Changeset 6427


Ignore:
Timestamp:
Feb 28, 2014, 10:33:01 AM (9 years ago)
Author:
Nicklas Nordborg
Message:

References #1599: Convert authentication plug-in system to an extension point

Adding some more capabilities to the AuthenticationContext, SessionControl and LoginRequest that makes it possible to query for a list of users and internal login based on the user id (saves a query to the database).

Location:
trunk/src/core/net/sf/basedb/core
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/core/net/sf/basedb/core/AuthenticationContext.java

    r6425 r6427  
    2222package net.sf.basedb.core;
    2323
     24import java.util.List;
     25
    2426import net.sf.basedb.core.authentication.AuthenticatedUser;
    2527import net.sf.basedb.core.authentication.LoginRequest;
    2628import net.sf.basedb.core.data.UserData;
     29import net.sf.basedb.core.query.QueryParameter;
    2730import net.sf.basedb.util.extensions.ClientContext;
    2831
     
    9194 
    9295  /**
     96    Find users in the database using a "free" restriction. The restriction
     97    may contain named parameters but their values must be supplied
     98    as {@link QueryParameter} objects.
     99   
     100    IMPORTANT! Do not insert user-data into the restriction string since
     101    it may open up for SQL injection attacks.
     102   
     103    @param restriction A HQL restriction put in the WHERE clause
     104    @param parameters Optional query parameters
     105    @return A list of users (may be empty)
     106  */
     107  public List<UserData> findUsers(String restriction, QueryParameter... parameters)
     108  {
     109    String sql = "SELECT usr FROM UserData usr";
     110    if (restriction != null)
     111    {
     112      sql += " WHERE " + restriction;
     113    }
     114    org.hibernate.Query query = HibernateUtil.createQuery(session, sql);
     115    if (parameters != null)
     116    {
     117      for (QueryParameter qp : parameters)
     118      {
     119        query.setParameter(qp.getName(), qp.getValue(), qp.getType().getTypeWrapper().getHibernateType());
     120      }
     121    }
     122    return HibernateUtil.loadList(UserData.class, query, getSessionControl());
     123  }
     124 
     125  /**
    93126    Load a user item from the BASE database given an internal id.
    94127    @param id The internal id for the user
  • trunk/src/core/net/sf/basedb/core/SessionControl.java

    r6425 r6427  
    418418
    419419  /**
    420     Verify the user with internal authentication.
     420    Verify the user with internal authentication. If the LoginRequest
     421    has a user id this is used first, otherwise the login is used.
    421422  */
    422423  AuthenticatedUser verifyUserInternal(org.hibernate.Session session, LoginRequest loginRequest)
     
    424425    String login = loginRequest.getLogin();
    425426    String password = loginRequest.getPassword();
    426    
    427     org.hibernate.Query query = HibernateUtil.getPredefinedQuery(session, "GET_USER_FOR_LOGIN");
    428     /*
    429       SELECT usr
    430       FROM UserData usr
    431       WHERE usr.login = :login
    432     */
    433     query.setString("login", login);
    434     UserData userData = HibernateUtil.loadData(UserData.class, query);
     427    int userId = loginRequest.getUserId();
     428   
     429    UserData userData = null;
     430    if (userId > 0)
     431    {
     432      userData = HibernateUtil.loadData(session, UserData.class, userId);
     433      if (userData == null)
     434      {
     435        throw new ItemNotFoundException("The user with id '" + userId + "' is not known to BASE.");
     436      }
     437      login = userData.getLogin();
     438    }
     439    else if (login != null)
     440    {
     441      org.hibernate.Query query = HibernateUtil.getPredefinedQuery(session, "GET_USER_FOR_LOGIN");
     442      /*
     443        SELECT usr
     444        FROM UserData usr
     445        WHERE usr.login = :login
     446      */
     447      query.setString("login", login);
     448      userData = HibernateUtil.loadData(UserData.class, query);
     449      if (userData == null)
     450      {
     451        throw new ItemNotFoundException("The user with login '" + login + "' is not known to BASE.");
     452      }
     453    }
    435454    if (userData == null)
    436455    {
    437       throw new ItemNotFoundException("The user with login '" + login + "' is not known to BASE.");
    438     }
     456      throw new ItemNotFoundException("User");
     457    }
     458   
    439459    if (userData.isRemoved())
    440460    {
  • trunk/src/core/net/sf/basedb/core/authentication/LoginRequest.java

    r6423 r6427  
    3535{
    3636
     37  private int userId;
    3738  private String login;
    3839  private String password;
     
    4445  {}
    4546 
     47  /**
     48    Create a login request with login + password
     49  */
    4650  public LoginRequest(String login, String password)
    4751  {
    4852    this.login = login;
    4953    this.password = password;
     54  }
     55 
     56  /**
     57    Create a login request with user id + password
     58  */
     59  public LoginRequest(int userId, String password)
     60  {
     61    this.userId = userId;
     62    this.password = password;
     63  }
     64 
     65  /**
     66    Set the user id to use.
     67  */
     68  public void setUserId(int userId)
     69  {
     70    this.userId = userId;
     71  }
     72 
     73  /**
     74    Get the user id to use.
     75  */
     76  public int getUserId()
     77  {
     78    return userId;
    5079  }
    5180 
Note: See TracChangeset for help on using the changeset viewer.