/es2018/17210/conf/contexto.xml |
---|
New file |
0,0 → 1,11 |
<Context path="/project" docBase="/workspace/bacoAlunos/es2018/jmachado/build/ant/war" |
debug="0"> |
<!-- Link to the user database we will get roles from --> |
<ResourceLink name="users" global="UserDatabase" |
type="org.apache.catalina.UserDatabase"/> |
<Logger className="org.apache.catalina.logger.FileLogger" |
prefix="estgweb_log." suffix=".txt" |
timestamp="true"/> |
</Context> |
/es2018/17210/conf/plugins.properties |
---|
New file |
0,0 → 1,0 |
pt.estgp.es.exemplos.hibernate.web.pluginSession.RegisterSession=@pt.estgp.es.exemplos.hibernate.web.pluginSession.RegisterSession@ |
/es2018/17210/lib/json/genson-1.4.jar |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+ application/octet-stream |
/es2018/17210/lib/json/org.json-20120521.jar |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+ application/octet-stream |
/es2018/17210/lib/junit/hamcrest-core-2.1-rc3.zip |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+ application/octet-stream |
/es2018/17210/lib/junit/junit-4.13-beta-1.jar |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+ application/octet-stream |
/es2018/17210/src/java/pt/estgp/es/Teste.java |
---|
New file |
0,0 → 1,10 |
package pt.estgp.es; |
public class Teste { |
public String hello() |
{ |
return "Hello Student"; |
} |
} |
/es2018/17210/src/java/pt/estgp/es/exemplos/hibernate/services/ServicoSessoes.java |
---|
New file |
0,0 → 1,44 |
package pt.estgp.es.exemplos.hibernate.services; |
import pt.estgp.es.exemplos.hibernate.HibernateUtils; |
import pt.estgp.es.exemplos.hibernate.User; |
import pt.estgp.es.exemplos.hibernate.UserSession; |
import pt.estgp.es.exemplos.hibernate.UserSessionImpl; |
import pt.estgp.es.exemplos.hibernate.security.SecurityContextProvider; |
import pt.estgp.es.exemplos.hibernate.security.logic.Transaction; |
import javax.servlet.http.HttpServletRequest; |
public class ServicoSessoes { |
/** |
* Regista-se o contexto de segurança no monitor e cria-se uma sessão na base de dados |
* se não existir |
* @param requester |
* @return UserSession registada para o Requester |
*/ |
@Transaction |
public UserSession registerUserSession(String requester) { |
SecurityContextProvider.getInstance().registerSessionContext(requester); |
UserSession session; |
try { |
session = (UserSession) HibernateUtils.getCurrentSession().get(UserSession.class, requester); |
if(session == null) |
{ |
session = new UserSessionImpl(); |
session.setCookie(requester); |
HibernateUtils.getCurrentSession().save(session); |
} |
} |
catch(Exception e) |
{ |
session = new UserSessionImpl(); |
session.setCookie(requester); |
HibernateUtils.getCurrentSession().save(session); |
} |
session = (UserSession) HibernateUtils.narrow(session); |
return session; |
} |
} |
/es2018/17210/src/java/pt/estgp/es/exemplos/hibernate/utils/StreamsUtils.java |
---|
New file |
0,0 → 1,140 |
package pt.estgp.es.exemplos.hibernate.utils; |
import java.io.*; |
import java.security.DigestInputStream; |
import java.security.MessageDigest; |
import java.security.NoSuchAlgorithmException; |
/** |
* @author Jorge Machado |
* @date 27/Mai/2008 |
* @see jomm.utils |
*/ |
public class StreamsUtils |
{ |
public static byte[] readBytes(InputStream stream) throws IOException |
{ |
ByteArrayOutputStream b = new ByteArrayOutputStream(); |
int readedBytes; |
byte[] buf = new byte[1024]; |
while ((readedBytes = stream.read(buf)) > 0) |
{ |
b.write(buf, 0, readedBytes); |
} |
b.close(); |
return b.toByteArray(); |
} |
public static String readString(InputStream stream) throws IOException |
{ |
ByteArrayOutputStream b = new ByteArrayOutputStream(); |
int readedBytes; |
byte[] buf = new byte[1024]; |
while ((readedBytes = stream.read(buf)) > 0) |
{ |
b.write(buf, 0, readedBytes); |
} |
b.close(); |
return b.toString(); |
} |
public static void inputStream2File(InputStream stream, File f) throws IOException |
{ |
f.getParentFile().mkdirs(); |
FileOutputStream out = new FileOutputStream(f); |
inputStream2OutputStream(stream,out); |
} |
/** |
* ATENTION this method does not close the given stream |
* @param stream |
* @param f |
* @return |
* @throws IOException |
*/ |
public static String inputStream2FileGetMd5(InputStream stream, File f) throws IOException |
{ |
f.getParentFile().mkdirs(); |
FileOutputStream out = new FileOutputStream(f); |
return inputStream2OutputStreamGetMd5(stream, out); |
} |
public static void inputStream2OutputStream(InputStream stream, OutputStream out) throws IOException |
{ |
inputStream2OutputStream(stream,out,true,true); |
} |
