[cvs] expresso commit by rimovm: Bug fixes for user setup when no
database is
JCorporate Ltd
jcorp at jcorporate.com
Fri Mar 25 00:01:10 UTC 2005
Log Message:
-----------
Bug fixes for user setup when no database is present.
@deperecated unsafe code in Schema
Made Security objects SUPER_USER by default.
Modified Files:
--------------
expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj:
Schema.java
SecuredDBObject.java
expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/misc:
CurrentLogin.java
expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/security:
User.java
expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/servlet:
CheckLogin.java
StdServlet.java
expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/services/dbobj:
SecurityDBObject.java
expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/services/servlet:
DBCreate.java
Revision Data
-------------
Index: Schema.java
===================================================================
RCS file: /home/javacorp/.cvs/expresso/expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj/Schema.java,v
retrieving revision 1.53
retrieving revision 1.54
diff -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj/Schema.java -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj/Schema.java -u -r1.53 -r1.54
--- expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj/Schema.java
+++ expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj/Schema.java
@@ -117,8 +117,16 @@
*/
public abstract class Schema extends ContainerComponentBase implements ComponentLifecycle, RegistrationFactory {
+
+ /**
+ * Log4j Logger.
+ */
private static Logger log = Logger.getLogger(Schema.class);
+ /**
+ * A static map of schema definitions allowing us to offload individual schema
+ * instantiations by keeping metadata in a separate class.
+ */
private static Map schemaDefinitions = Collections.synchronizedMap(new HashMap(5));
@@ -155,6 +163,7 @@
/**
* Used to store an instance of this Schema class to prevent a new instance
* being instantiated for access to the messages bundle
+ * @deprecated This is not safe for multi-schema environments.
*/
private static Schema myInstance = null;
@@ -163,6 +172,10 @@
* The path to the message Bundle
*/
private String messageBundlePath = "";
+
+ /**
+ *
+ */
private int mUserID;
@@ -554,11 +567,14 @@
/**
+ * Do not use unless you wish to have bugs in your program :).
* @return an an instance of this schema instance.
+ * @deprecated This is an unsafe function in an environment with
+ * other Schemas operating. Deprecated since Expresso 5.6.1
*/
public static Schema getInstance() {
return myInstance;
- } /* getInstance() */
+ }
/**
* Return an enumeration of the jobs that are members of this schema
Index: SecuredDBObject.java
===================================================================
RCS file: /home/javacorp/.cvs/expresso/expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj/SecuredDBObject.java,v
retrieving revision 1.62
retrieving revision 1.63
diff -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj/SecuredDBObject.java -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj/SecuredDBObject.java -u -r1.62 -r1.63
--- expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj/SecuredDBObject.java
+++ expresso-web/WEB-INF/src/com/jcorporate/expresso/core/dbobj/SecuredDBObject.java
@@ -168,8 +168,7 @@
public SecuredDBObject()
throws DBException {
super();
-
- } /* SecuredDBObject() */
+ }
/**
* Constructor that sets the connection on create
@@ -181,7 +180,7 @@
public SecuredDBObject(DBConnection newConnection)
throws DBException {
this(newConnection, newConnection.getDataContext());
- } /* SecuredDBObject(DBConnection) */
+ }
/**
* <p/>
@@ -205,7 +204,7 @@
public SecuredDBObject(DBConnection newConnection, String setupTablesContext)
throws DBException {
super(newConnection, setupTablesContext);
- } /* DBObject(DBConnection) */
+ }
/**
Index: CurrentLogin.java
===================================================================
RCS file: /home/javacorp/.cvs/expresso/expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/misc/CurrentLogin.java,v
retrieving revision 1.21
retrieving revision 1.22
diff -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/core/misc/CurrentLogin.java -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/core/misc/CurrentLogin.java -u -r1.21 -r1.22
--- expresso-web/WEB-INF/src/com/jcorporate/expresso/core/misc/CurrentLogin.java
+++ expresso-web/WEB-INF/src/com/jcorporate/expresso/core/misc/CurrentLogin.java
@@ -117,6 +117,11 @@
private int uid = 0;
/**
+ * Case of the user.
+ */
+ private User currentUser = null;
+
+ /**
* The database context that this login belongs to.
*/
private String dbName = "default";
Index: User.java
===================================================================
RCS file: /home/javacorp/.cvs/expresso/expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/security/User.java,v
retrieving revision 1.55
retrieving revision 1.56
diff -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/core/security/User.java -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/core/security/User.java -u -r1.55 -r1.56
--- expresso-web/WEB-INF/src/com/jcorporate/expresso/core/security/User.java
+++ expresso-web/WEB-INF/src/com/jcorporate/expresso/core/security/User.java
@@ -100,6 +100,8 @@
import java.util.Vector;
import javax.mail.internet.MimeBodyPart;
+import com.jcorporate.expresso.core.dataobjects.Securable;
+import com.jcorporate.expresso.core.registry.MutableRequestRegistry;
/**
@@ -196,6 +198,7 @@
* Default constructor
*/
public User() {
+
} /* User() */
@@ -662,6 +665,15 @@
}
myUserInfo.setDBName(this.getDataContext());
+ if (myUserInfo instanceof Securable) {
+ try {
+ //Normally this needs to be a superuser object.
