Fixed login stuff
This commit is contained in:
parent
cbf6ef31f2
commit
87bd924e8d
7 changed files with 39 additions and 24 deletions
|
|
@ -81,8 +81,8 @@ public class Zallery extends HttpServlet{
|
||||||
}
|
}
|
||||||
|
|
||||||
public static UserMessageManager getUserMessage(HttpSession session) {
|
public static UserMessageManager getUserMessage(HttpSession session) {
|
||||||
if (session.getAttribute(ZalleryConstants.KEY_USER_MSG) == null)
|
if (session.getAttribute(ZalleryConstants.SESSION_KEY_USER_MSG) == null)
|
||||||
session.setAttribute(ZalleryConstants.KEY_USER_MSG, new UserMessageManager());
|
session.setAttribute(ZalleryConstants.SESSION_KEY_USER_MSG, new UserMessageManager());
|
||||||
return (UserMessageManager) session.getAttribute(ZalleryConstants.KEY_USER_MSG);
|
return (UserMessageManager) session.getAttribute(ZalleryConstants.SESSION_KEY_USER_MSG);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -9,11 +9,19 @@ public interface ZalleryConstants {
|
||||||
|
|
||||||
/** Session Constants **/
|
/** Session Constants **/
|
||||||
|
|
||||||
public static final String KEY_USER_MSG = "zall_user_message";
|
public static final String SESSION_KEY_USER_MSG = "zall_user_message";
|
||||||
|
public static final String SESSION_KEY_USER = "zall_user";
|
||||||
|
public static final String SESSION_KEY_AUTH_HASH = "zall_user_session_hash";
|
||||||
|
public static final long SESSION_TIMEOUT = 3*24*60*60*1000; // 2 day
|
||||||
|
|
||||||
|
/** Cookie Constants **/
|
||||||
|
|
||||||
|
public static final String COOKIE_KEY_USER_HASH = "zall_user_hash";
|
||||||
|
public static final int COOKIE_TIMEOUT = 10*24*60*60; // 10 days
|
||||||
|
|
||||||
/** Language Key Constants **/
|
/** Language Key Constants **/
|
||||||
|
|
||||||
String LANG_BASENAME = "zall.lang.zallery_lang";
|
String LANG_BASENAME = "zall.lang.zallery_lang";
|
||||||
Locale LANG_DEFAULT = Locale.ENGLISH;
|
Locale LANG_DEFAULT = Locale.ENGLISH;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,7 @@ public abstract class ZalleryServlet extends HttpServlet {
|
||||||
DBConnection db = null;
|
DBConnection db = null;
|
||||||
try {
|
try {
|
||||||
UserMessageManager msgs = Zallery.getUserMessage(request.getSession());
|
UserMessageManager msgs = Zallery.getUserMessage(request.getSession());
|
||||||
request.setAttribute(ZalleryConstants.KEY_USER_MSG, msgs);
|
request.setAttribute(ZalleryConstants.SESSION_KEY_USER_MSG, msgs);
|
||||||
doGet(request, response, db = Zallery.getDB());
|
doGet(request, response, db = Zallery.getDB());
|
||||||
msgs.decrementViewCount();
|
msgs.decrementViewCount();
|
||||||
} catch (ServletException e) {
|
} catch (ServletException e) {
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,7 @@ import java.sql.SQLException;
|
||||||
import java.sql.Timestamp;
|
import java.sql.Timestamp;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
|
import zall.manager.AuthenticationManager;
|
||||||
import zutil.Hasher;
|
import zutil.Hasher;
|
||||||
import zutil.db.DBConnection;
|
import zutil.db.DBConnection;
|
||||||
import zutil.db.bean.DBBean;
|
import zutil.db.bean.DBBean;
|
||||||
|
|
@ -13,6 +14,7 @@ import zutil.db.bean.DBBean.*;
|
||||||
|
|
||||||
@DBTable("User")
|
@DBTable("User")
|
||||||
public class User extends DBBean {
|
public class User extends DBBean {
|
||||||
|
|
||||||
public enum AuthType {
|
public enum AuthType {
|
||||||
USER_INPUT, COOKIE
|
USER_INPUT, COOKIE
|
||||||
}
|
}
|
||||||
|
|
@ -145,13 +147,17 @@ public class User extends DBBean {
|
||||||
|
|
||||||
public void setPassword(String password) {
|
public void setPassword(String password) {
|
||||||
String newPasswordSalt = Hasher.SHA1(Math.random()).substring(0, 5);
|
String newPasswordSalt = Hasher.SHA1(Math.random()).substring(0, 5);
|
||||||