public static void inputStream2OutputStream(InputStream stream, OutputStream out,boolean closeOut,boolean closeIn) throws IOException |
{ |
int readedBytes; |
byte[] buf = new byte[1024]; |
while ((readedBytes = stream.read(buf)) > 0) |
{ |
out.write(buf, 0, readedBytes); |
} |
if(closeIn) |
stream.close(); |
if(closeOut) |
out.close(); |
} |
/** |
* Return digest Md5 from consumed bytes |
* * ATENTION this method does not close the given stream |
* @param stream |
* @param out |
* @return Md5 HEX |
* @throws IOException |
*/ |
public static String inputStream2OutputStreamGetMd5(InputStream stream, OutputStream out) throws IOException |
{ |
MessageDigest messageDigest = null; |
try { |
messageDigest = MessageDigest.getInstance("MD5"); |
} catch (NoSuchAlgorithmException e) { |
e.printStackTrace(); |
} |
DigestInputStream digestInputStream = new DigestInputStream(stream, messageDigest); |
int readedBytes; |
byte[] buf = new byte[1024]; |
while ((readedBytes = digestInputStream.read(buf)) > 0) |
{ |
out.write(buf, 0, readedBytes); |
} |
messageDigest = digestInputStream.getMessageDigest(); |
String md5 = BytesUtils.toHex(messageDigest.digest()); |
out.close(); |
return md5; |
} |
/** |
* Return digest Md5 from consumed bytes |
* * ATENTION this method does not close the given stream |
* @param stream |
* @param out |
* @return Md5 HEX |
* @throws IOException |
*/ |
public static String getFileMd5(File f) throws IOException |
{ |
MessageDigest messageDigest = null; |
try { |
messageDigest = MessageDigest.getInstance("MD5"); |
} catch (NoSuchAlgorithmException e) { |
e.printStackTrace(); |
} |
DigestInputStream digestInputStream = new DigestInputStream(new FileInputStream(f), messageDigest); |
int readedBytes; |
byte[] buf = new byte[1024]; |
while ((readedBytes = digestInputStream.read(buf)) > 0) |
{ |
//nottinhg to do only calculate nd5 |
} |
messageDigest = digestInputStream.getMessageDigest(); |
String md5 = BytesUtils.toHex(messageDigest.digest()); |
digestInputStream.close(); |
return md5; |
} |
} |
/es2018/17210/src/java/pt/estgp/es/exemplos/hibernate/utils/BytesUtils.java |
---|
New file |
0,0 → 1,268 |
package pt.estgp.es.exemplos.hibernate.utils; |
import org.apache.commons.lang.RandomStringUtils; |
import org.apache.log4j.Logger; |
import java.io.*; |
import java.math.BigInteger; |
import java.rmi.dgc.VMID; |
import java.security.MessageDigest; |
import java.security.NoSuchAlgorithmException; |
import java.util.Random; |
/** |
* |
* @author Jorge Machado |
*/ |
public class BytesUtils { |
private static int counter = 0; |
private static Random random = new Random(); |
private static VMID vmid = new VMID(); |
private static Logger logger = Logger.getLogger(BytesUtils.class); |
/** Private Constructor */ |
private BytesUtils () {} |
public static String getMd5FromFile(String filepath) |
{ |
return getMD5(getBytes(filepath)); |
} |
public static byte[] getBytes(String fileName) |
{ |
byte[] data = null; |
try{ |
FileInputStream r = new FileInputStream(fileName); |
File f = new File(fileName); |
//this value is never bigger than a integer |
int len =(int) f.length(); |
data = new byte[len]; |
int bytesRead = 0; |
bytesRead = r.read(data); |
r.close(); |
if(bytesRead == -1) |
return null; |
} |
catch(FileNotFoundException e) |
{ |
logger.error("Files getBytes()",e); |
return null; |
} |
catch(IOException e) |
{ |
logger.error("Files getData()",e); |
return null; |
} |
return data; |
} |
public static String getMD5(String data) |
{ |
return getMD5(data.getBytes()); |
} |
public static String getMD5(byte[] data) |
{ |
return toHex(getMD5Bytes(data)); |
} |
public static String getDigestMD5Hex(String str){ |
byte[] digest = getDigestMD5(str.getBytes()); |
if(digest != null) |
return toHex(digest); |
return null; |
} |
public static byte[] getDigestMD5(byte[] data) |
{ |
byte[] result = null; |
try{ |
MessageDigest md5 = MessageDigest.getInstance("MD5"); |
md5.update(data); |
result = md5.digest(); |
} |
catch(NoSuchAlgorithmException e) |
{ |
//this never hapens beacause MD5 is a correct algoritm |
logger.fatal("MD5 function does not exists",e); |
} |
return result; |
} |
/********************************************************* |
*Returns true if the two digests are equal |
* |
*******************************************************/ |
public static boolean isDigestEqual(byte[] b1,byte[] b2) |
{ |
try{ |
MessageDigest md5 = MessageDigest.getInstance("MD5"); |
return md5.isEqual(b1,b2); |
} |
catch(NoSuchAlgorithmException e) |
{ |
//this never hapens beacause MD5 is a correct algoritm |
logger.fatal("MD5 function does not exists",e); |
