ziver/zallery
1
0
Fork 0
Code Pull requests Releases Activity

Added URI fields and added cookie authentication

Browse source
This commit is contained in:
Ziver Koc 2018-07-27 15:29:00 +02:00
parent 99c67eaaba
commit 8e56ff406a
16 changed files with 133 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

20
src/zall/Zallery.java
View file

@ -76,24 +76,4 @@ public class Zallery extends HttpServlet{
} }
} }
public static String getCookieValue(Cookie[] cookies, String name) {
if( cookies == null )
return null;
for(Cookie cookie : cookies) {
if ( name.equals(cookie.getName()) )
return cookie.getValue();
}
return null;
}
// /mywebapp/servlet/MyServlet/a/b;c=123?d=789
public static String getUrl(HttpServletRequest req) {
String reqUri = req.getRequestURI().toString();
String queryString = req.getQueryString(); // d=789
if (queryString != null) {
reqUri += "?"+queryString;
}
return reqUri;
}
} }

3
src/zall/ZalleryConstant.java
View file

@ -9,8 +9,7 @@ public interface ZalleryConstant {
/** Session Constants **/ /** Session Constants **/
String SESSION_KEY_USER = "zall_user";
String SESSION_KEY_AUTH_HASH = "zall_ueser_session_hash";
/** Language Key Constants **/ /** Language Key Constants **/

15
src/zall/ZalleryServlet.java
View file

@ -64,4 +64,19 @@ public abstract class ZalleryServlet extends HttpServlet {
if (dispatcher != null) if (dispatcher != null)
dispatcher.forward(request, response); dispatcher.forward(request, response);
} }
public void redirect(String url, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
if (url.startsWith("http"))
response.sendRedirect(url);
else {
if (!url.startsWith("/"))
url = "/" + url;
String path = request.getRequestURI();
if (!path.endsWith("/"))
path = path.substring(0, path.lastIndexOf("/"));
response.sendRedirect(path + url);
}
}
} }

25
src/zall/bean/User.java
View file

@ -20,7 +20,6 @@ public class User extends DBBean{
public enum AuthType{ public enum AuthType{
USER_INPUT, COOKIE USER_INPUT, COOKIE
} }
public static final long SESSION_TIMEOUT = 1000*60*60*24*3; // 3day ttl
protected String name; protected String name;
protected String email; protected String email;
@ -51,10 +50,7 @@ public class User extends DBBean{
* Uses normal user and password to get user object, * Uses normal user and password to get user object,
* this function will save the bean * this function will save the bean
* *
* @param db is the DB connection * @return the user object or null if non where found
* @param email is the email of the user
* @return The user object or null if non where found
* @throws SQLException
*/ */
public static User load(DBConnection db, String email) throws SQLException{ public static User load(DBConnection db, String email) throws SQLException{
PreparedStatement sql = db.getPreparedStatement( PreparedStatement sql = db.getPreparedStatement(
@ -75,27 +71,14 @@ public class User extends DBBean{
* Uses a cookie value to get the user object, * Uses a cookie value to get the user object,
* this function will save the bean * this function will save the bean
* *
* @param db is the DB connection * @return the user object or null if non where found
* @param hash is the cookie hash
* @param request is the HTTP request object
* @return The user object or null if non where found
* @throws SQLException
*/ */
public static User loadByCookie(HttpServletRequest request, DBConnection db, String hash ) throws SQLException{ public static User loadBySessionHash(DBConnection db, String hash) throws SQLException{
PreparedStatement sql = db.getPreparedStatement( PreparedStatement sql = db.getPreparedStatement(
"SELECT * FROM User WHERE sessionHash=? LIMIT 1"); "SELECT * FROM User WHERE sessionHash=? LIMIT 1");
sql.setString(1, hash); sql.setString(1, hash);
User user = DBConnection.exec(sql, DBBeanSQLResultHandler.create(User.class, db)); return DBConnection.exec(sql, DBBeanSQLResultHandler.create(User.class, db));
if( user != null &&
user.ipHost.equals( request.getLocalName() ) &&
user.loginDate.getTime()+SESSION_TIMEOUT > System.currentTimeMillis() ){
user.loginDate = new Timestamp( System.currentTimeMillis() );
user.save(db);
user.setAuthBy( AuthType.COOKIE );
return user;
}
return null;
} }