String newPasswordHash = Hasher.PBKDF2(password, newPasswordSalt, 1000);
|
String newPasswordHash = AuthenticationManager.generatePasswordHash(password, newPasswordSalt);
|
||||||
|
|
||||||
// We wait with setting the actual fields if there is an exception
|
// We wait with setting the actual fields if there is an exception
|
||||||
this.passwordSalt = newPasswordSalt;
|
this.passwordSalt = newPasswordSalt;
|
||||||
this.passwordHash = newPasswordHash;
|
this.passwordHash = newPasswordHash;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public String getPasswordSalt() {
|
||||||
|
return passwordSalt;
|
||||||
|
}
|
||||||
|
|
||||||
public String getCookieHash() {
|
public String getCookieHash() {
|
||||||
return cookieHash;
|
return cookieHash;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
package zall.filter;
|
package zall.filter;
|
||||||
|
|
||||||
|
import zall.ZalleryServlet;
|
||||||
import zall.bean.User;
|
import zall.bean.User;
|
||||||
import zall.manager.AuthenticationManager;
|
import zall.manager.AuthenticationManager;
|
||||||
import zall.page.LoginServlet;
|
import zall.page.LoginServlet;
|
||||||
|
|
@ -10,6 +11,7 @@ import zutil.log.LogUtil;
|
||||||
import javax.servlet.*;
|
import javax.servlet.*;
|
||||||
import javax.servlet.annotation.WebFilter;
|
import javax.servlet.annotation.WebFilter;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.logging.Logger;
|
import java.util.logging.Logger;
|
||||||
|
|
||||||
|
|
@ -31,19 +33,19 @@ public class AuthenticationFilter implements Filter {
|
||||||
@Override
|
@Override
|
||||||
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
|
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
|
||||||
String requestURI = ((HttpServletRequest) request).getRequestURI();
|
String requestURI = ((HttpServletRequest) request).getRequestURI();
|
||||||
User user = null;
|
User user = AuthenticationManager.getUserSession(((HttpServletRequest) request).getSession());
|
||||||
|
|
||||||
// continue the request via the filter pipeline if it is login page or it is a isValid User
|
// continue the request via the filter pipeline if it is login page or it is a isValid User
|
||||||
if (AuthenticationManager.isValid(user, (HttpServletRequest) request)) {
|
if (AuthenticationManager.isValid(user, (HttpServletRequest) request)) {
|
||||||
logger.finest("User already authenticated, continuing filter chain.");
|
logger.finest("User already authenticated, continuing filter chain.");
|
||||||
chain.doFilter(request, response);
|
chain.doFilter(request, response);
|
||||||
} else if (isWhitelisted(requestURI)){
|
} else if (isWhitelisted(requestURI)){
|
||||||
logger.fine("Continuing filtering chain for whitelisted page: " + requestURI);
|
logger.finer("Continuing filtering chain for whitelisted page: " + requestURI);
|
||||||
chain.doFilter(request, response);
|
chain.doFilter(request, response);
|
||||||
} else {
|
} else {
|
||||||
// do not continue the filter pipeline forward to login page
|
// do not continue the filter pipeline forward to login page
|
||||||
logger.fine("User not authenticated, redirecting to login page.");
|
logger.fine("User not authenticated, redirecting to login page.");
|
||||||
request.getRequestDispatcher(LoginServlet.URI).forward(request, response);
|
ZalleryServlet.redirect(LoginServlet.URI, (HttpServletRequest) request, (HttpServletResponse) response);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
package zall.manager;
|
package zall.manager;
|
||||||
|
|
||||||
|
import zall.ZalleryConstants;
|
||||||
import zall.bean.Folder;
|
import zall.bean.Folder;
|
||||||
import zall.bean.Media;
|
import zall.bean.Media;
|
||||||
import zall.bean.User;
|
import zall.bean.User;
|
||||||
|
|
@ -13,6 +14,8 @@ import java.sql.SQLException;
|
||||||
import java.sql.Timestamp;