+ ((Securable) myUserInfo).setRequestingUser(SuperUser.SUPER_USER);
+ } catch (IllegalStateException ex) {
+ log.error("Error accessing request registry. Creating new request registry.", ex);
+ new MutableRequestRegistry("default", SuperUser.SUPER_USER);
+ }
+ }
return myUserInfo;
} /* getUserInfo() */
Index: StdServlet.java
===================================================================
RCS file: /home/javacorp/.cvs/expresso/expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/servlet/StdServlet.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/core/servlet/StdServlet.java -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/core/servlet/StdServlet.java -u -r1.17 -r1.18
--- expresso-web/WEB-INF/src/com/jcorporate/expresso/core/servlet/StdServlet.java
+++ expresso-web/WEB-INF/src/com/jcorporate/expresso/core/servlet/StdServlet.java
@@ -94,9 +94,14 @@
* @author Michael Nash
* @see com.jcorporate.expresso.core.servlet.DBServlet
*/
-public abstract class StdServlet
- extends HttpServlet {
+public abstract class StdServlet extends HttpServlet {
+
+ /**
+ * Debug message constant.
+ */
protected static final String thisClass = StdServlet.class.getName() + ".";
+
+
protected String mySchema = null;
/**
Index: CheckLogin.java
===================================================================
RCS file: /home/javacorp/.cvs/expresso/expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/core/servlet/CheckLogin.java,v
retrieving revision 1.26
retrieving revision 1.27
diff -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/core/servlet/CheckLogin.java -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/core/servlet/CheckLogin.java -u -r1.26 -r1.27
--- expresso-web/WEB-INF/src/com/jcorporate/expresso/core/servlet/CheckLogin.java
+++ expresso-web/WEB-INF/src/com/jcorporate/expresso/core/servlet/CheckLogin.java
@@ -84,6 +84,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Enumeration;
+import com.jcorporate.expresso.core.security.SuperUser;
/**
@@ -231,6 +232,10 @@
throws NonHandleableException {
try {
+ //Establish a superuser request registry for this request that will
+ //then be established as other identities.
+ new MutableRequestRegistry("default", SuperUser.SUPER_USER);
+
if (SystemMacros.getInstance().getServerPrefix() == null) {
SystemMacros.getInstance().setServerPrefix(request.getServerName()
+ ":" + request.getServerPort());
@@ -270,7 +275,7 @@
if (isInSesson) {
User user = new User();
- user.setDBName(currentDB);
+ user.setDataContext(currentDB);
user.setUid(cl.getUid());
if (user.find()) {
//The following line sets the particular instance of requestRegistry
@@ -372,38 +377,38 @@
public boolean loginViaContainer(HttpServletRequest request, String forceDB)
throws Exception {
- /* Obtain user name from container. Abort if null. */
- String userName = request.getRemoteUser();
- if (userName == null) {
- return false;
- }
+ /* Obtain user name from container. Abort if null. */
+ String userName = request.getRemoteUser();
+ if (userName == null) {
+ return false;
+ }
- /* If no db is established, set to default */
- String dbToLogin = "default";
+ /* If no db is established, set to default */
+ String dbToLogin = "default";
- if (forceDB != null) {
- dbToLogin = forceDB;
- }
+ if (forceDB != null) {
+ dbToLogin = forceDB;
+ }
- User thisUser = new User();
- thisUser.setDataContext(dbToLogin);
- thisUser.setLoginName(userName);
+ User thisUser = new User();
+ thisUser.setDataContext(dbToLogin);
+ thisUser.setLoginName(userName);
- if (!thisUser.find()) {
- return false;
- }
+ if (!thisUser.find()) {
+ return false;
+ }
- if (!thisUser.getAccountStatus().equals("A")) {
- throw new ServletException("Access denied: Expresso account '" + userName
+ if (!thisUser.getAccountStatus().equals("A")) {
+ throw new ServletException("Access denied: Expresso account '" + userName
+ "' is not active.");
- }
+ }
- if (log.isInfoEnabled()) {
- log.info("User " + thisUser.getDisplayName() + " logged in via the container");
- }
+ if (log.isInfoEnabled()) {
+ log.info("User " + thisUser.getDisplayName() + " logged in via the container");
+ }
- doSuccessfulAuth(request, userName, dbToLogin, thisUser);
- return true;
+ doSuccessfulAuth(request, userName, dbToLogin, thisUser);
+ return true;
}
@@ -487,41 +492,44 @@
logInAsNone(request, db);
}
- User myUser = new User();
- myUser.setDataContext(db);
- myUser.setLoginName(userName);
- if (!myUser.find()) {
- if (log.isDebugEnabled()) {
- log.debug("Cookie username '" + userName +
+
+ User myUser = new User();
+ myUser.setDataContext(db);
+ myUser.setLoginName(userName);
+
+ if (!myUser.find()) {
+ if (log.isDebugEnabled()) {
+ log.debug("Cookie username '" + userName +
"' not found in db '" + db +
"'. User logged in as 'NONE'");
- }
+ }
- return false;
- } /* if user not found */
+ return false;
+ }
+ /* if user not found */
- if (!myUser.getAccountStatus().equals(User.ACTIVE_ACCOUNT_STATUS)) {
- log.warn("Attempted login to an inactive account. Client i.p. "
+ if (!myUser.getAccountStatus().equals(User.ACTIVE_ACCOUNT_STATUS)) {
+ log.warn("Attempted login to an inactive account. Client i.p. "
+ request.getRemoteAddr() + " Account status: " + myUser.getAccountStatus()
+ " Login Name: " + userName + " passwd: " + password + " DB" + db);
- return false; // no need to throw exception here; just do not give auth
- }
-
- if (!myUser.passwordEquals(StringUtil.notNull(password))) {
- if (log.isDebugEnabled()) {
- log.debug("Cookie password didn't match, User logged in as 'NONE'");
+ return false; // no need to throw exception here; just do not give auth
}
- return false;
- }
+ if (!myUser.passwordEquals(StringUtil.notNull(password))) {
+ if (log.isDebugEnabled()) {
+ log.debug("Cookie password didn't match, User logged in as 'NONE'");
+ }
- if (log.isInfoEnabled()) {
- log.info("User " + myUser.getDisplayName() + " (" + userName +
+ return false;
+ }
+
+ if (log.isInfoEnabled()) {
+ log.info("User " + myUser.getDisplayName() + " (" + userName +
") logged in via cookie as '" + userName + "'");
- }
+ }
- doSuccessfulAuth(request, userName, db, myUser);
+ doSuccessfulAuth(request, userName, db, myUser);
return true;
}
Index: SecurityDBObject.java
===================================================================
RCS file: /home/javacorp/.cvs/expresso/expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/services/dbobj/SecurityDBObject.java,v
retrieving revision 1.16
retrieving revision 1.17
diff -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/services/dbobj/SecurityDBObject.java -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/services/dbobj/SecurityDBObject.java -u -r1.16 -r1.17
--- expresso-web/WEB-INF/src/com/jcorporate/expresso/services/dbobj/SecurityDBObject.java
+++ expresso-web/WEB-INF/src/com/jcorporate/expresso/services/dbobj/SecurityDBObject.java
@@ -73,6 +73,7 @@
import com.jcorporate.expresso.core.misc.StringUtil;
import org.apache.log4j.Logger;
import com.jcorporate.expresso.core.security.ReadOnlyUser;
+import com.jcorporate.expresso.core.security.SuperUser;
/**
@@ -131,12 +132,32 @@
* @author Michael Nash
*/
public abstract class SecurityDBObject extends SecuredDBObject {
+
+ /**
+ * The one and only log4j instance of this class isntance.
+ */
private static Logger log = Logger.getLogger(SecurityDBObject.class);
+
+ /**
+ * Constant for security context key.
+ */
public static final String SECURITY_CONTEXT = "SecurityDB";
+
+ /**
+ * Constant for security dbobjects key.
+ */
public static final String SECURITY_OBJECTS = "SecurityDBObjs";
+ /**
+ * Default constructor. Sets superuser access status for the security
+ * context since security objects need to search their respective databases
+ * regardless of user security. Of course, DBMaint will setRequestingUser
+ * for purposes of interaction.
+ * @throws DBException
+ */
public SecurityDBObject() throws DBException {
super();
+ this.setRequestingUser(SuperUser.SUPER_USER);
}
/**
@@ -145,6 +166,7 @@
*
* @param uid the Uid of the user context
* @throws DBException if there's an initialization problem
+ * @deprecated since Expresso 5.7
*/
public SecurityDBObject(int uid) throws DBException {
super(uid);
@@ -160,6 +182,7 @@
*/
public SecurityDBObject(final ReadOnlyUser userSecuityContext) throws DBException {
super(userSecuityContext);
+ this.setRequestingUser(SuperUser.SUPER_USER);
}
/**
Index: DBCreate.java
===================================================================
RCS file: /home/javacorp/.cvs/expresso/expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/services/servlet/DBCreate.java,v
retrieving revision 1.26
retrieving revision 1.27
diff -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/services/servlet/DBCreate.java -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/services/servlet/DBCreate.java -u -r1.26 -r1.27
--- expresso-web/WEB-INF/src/com/jcorporate/expresso/services/servlet/DBCreate.java
+++ expresso-web/WEB-INF/src/com/jcorporate/expresso/services/servlet/DBCreate.java
@@ -146,7 +146,9 @@
throws ServletException, IOException {
try {
- ExpressoSchema jc = (ExpressoSchema) ExpressoSchema.getInstance();
+
+
+ ExpressoSchema jc = (ExpressoSchema)SchemaFactory.getInstance().getSchema(ExpressoSchema.class.getName());
if (jc == null) {
jc = new ExpressoSchema();
More information about the cvs
mailing list