11
src/zall/filter/AuthenticationFilter.java
View file

@ -2,6 +2,8 @@ package zall.filter;
import zall.bean.User; import zall.bean.User;
import zall.manager.AuthenticationManager; import zall.manager.AuthenticationManager;
import zall.page.LoginServlet;
import zall.page.RegisterServlet;
import javax.servlet.*; import javax.servlet.*;
import javax.servlet.annotation.WebFilter; import javax.servlet.annotation.WebFilter;
@ -13,9 +15,6 @@ import java.io.IOException;
*/ */
@WebFilter(urlPatterns = "/") @WebFilter(urlPatterns = "/")
public class AuthenticationFilter implements Filter { public class AuthenticationFilter implements Filter {
private static final String LOGIN_URI = "/login";
private static final String REGISTER_URI = "/register";
@Override @Override
public void init(FilterConfig filterConfig) { } public void init(FilterConfig filterConfig) { }
@ -26,13 +25,13 @@ public class AuthenticationFilter implements Filter {
User user = null; User user = null;
// continue the request via the filter pipeline if it is login page or it is a isValid User // continue the request via the filter pipeline if it is login page or it is a isValid User
if (requestURI.equals(LOGIN_URI) || if (requestURI.equals(LoginServlet.URI) ||
requestURI.equals(REGISTER_URI) || requestURI.equals(RegisterServlet.URI) ||
AuthenticationManager.isValid(user, (HttpServletRequest) request)) { AuthenticationManager.isValid(user, (HttpServletRequest) request)) {
chain.doFilter(request, response); chain.doFilter(request, response);
} else { } else {
// do not continue the filter pipeline forward to login page // do not continue the filter pipeline forward to login page
request.getRequestDispatcher(LOGIN_URI).forward(request, response); request.getRequestDispatcher(LoginServlet.URI).forward(request, response);
} }
} }

48
src/zall/manager/AuthenticationManager.java
View file

@ -1,10 +1,9 @@
package zall.manager; package zall.manager;
import zall.Zallery;
import zall.ZalleryConstant;
import zall.bean.Folder; import zall.bean.Folder;
import zall.bean.Media; import zall.bean.Media;
import zall.bean.User; import zall.bean.User;
import zall.util.ServletUtil;
import zutil.Hasher; import zutil.Hasher;
import zutil.db.DBConnection; import zutil.db.DBConnection;
import zutil.log.LogUtil; import zutil.log.LogUtil;
@ -12,9 +11,9 @@ import zutil.log.LogUtil;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import java.sql.SQLException; import java.sql.SQLException;
import java.sql.Timestamp;
import java.util.logging.Logger; import java.util.logging.Logger;
import static zall.ZalleryConstant.SESSION_KEY_USER;
/** /**
* *
@ -22,23 +21,50 @@ import static zall.ZalleryConstant.SESSION_KEY_USER;
public class AuthenticationManager { public class AuthenticationManager {
private static final Logger logger = LogUtil.getLogger(); private static final Logger logger = LogUtil.getLogger();
public static final String SESSION_KEY_USER = "zall_user";
public static final String SESSION_KEY_AUTH_HASH = "zall_ueser_session_hash";
public static final long SESSION_TIMEOUT = 1000*60*60*24*3; // 3day
/** /**
* Authenticate a username and password and return the associated Uaer object * Authenticate a username and password and return the associated Uaer object
*/ */
public static User authenticate(DBConnection db, String email, String password) throws SQLException { public static User authenticate(DBConnection db, String email, String password) throws SQLException {
User authenticatedUser = null;
User user = User.load(db, email); User user = User.load(db, email);
// Valid email? // Valid email?
if( user != null ){ if( user != null ){
if (user.getPassword().equals(Hasher.MD5(password))) { if (user.getPassword().equals(Hasher.MD5(password))) {
authenticatedUser = user; userAuthenticated(db, user, User.AuthType.USER_INPUT);
authenticatedUser.setAuthBy(User.AuthType.USER_INPUT); return user;
authenticatedUser.save(db);
logger.info("User(" + authenticatedUser.getName() + ") authenticated by "+authenticatedUser.getAuthBy());
} }
} }
return authenticatedUser; return null;
}
/**
* Uses a cookie to authenticate a user,
*
* @return a user object or null authentications fails
*/
public static User authenticate(DBConnection db, HttpServletRequest request) throws SQLException{
String sessionHash = ServletUtil.getCookieValue(request.getCookies(), SESSION_KEY_AUTH_HASH);
User user = User.loadBySessionHash(db, sessionHash);
if( user != null &&
user.getIpHost().equals(request.getRemoteAddr()) &&
user.getLoginDate().getTime() + SESSION_TIMEOUT > System.currentTimeMillis()){
userAuthenticated(db, user, User.AuthType.COOKIE);
return user;
}
return null;
}
private static void userAuthenticated(DBConnection db, User user, User.AuthType authType) throws SQLException {
user.setLoginDate(new Timestamp(System.currentTimeMillis()));
user.setAuthBy(authType);
user.save(db);
logger.info("User(" + user.getName() + ") authenticated by " + user.getAuthBy());
} }
/** /**
@ -69,8 +95,8 @@ public class AuthenticationManager {
case USER_INPUT: case USER_INPUT:
if (!user.isEmailVerified()) return false; if (!user.isEmailVerified()) return false;
case COOKIE: case COOKIE:
String cookieHash = Zallery.getCookieValue(request.getCookies(), ZalleryConstant.SESSION_KEY_AUTH_HASH); String sessionHash = ServletUtil.getCookieValue(request.getCookies(), SESSION_KEY_AUTH_HASH);
return user.getSessionHash().equals(cookieHash) && return user.getSessionHash().equals(sessionHash) &&
user.getIpHost().equals(request.getRemoteAddr()); user.getIpHost().equals(request.getRemoteAddr());
} }
return false; return false;