|
import java.sql.Timestamp;
|
||||||
import java.util.logging.Logger;
|
import java.util.logging.Logger;
|
||||||
|
|
||||||
|
import static zall.ZalleryConstants.*;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
|
|
@ -20,12 +23,9 @@ import java.util.logging.Logger;
|
||||||
public class AuthenticationManager {
|
public class AuthenticationManager {
|
||||||
private static final Logger logger = LogUtil.getLogger();
|
private static final Logger logger = LogUtil.getLogger();
|
||||||
|
|
||||||
public static final String SESSION_KEY_USER = "zall_user";
|
public static String generatePasswordHash(String password, String salt){
|
||||||
public static final String SESSION_KEY_AUTH_HASH = "zall_ueser_session_hash";
|
return Hasher.PBKDF2(password, salt, 1000);
|
||||||
public static final long SESSION_TIMEOUT = 3*24*60*60*1000; // 2 day
|
}
|
||||||
|
|
||||||
public static final String COOKIE_KEY_USER_HASH = "zall_auth";
|
|
||||||
public static final int COOKIE_TIMEOUT = 10*24*60*60; // 10 days
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Authenticate a username and password and return the associated Uaer object
|
* Authenticate a username and password and return the associated Uaer object
|
||||||
|
|
@ -35,14 +35,14 @@ public class AuthenticationManager {
|
||||||
|
|
||||||
// Valid email?
|
// Valid email?
|
||||||
if( user != null ){
|
if( user != null ){
|
||||||
if (user.getPasswordHash().equals(Hasher.MD5(password))) {
|
if (user.getPasswordHash().equals(generatePasswordHash(password, user.getPasswordSalt()))) {
|
||||||
setUserAuthenticated(db, user, User.AuthType.USER_INPUT, request, response);
|
setUserAuthenticated(db, user, User.AuthType.USER_INPUT, request, response);
|
||||||
return user;
|
return user;
|
||||||
} else {
|
} else {
|
||||||
logger.info("Incorrect password for username: " + email);
|
logger.fine("Incorrect password for username: " + email);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
logger.info("Incorrect username provided: " + email);
|
logger.fine("Incorrect username provided: " + email);
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
@ -63,10 +63,10 @@ public class AuthenticationManager {
|
||||||
setUserAuthenticated(db, user, User.AuthType.COOKIE, request, response);
|
setUserAuthenticated(db, user, User.AuthType.COOKIE, request, response);
|
||||||
return user;
|
return user;
|
||||||
} else {
|
} else {
|
||||||
logger.info("Cookie hash has expired or have incorrect ipHost: " + cookieHash);
|
logger.fine("Cookie hash has expired or have incorrect ipHost: " + cookieHash);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
logger.info("Cookie hash not associated with any user: " + cookieHash);
|
logger.fine("Cookie hash not associated with any user: " + cookieHash);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
|
|
|
||||||
|
|
@ -57,13 +57,12 @@ public class LoginServlet extends ZalleryServlet {
|
||||||
// Successful login
|
// Successful login
|
||||||
if (user != null) {
|
if (user != null) {
|
||||||
logger.fine("Authenticated user(" + user.getEmail() + ") successfully, forwarding to gallery.");
|
logger.fine("Authenticated user(" + user.getEmail() + ") successfully, forwarding to gallery.");
|
||||||
forward(GalleryServlet.URI, request, response);
|
redirect(GalleryServlet.URI, request, response);
|
||||||
}
|
}
|
||||||
// Failed login
|
// Failed login
|
||||||
else {
|
else {
|
||||||
msgs.add(new UserMessageManager.UserMessage(MessageLevel.ERROR, lang.getString("incorrect.user_or_pass")));
|
msgs.add(new UserMessageManager.UserMessage(MessageLevel.ERROR, lang.getString("incorrect.user_or_pass")));
|
||||||
|
doGet(request, response, db);
|
||||||
}
|
}
|
||||||
|
|
||||||
doGet(request, response, db);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue