI(request);
   WikiUser user = new WikiUser();
   String userIdString = request.getParameter("userId");
   if (StringUtils.hasText(userIdString)) {
     int userId = new Integer(userIdString).intValue();
     if (userId > 0) user = WikiBase.getHandler().lookupWikiUser(userId);
   }
   user.setLogin(request.getParameter("login"));
   user.setDisplayName(request.getParameter("displayName"));
   user.setEmail(request.getParameter("email"));
   String newPassword = request.getParameter("newPassword");
   if (StringUtils.hasText(newPassword)) {
     user.setEncodedPassword(Encryption.encrypt(newPassword));
   }
   // FIXME - need to distinguish between add & update
   user.setCreateIpAddress(request.getRemoteAddr());
   user.setLastLoginIpAddress(request.getRemoteAddr());
   next.addObject("newuser", user);
   Vector errors = validate(request, user);
   if (errors.size() > 0) {
     next.addObject("errors", errors);
     String oldPassword = request.getParameter("oldPassword");
     String confirmPassword = request.getParameter("confirmPassword");
     if (oldPassword != null) next.addObject("oldPassword", oldPassword);
     if (newPassword != null) next.addObject("newPassword", newPassword);
     if (confirmPassword != null) next.addObject("confirmPassword", confirmPassword);
     return false;
   } else {
     WikiBase.getHandler().writeWikiUser(user);
     request.getSession().setAttribute(JAMWikiServlet.PARAMETER_USER, user);
     VirtualWiki virtualWiki = WikiBase.getHandler().lookupVirtualWiki(virtualWikiName);
     String topic = virtualWiki.getDefaultTopicName();
     String redirect =
         LinkUtil.buildInternalLinkUrl(request.getContextPath(), virtualWikiName, topic);
     // FIXME - can a redirect be done with Spring?
     redirect(redirect, response);
     return true;
   }
 }
Ejemplo n.º 3
0
 private boolean initialize(HttpServletRequest request, ModelAndView next, WikiPageInfo pageInfo)
     throws Exception {
   setProperties(request, next);
   WikiUser user = setAdminUser(request);
   List<WikiMessage> errors = validate(request, user);
   if (!errors.isEmpty()) {
     this.view(request, next, pageInfo);
     next.addObject("errors", errors);
     next.addObject("username", user.getUsername());
     next.addObject("newPassword", request.getParameter("newPassword"));
     next.addObject("confirmPassword", request.getParameter("confirmPassword"));
     return false;
   }
   if (previousInstall() && request.getParameter("override") == null) {
     // user is trying to do a new install when a previous installation exists
     next.addObject("upgrade", "true");
     next.addObject("username", user.getUsername());
     next.addObject("newPassword", request.getParameter("newPassword"));
     next.addObject("confirmPassword", request.getParameter("confirmPassword"));
     return false;
   }
   Environment.setBooleanValue(Environment.PROP_BASE_INITIALIZED, true);
   Environment.setValue(Environment.PROP_BASE_WIKI_VERSION, WikiVersion.CURRENT_WIKI_VERSION);
   String username = request.getParameter("username");
   String newPassword = request.getParameter("newPassword");
   String encryptedPassword = Encryption.encrypt(newPassword);
   WikiBase.reset(request.getLocale(), user, username, encryptedPassword);
   JAMWikiAuthenticationConfiguration.resetJamwikiAnonymousAuthorities();
   JAMWikiAuthenticationConfiguration.resetDefaultGroupRoles();
   Environment.saveProperties();
   // the setup process does not add new topics to the index (currently)
   // TODO - remove this once setup uses safe connection handling
   WikiBase.getSearchEngine().refreshIndex();
   // force current user credentials to be removed and re-validated.
   SecurityContextHolder.clearContext();
   return true;
 }
Ejemplo n.º 4
0
 /**
  * Encrypt and set a property value.
  *
  * @param name The name of the encrypted property being retrieved.
  * @value The enencrypted value of the property.
  */
 public static void setEncryptedProperty(String name, String value) throws Exception {
   value = Encryption.encrypt(value);
   Environment.setValue(name, value);
 }