9
src/zall/page/ContentServlet.java
View file

@ -25,14 +25,21 @@ import zall.manager.AuthenticationManager;
import zutil.db.DBConnection; import zutil.db.DBConnection;
import zutil.io.file.FileUtil; import zutil.io.file.FileUtil;
import static zall.page.ContentServlet.URI_IMAGE;
import static zall.page.ContentServlet.URI_VIDEO;
/** /**
* A headless page that provides media content. * A headless page that provides media content.
*/ */
@WebServlet({"/image", "/video"}) @WebServlet({URI_IMAGE, URI_VIDEO})
public class ContentServlet extends ZalleryServlet { public class ContentServlet extends ZalleryServlet {
private static final long serialVersionUID = 1L; private static final long serialVersionUID = 1L;
public static final String URI_IMAGE = "/image";
public static final String URI_VIDEO = "/video";
public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws ServletException, SQLException, IOException { public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws ServletException, SQLException, IOException {
String size = request.getParameter("size"); String size = request.getParameter("size");

4
src/zall/page/GalleryServlet.java
View file

@ -18,10 +18,12 @@ import java.sql.SQLException;
import java.util.List; import java.util.List;
import java.util.logging.Logger; import java.util.logging.Logger;
@WebServlet("/gallery")
@WebServlet(GalleryServlet.URI)
public class GalleryServlet extends ZalleryServlet { public class GalleryServlet extends ZalleryServlet {
private static Logger logger = LogUtil.getLogger(); private static Logger logger = LogUtil.getLogger();
public static final String URI = "/gallery";
public static final String JSP_FILE = "page_gallery.jsp"; public static final String JSP_FILE = "page_gallery.jsp";

18
src/zall/page/LoginServlet.java
View file

@ -15,15 +15,29 @@ import java.io.IOException;
import java.sql.SQLException; import java.sql.SQLException;
import java.util.logging.Logger; import java.util.logging.Logger;
@WebServlet("/login")
@WebServlet(LoginServlet.URI)
public class LoginServlet extends ZalleryServlet { public class LoginServlet extends ZalleryServlet {
private static Logger logger = LogUtil.getLogger(); private static Logger logger = LogUtil.getLogger();
public static final String URI = "/login";
private static final String JSP_FILE = "page_login.jsp"; private static final String JSP_FILE = "page_login.jsp";
public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws ServletException, IOException { public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws ServletException, IOException, SQLException {
// User already logged in?
User user = AuthenticationManager.getUserSession(request.getSession());
// Authenticate with cookies
if (user == null)
user = AuthenticationManager.authenticate(db, request);
// Forward user
if (user != null) {
include(JSP_FILE, request, response); include(JSP_FILE, request, response);
} else {
redirect(GalleryServlet.URI, request, response);
}
} }

