/** {@inheritDoc} */ @Override public IUtilisateur majMotDePasse(int idUtilisateur, String motDePasse) { IUtilisateur utilisateur = null; String sqlQuery = String.format( "UPDATE %s SET %s=? WHERE %s=?;", BaseDonneeEnum.UTILISATEUR, UtilisateurEnum.MOT_DE_PASSE_UTILISATEUR, UtilisateurEnum.ID_UTILISATEUR); PreparedStatement preparedStatement = this.getBd().openPrepared(sqlQuery); // Cryptage du mot de passe StrongPasswordEncryptor passwordEncryptor = new StrongPasswordEncryptor(); String motDePasseCrypt = passwordEncryptor.encryptPassword(motDePasse); try { int numeroParametre = 1; preparedStatement.setString(numeroParametre, motDePasseCrypt); preparedStatement.setInt(++numeroParametre, idUtilisateur); // On créé une instance Utilisateur avec les informations à notre disposition. utilisateur = new Utilisateur(idUtilisateur); utilisateur.setMotDePasseUtilisateur(motDePasseCrypt); preparedStatement.executeUpdate(); } catch (SQLException e) { LOGGER.warn(e); } this.getBd().closePrepared(preparedStatement); return utilisateur; }
/** * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods. * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); HttpSession session = request.getSession(true); try (PrintWriter out = response.getWriter()) { String name = request.getParameter("Name"); String username = request.getParameter("inputUsername"); String password = request.getParameter("inputPassword"); String status = null; StrongPasswordEncryptor passwordEncryptor = new StrongPasswordEncryptor(); String encryptedPassword = passwordEncryptor.encryptPassword(password); User user = new User(name, username, encryptedPassword, "user", "active"); UserDAO userDAO = new UserDAO(); User USER; USER = userDAO.getUser(username); if (USER != null) { session.setAttribute("errorRegister", "Username already taken"); response.sendRedirect("user/register.jsp"); } else { userDAO.addUser(user); response.sendRedirect("index.jsp"); } } }
/** {@inheritDoc} */ @Override public IUtilisateur creerUtilisateur( String prenom, String nom, String identifiant, String motDePasse, int numeroEtudiant, int idEntite) { IUtilisateur utilisateur = null; String sqlQuery = String.format( "INSERT INTO %s (%s,%s,%s,%s,%s,%s) VALUES (?,?,?,?,?,?);", BaseDonneeEnum.UTILISATEUR, UtilisateurEnum.PRENOM_UTILISATEUR, UtilisateurEnum.NOM_UTILISATEUR, UtilisateurEnum.IDENTIFIANT_UTILISATEUR, UtilisateurEnum.MOT_DE_PASSE_UTILISATEUR, UtilisateurEnum.NUMERO_ETUDIANT, UtilisateurEnum.ID_ENTITE); PreparedStatement preparedStatement = this.getBd().openPrepared(sqlQuery); // Cryptage du mot de passe StrongPasswordEncryptor passwordEncryptor = new StrongPasswordEncryptor(); String motDePasseCrypt = passwordEncryptor.encryptPassword(motDePasse); ResultSet resultSet = null; try { int numeroParametre = 1; preparedStatement.setString(numeroParametre, prenom); preparedStatement.setString(++numeroParametre, nom); preparedStatement.setString(++numeroParametre, identifiant); preparedStatement.setString(++numeroParametre, motDePasseCrypt); preparedStatement.setInt(++numeroParametre, numeroEtudiant); preparedStatement.setInt(++numeroParametre, idEntite); preparedStatement.executeUpdate(); // On cherche à obtenir l'idUtilisateur généré. resultSet = preparedStatement.getGeneratedKeys(); } catch (SQLException e) { LOGGER.warn(e); } if (resultSet != null) { try { // Si resusltSet n'est pas nul, on accède à la première ligne. resultSet.next(); // On créé une instance Utilisateur avec les informations à notre disposition. utilisateur = new Utilisateur( resultSet.getInt(1), numeroEtudiant, nom, prenom, identifiant, motDePasseCrypt); utilisateur.setEntiteUtilisateur(new Entite(idEntite)); resultSet.close(); } catch (SQLException e) { LOGGER.warn(e); } } this.getBd().closePrepared(preparedStatement); return utilisateur; }
/** @param args */ public static void main(String[] args) { BasicPasswordEncryptor passwordEncryptor = new BasicPasswordEncryptor(); System.out.println(passwordEncryptor.encryptPassword("changeme")); StrongPasswordEncryptor strongPasswordEncryptor = new StrongPasswordEncryptor(); System.out.println(strongPasswordEncryptor.encryptPassword("changeme")); }
/** * * Get User Name, session etc. and validate with database Respond with success or fail <argument * argName="sessionId" argValue="clients's nonce - post encryption with servers public key" /> * <argument argName="secret" argValue="shared secret - hash value - with key as sessionId" /> * <behavior>shared secret to be configured per device, sessionId should be pseudo random from * client</behavior> No encryption implemented yet Shared secret per device pending sessionId * implementation pending * * @param ctx * @param response * @throws IOException */ private void login(ReqCtx ctx, HttpServletResponse response, HttpSession session) throws IOException { PreparedStatement stmt = null; ResultSet rs = null; String userId = ctx.getUserId(); String sessionId = ctx.getArgVal(clntSessId_tag); String secret = ctx.getArgVal(secret_tag); String usrPass = ctx.getArgVal(Password_tag); StrongPasswordEncryptor passwordEncryptor = new StrongPasswordEncryptor(); if (null == sessionId || null == secret) { errorResponse(ctx, response, "missingArgs:secret|sessionId"); return; // working here } try { boolean status = false; stmt = con.prepareStatement("SELECT Password,Status FROM User WHERE MobileNumber = ?"); stmt.setString(1, userId); rs = stmt.executeQuery(); if (!rs.next()) { throw new Exception("No User"); // XXX TBD - should not let end client see this } String dbPass = rs.getString("Password"); String dbStatus = rs.getString("Status"); try { if (passwordEncryptor.checkPassword(usrPass, dbPass)) { status = true; } } catch (Exception e) { // do nothing - ignore StrongPasswordEncryptor checks in development : TBD XXX } if (!status) { if (dbPass.equals(usrPass) || secret.equals("testPass")) { status = true; } } if (status && dbStatus.equalsIgnoreCase( "operator")) { // 'active', 'suspended', 'deleted', 'operator' session.setAttribute(isOperator_tag, "true"); } // XXX TBD - check that deviceId belongs to the User if (!status) throw new Exception("Unauthorized"); // add ledger entry session.setAttribute(userId_tag, ctx.getUserId()); session.setAttribute(DevId_tag, ctx.getDevId()); session.setAttribute(clntSessId_tag, sessionId); session.setAttribute(Password_tag, usrPass); session.setMaxInactiveInterval(3600); // should be smaller in production TODO // session.setMaxInactiveInterval(5); // String message="Welcome " + userId + " from " + deviceId; Cookie loginCookie = new Cookie("USERNAME", userId); response.addCookie(loginCookie); log(Level.INFO, "Current session : " + session.getId()); successResponse(ctx, response, "Added User : "******"processing error:" + e.getMessage()); // should not show user the actual error log(WARNING, "Error in login in Oprtr: " + e); } finally { if (stmt != null) try { stmt.close(); } catch (SQLException logOrIgnore) { } } }
public static void main(String[] args) throws Exception { boolean isInteractive = false; classUrl = MynaInstaller.class.getResource("MynaInstaller.class").toString(); isJar = (classUrl.indexOf("jar") == 0); if (!isJar) { System.err.println("Installer can only be run from inside a Myna distribution war file"); System.exit(1); } Thread.sleep(1000); Console console = System.console(); String response = null; CommandLineParser parser = new PosixParser(); // create the Options Options options = new Options(); options.addOption( "c", "context", true, "Webapp context. Must Start with \"/\" Default: " + webctx); options.addOption("h", "help", false, "Displays help."); options.addOption( "w", "webroot", true, "Webroot to use. Will be created if webroot/WEB-INF does not exist. Default: " + webroot); options.addOption( "l", "logfile", true, "Log file to use. Will be created if it does not exist. Default: ./<context>.log"); options.addOption( "s", "servername", true, "Name of this instance. Will also be the name of the init script. Defaults to either \"myna\" or the value of <context> if defined"); // options.addOption( "P", "purpose", true, "Purpose of the Server, such as DEV,PROD,TRAIN, etc. // Defaults to DEV" ); options.addOption("p", "port", true, "HTTP port. Set to 0 to disable HTTP. Default: " + port); options.addOption( "sp", "ssl-port", true, "SSL (HTTPS) port. Set to 0 to disable SSL, Default: 0"); options.addOption( "ks", "keystore", true, "keystore path. Default: <webroot>/WEB-INF/myna/myna_keystore"); options.addOption("ksp", "ks-pass", true, "keystore password. Default: " + ksPass); options.addOption("ksa", "ks-alias", true, "certificate alias. Default: " + ksAlias); modeOptions.add("upgrade"); modeOptions.add("install"); options.addOption( "m", "mode", true, "Mode: one of " + modeOptions.toString() + ". \n" + "\"upgrade\": Upgrades myna installation in webroot and exits. " + "\"install\": Unpacks to webroot, and installs startup files"); options.addOption( "u", "user", true, "User to own and run the Myna installation. Only applies to unix installs. Default: nobody"); HelpFormatter formatter = new HelpFormatter(); String cmdSyntax = "java -jar myna-X.war -m <mode> [options]"; try { CommandLine line = parser.parse(options, args); Option option; if (args.length == 0) { formatter.printHelp(cmdSyntax, options); response = console.readLine("\nContinue with Interactive Install? (y/N)"); if (response.toLowerCase().equals("y")) { isInteractive = true; } else System.exit(1); } // Help if (line.hasOption("help")) { formatter.printHelp(cmdSyntax, options); System.exit(1); } // mode if (line.hasOption("mode")) { mode = line.getOptionValue("mode"); if (!modeOptions.contains(mode)) { System.err.println( "Invalid Arguments. Reason: Mode must be in " + modeOptions.toString()); formatter.printHelp(cmdSyntax, options); System.exit(1); } } else if (isInteractive) { option = options.getOption("mode"); console.printf("\n" + option.getDescription()); do { response = console.readLine("\nEnter " + option.getLongOpt() + "(" + mode + "): "); if (!response.isEmpty()) mode = response; } while (!modeOptions.contains(mode)); } // webroot if (line.hasOption("webroot")) { webroot = line.getOptionValue("webroot"); } else if (isInteractive) { option = options.getOption("webroot"); console.printf("\n" + option.getDescription()); response = console.readLine("\nEnter " + option.getLongOpt() + "(" + webroot + "): "); if (!response.isEmpty()) webroot = response; } // port if (line.hasOption("port")) { port = Integer.parseInt(line.getOptionValue("port")); } else if (isInteractive && mode.equals("install")) { option = options.getOption("port"); console.printf("\n" + option.getDescription()); response = console.readLine("\nEnter " + option.getLongOpt() + "(" + port + "): "); if (!response.isEmpty()) port = Integer.parseInt(response); } // context if (line.hasOption("context")) { webctx = line.getOptionValue("context"); } else if (isInteractive && mode.equals("install")) { option = options.getOption("context"); console.printf("\n" + option.getDescription()); response = console.readLine("\nEnter " + option.getLongOpt() + "(" + webctx + "): "); if (!response.isEmpty()) webctx = response; } if (!webctx.startsWith("/")) { webctx = "/" + webctx; } // servername (depends on context) if (!webctx.equals("/")) { serverName = webctx.substring(1); } if (line.hasOption("servername")) { serverName = line.getOptionValue("servername"); } else if (isInteractive && mode.equals("install")) { option = options.getOption("servername"); console.printf("\n" + option.getDescription()); response = console.readLine("\nEnter " + option.getLongOpt() + "(" + serverName + "): "); if (!response.isEmpty()) serverName = response; } // user if (line.hasOption("user")) { user = line.getOptionValue("user"); } else if (isInteractive && mode.equals("install")) { option = options.getOption("user"); console.printf("\n" + option.getDescription()); response = console.readLine("\nEnter " + option.getLongOpt() + "(" + user + "): "); if (!response.isEmpty()) user = response; } // logfile logFile = "myna.log"; if (!webctx.equals("/")) { logFile = webctx.substring(1) + ".log"; } if (line.hasOption("logfile")) { logFile = line.getOptionValue("logfile"); } else if (isInteractive && mode.equals("install")) { option = options.getOption("logfile"); console.printf("\n" + option.getDescription()); response = console.readLine("\nEnter " + option.getLongOpt() + "path(" + logFile + "): "); if (!response.isEmpty()) logFile = response; } // ssl-port if (line.hasOption("ssl-port")) { sslPort = Integer.parseInt(line.getOptionValue("ssl-port")); } else if (isInteractive && mode.equals("install")) { option = options.getOption("ssl-port"); console.printf("\n" + option.getDescription()); response = console.readLine("\nEnter " + option.getLongOpt() + "(" + sslPort + "): "); if (!response.isEmpty()) sslPort = Integer.parseInt(response); } // ks-pass if (line.hasOption("ks-pass")) { ksPass = line.getOptionValue("ks-pass"); } else if (isInteractive && mode.equals("install")) { option = options.getOption("ks-pass"); console.printf("\n" + option.getDescription()); response = console.readLine("\nEnter " + option.getLongOpt() + "(" + ksPass + "): "); if (!response.isEmpty()) ksPass = response; } // ks-alias if (line.hasOption("ks-alias")) { ksAlias = line.getOptionValue("ks-alias"); } else if (isInteractive && mode.equals("install")) { option = options.getOption("ks-alias"); console.printf("\n" + option.getDescription()); response = console.readLine("\nEnter " + option.getLongOpt() + "(" + ksAlias + "): "); if (!response.isEmpty()) ksAlias = response; } // keystore String appBase = new File(webroot).getCanonicalPath(); if (keystore == null) { keystore = appBase + "/WEB-INF/myna/myna_keystore"; } if (line.hasOption("keystore")) { keystore = line.getOptionValue("keystore"); } else if (isInteractive && mode.equals("install")) { option = options.getOption("keystore"); console.printf("\n" + option.getDescription()); response = console.readLine("\nEnter " + option.getLongOpt() + "(" + keystore + "): "); if (!response.isEmpty()) keystore = response; } javaOpts = line.getArgList(); } catch (ParseException exp) { System.err.println("Invalid Arguments. Reason: " + exp.getMessage()); formatter.printHelp(cmdSyntax, options); System.exit(1); } if (isInteractive) { System.out.println("\nProceeed with the following settings?:\n"); System.out.println("mode = " + mode); System.out.println("webroot = " + webroot); if (mode.equals("install")) { System.out.println("port = " + port); System.out.println("context = " + webctx); System.out.println("servername = " + serverName); System.out.println("user = "******"logfile = " + logFile); System.out.println("ssl-port = " + sslPort); System.out.println("ks-pass = "******"ks-alias = " + ksAlias); System.out.println("keystore = " + keystore); } response = console.readLine("Continue? (Y/n)"); if (response.toLowerCase().equals("n")) System.exit(1); } File wrFile = new File(webroot); webroot = wrFile.toString(); if (mode.equals("install")) { adminPassword = console.readLine("\nCreate an Admin password for this installation: "); } // unpack myna if necessary if (!wrFile.exists() || mode.equals("upgrade") || mode.equals("install")) { upgrade(wrFile); } if (mode.equals("install")) { File propertiesFile = new File(wrFile.toURI().resolve("WEB-INF/classes/general.properties")); FileInputStream propertiesFileIS = new FileInputStream(propertiesFile); Properties generalProperties = new Properties(); generalProperties.load(propertiesFileIS); propertiesFileIS.close(); if (!adminPassword.isEmpty()) { org.jasypt.util.password.StrongPasswordEncryptor cryptTool = new org.jasypt.util.password.StrongPasswordEncryptor(); generalProperties.setProperty("admin_password", cryptTool.encryptPassword(adminPassword)); } generalProperties.setProperty("instance_id", serverName); generalProperties.store( new java.io.FileOutputStream(propertiesFile), "Myna General Properties"); String javaHome = System.getProperty("java.home"); webroot = new File(webroot).getCanonicalPath(); if (serverName.length() == 0) serverName = "myna"; if (java.lang.System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) { if (!new File(logFile).isAbsolute()) { logFile = new File(wrFile.toURI().resolve("WEB-INF/" + logFile)).toString(); } File templateFile = new File( wrFile.toURI().resolve("WEB-INF/myna/install/windows/update_myna_service.cmd")); String initScript = FileUtils.readFileToString(templateFile) .replaceAll("\\{webctx\\}", webctx) .replaceAll("\\{server\\}", Matcher.quoteReplacement(serverName)) .replaceAll("\\{webroot\\}", Matcher.quoteReplacement(webroot)) .replaceAll("\\{logfile\\}", Matcher.quoteReplacement(logFile)) .replaceAll("\\{javahome\\}", Matcher.quoteReplacement(javaHome)) .replaceAll("\\{port\\}", new Integer(port).toString()) .replaceAll("\\{sslPort\\}", new Integer(sslPort).toString()) .replaceAll("\\{keystore\\}", Matcher.quoteReplacement(keystore)) .replaceAll("\\{ksPass\\}", Matcher.quoteReplacement(ksPass)) .replaceAll("\\{ksAlias\\}", Matcher.quoteReplacement(ksAlias)); File scriptFile = new File(wrFile.toURI().resolve("WEB-INF/myna/install/update_myna_service.cmd")); FileUtils.writeStringToFile(scriptFile, initScript); // Runtime.getRuntime().exec("cmd /c start " + scriptFile.toString()).waitFor(); System.out.println( "\nInstalled Service 'Myna App Server " + serverName + "' the following settings:\n"); System.out.println( "\nInit script '" + scriptFile + "' created with the following settings:\n"); System.out.println("memory=256MB"); System.out.println("serverName=" + serverName); System.out.println("javaHome=" + javaHome); System.out.println("context=" + webctx); System.out.println("port=" + port); System.out.println("myna_home=" + webroot); System.out.println("logfile=" + logFile); System.out.println("sslPort=" + sslPort); System.out.println("keyStore=" + keystore); System.out.println("ksPass="******"ksAlias=" + ksAlias); System.out.println( "\nEdit and and run the command file in " + scriptFile + " to update this service"); } else { String curUser = java.lang.System.getProperty("user.name"); if (!curUser.equals("root")) { System.out.println("Install mode must be run as root."); System.exit(1); } if (!new File(logFile).isAbsolute()) { logFile = new File(wrFile.toURI().resolve("WEB-INF/" + logFile)).toString(); } File templateFile = new File(wrFile.toURI().resolve("WEB-INF/myna/install/linux/init_script")); String initScript = FileUtils.readFileToString(templateFile) .replaceAll("\\{webctx\\}", webctx) .replaceAll("\\{server\\}", serverName) .replaceAll("\\{user\\}", user) .replaceAll("\\{webroot\\}", webroot) .replaceAll("\\{javahome\\}", javaHome) .replaceAll("\\{logfile\\}", logFile) .replaceAll("\\{port\\}", new Integer(port).toString()) .replaceAll("\\{sslPort\\}", new Integer(sslPort).toString()) .replaceAll("\\{keystore\\}", keystore) .replaceAll("\\{ksPass\\}", ksPass) .replaceAll("\\{ksAlias\\}", ksAlias); File scriptFile = new File(wrFile.toURI().resolve("WEB-INF/myna/install/" + serverName)); FileUtils.writeStringToFile(scriptFile, initScript); if (new File("/etc/init.d").exists()) { exec("chown -R " + user + " " + webroot); exec("chown root " + scriptFile.toString()); exec("chmod 700 " + scriptFile.toString()); exec("cp " + scriptFile.toString() + " /etc/init.d/"); System.out.println( "\nInit script '/etc/init.d/" + serverName + "' created with the following settings:\n"); } else { System.out.println( "\nInit script '" + scriptFile + "' created with the following settings:\n"); } System.out.println("user="******"memory=256MB"); System.out.println("server=" + serverName); System.out.println("context=" + webctx); System.out.println("port=" + port); System.out.println("myna_home=" + webroot); System.out.println("logfile=" + logFile); System.out.println("sslPort=" + sslPort); System.out.println("keyStore=" + keystore); System.out.println("ksPass="******"ksAlias=" + ksAlias); System.out.println("\nEdit this file to customize startup behavior"); } } }
public String encryptPassword(String plainText) { return encryptor.encryptPassword(plainText); }
public boolean isCorrectPassword(String plainText, String stored) { return encryptor.checkPassword(plainText, stored); }