4
src/zall/page/LogoutServlet.java
View file

@ -14,9 +14,11 @@ import java.sql.SQLException;
/** /**
* *
*/ */
@WebServlet(urlPatterns = "/logout") @WebServlet(LogoutServlet.URI)
public class LogoutServlet extends ZalleryServlet { public class LogoutServlet extends ZalleryServlet {
public static final String URI = "/logout";
public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws SQLException, IOException { public void doGet(HttpServletRequest request, HttpServletResponse response, DBConnection db) throws SQLException, IOException {
User user = AuthenticationManager.getUserSession(request.getSession()); User user = AuthenticationManager.getUserSession(request.getSession());

3
src/zall/page/MediaServlet.java
View file

@ -18,10 +18,11 @@ import java.sql.SQLException;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
@WebServlet("/media") @WebServlet(MediaServlet.URI)
public class MediaServlet extends ZalleryServlet { public class MediaServlet extends ZalleryServlet {
private static Logger logger = LogUtil.getLogger(); private static Logger logger = LogUtil.getLogger();
public static final String URI = "/media";
private static final String JSP_FILE = "page_media.jsp"; private static final String JSP_FILE = "page_media.jsp";

3
src/zall/page/ProfileServlet.java
View file

@ -15,10 +15,11 @@ import java.io.IOException;
import java.sql.SQLException; import java.sql.SQLException;
import java.util.logging.Logger; import java.util.logging.Logger;
@WebServlet("/profile") @WebServlet(ProfileServlet.URI)
public class ProfileServlet extends ZalleryServlet { public class ProfileServlet extends ZalleryServlet {
private static Logger logger = LogUtil.getLogger(); private static Logger logger = LogUtil.getLogger();
public static final String URI = "/profile";
private static final String JSP_FILE = "page_profile.jsp"; private static final String JSP_FILE = "page_profile.jsp";

3
src/zall/page/RegisterServlet.java
View file

@ -16,10 +16,11 @@ import java.io.IOException;
import java.sql.SQLException; import java.sql.SQLException;
import java.util.logging.Logger; import java.util.logging.Logger;
@WebServlet("/register") @WebServlet(RegisterServlet.URI)
public class RegisterServlet extends ZalleryServlet { public class RegisterServlet extends ZalleryServlet {
private static Logger logger = LogUtil.getLogger(); private static Logger logger = LogUtil.getLogger();
public static final String URI = "/register";
private static final String JSP_FILE = "page_register.jsp"; private static final String JSP_FILE = "page_register.jsp";
private static final String INPUT_ID_FIRST_NAME = "first-name"; private static final String INPUT_ID_FIRST_NAME = "first-name";

3
src/zall/page/SlideshowServlet.java
View file

@ -14,10 +14,11 @@ import java.sql.SQLException;
import java.util.List; import java.util.List;
import java.util.logging.Logger; import java.util.logging.Logger;
@WebServlet("/slideshow") @WebServlet(SlideshowServlet.URI)
public class SlideshowServlet extends ZalleryServlet { public class SlideshowServlet extends ZalleryServlet {
private static Logger logger = LogUtil.getLogger(); private static Logger logger = LogUtil.getLogger();
public static final String URI = "/slideshow";
private static final String JSP_FILE = "page_slideshow.jsp"; private static final String JSP_FILE = "page_slideshow.jsp";

3
src/zall/page/UserListServlet.java
View file

@ -14,10 +14,11 @@ import java.sql.SQLException;
import java.util.List; import java.util.List;
import java.util.logging.Logger; import java.util.logging.Logger;
@WebServlet("/users") @WebServlet(UserListServlet.URI)
public class UserListServlet extends ZalleryServlet { public class UserListServlet extends ZalleryServlet {
private static Logger logger = LogUtil.getLogger(); private static Logger logger = LogUtil.getLogger();
public static final String URI = "/users";
private static final String JSP_FILE = "page_users.jsp"; private static final String JSP_FILE = "page_users.jsp";

30
src/zall/util/ServletUtil.java Normal file
View file

@ -0,0 +1,30 @@
package zall.util;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
public class ServletUtil {
public static String getCookieValue(Cookie[] cookies, String name) {
if( cookies == null )
return null;
for(Cookie cookie : cookies) {
if (name.equals(cookie.getName()))
return cookie.getValue();
}
return null;
}
// /mywebapp/servlet/MyServlet/a/b;c=123?d=789
public static String getUrl(HttpServletRequest req) {
String reqUri = req.getRequestURI();
String queryString = req.getQueryString(); // d=789
if (queryString != null) {
reqUri += "?"+queryString;
}
return reqUri;
}
}