} |
return false; |
} |
public static byte[] getMD5Bytes(byte[] data) |
{ |
try |
{ |
MessageDigest digest = MessageDigest.getInstance("MD5"); |
return digest.digest(data); |
} |
catch (NoSuchAlgorithmException e) |
{ |
logger.fatal("MD5 function does not exists",e); |
} |
return null; |
} |
/** |
* Return a hex representation of the byte array |
* |
* @param data The data to transform. |
* @return A hex representation of the data. |
*/ |
public static String toHex(byte[] data) |
{ |
if ((data == null) || (data.length == 0)) |
return null; |
StringBuffer result = new StringBuffer(); |
// This is far from the most efficient way to do things... |
for (int i = 0; i < data.length; i++) |
{ |
int low = (int) (data[i] & 0x0F); |
int high = (int) (data[i] & 0xF0); |
result.append(Integer.toHexString(high).substring(0, 1)); |
result.append(Integer.toHexString(low)); |
} |
return result.toString(); |
} |
/** |
* Generate a unique key. |
* The key is a long (length 38 to 40) sequence of digits. |
* |
* @return A unique key as a long sequence of base-10 digits. |
*/ |
public static String generateKey() |
{ |
return new BigInteger(generateBytesKey()).abs().toString(); |
} |
/** |
* Generate a unique key. |
* The key is a 32-character long sequence of hex digits. |
* |
* @return A unique key as a long sequence of hex digits. |
*/ |
public static String generateHexKey() |
{ |
return toHex(generateBytesKey()); |
} |
/** |
* Generate a unique key as a byte array. |
* |
* @return A unique key as a byte array. |
*/ |
public static synchronized byte[] generateBytesKey() |
{ |
byte[] junk = new byte[16]; |
random.nextBytes(junk); |
String input = new StringBuffer().append(vmid).append(new java.util.Date()).append(junk).append(counter++).toString(); |
return getMD5Bytes(input.getBytes()); |
} |
// The following two methods are taken from the Jakarta IOUtil class. |
/** |
* Copy stream-data from source to destination. This method does not |
* buffer, flush or close the streams, as to do so would require making |
* non-portable assumptions about the streams' origin and further use. If |
* you wish to perform a buffered copy, use {@link #bufferedCopy}. |
* |
* @param input The InputStream to obtain data from. |
* @param output The OutputStream to copy data to. |
*/ |
public static void copy( final InputStream input, final OutputStream output ) |
throws IOException |
{ |
final int BUFFER_SIZE = 1024 * 4; |
final byte[] buffer = new byte[ BUFFER_SIZE ]; |
while( true ) |
{ |
final int count = input.read( buffer, 0, BUFFER_SIZE ); |
if( -1 == count ) break; |
// write out those same bytes |
output.write( buffer, 0, count ); |
} |
//needed to flush cache |
//output.flush(); |
} |
public static void bufferedCopy( final InputStream source, final OutputStream destination ) |
throws IOException |
{ |
final BufferedInputStream input = new BufferedInputStream( source ); |
final BufferedOutputStream output = new BufferedOutputStream( destination ); |
copy( input, output ); |
output.flush(); |
} |
public static int gen5DigitsKey() { |
Random r = new Random( System.currentTimeMillis() ); |
return 10000 + r.nextInt(20000); |
} |
public static String genCharsDigitsKey(int number) { |
String characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789~`!@#$%^&*()-_=+[{]},<.>?"; |
return RandomStringUtils.random(number, characters); |
} |
public static void main(String[] args) |
{ |
System.out.println(gen5DigitsKey()); |
} |
} |
/es2018/17210/src/java/pt/estgp/es/exemplos/hibernate/security/example/ServiceExample.java |
---|
New file |
0,0 → 1,26 |
package pt.estgp.es.exemplos.hibernate.security.example; |
import pt.estgp.es.exemplos.hibernate.security.logic.HasRole; |
import pt.estgp.es.exemplos.hibernate.security.logic.IsAuthenticated; |
import pt.estgp.es.exemplos.hibernate.security.logic.PrintParameterExample; |
/** |
* Created by jorgemachado on 23/10/18. |
*/ |
public class ServiceExample |
{ |
@IsAuthenticated |
public void servicoDeTesteAutenticado() |
{ |
System.out.println("Entrou no servico autenticado"); |
} |
@HasRole(role = "admin,ci") |
@PrintParameterExample(paramName = "frase") |
public void servicoDeTesteComRoleAdmin(String frase) |
{ |
System.out.println("Entrou no servico de roles: " + frase); |
} |
} |
/es2018/17210/src/java/pt/estgp/es/exemplos/hibernate/security/logic/NotAuthenticatedException.java |
---|
New file |
0,0 → 1,28 |
package pt.estgp.es.exemplos.hibernate.security.logic; |
/** |
* Created by jorgemachado on 23/10/18. |
*/ |
public class NotAuthenticatedException extends AccessDeniedException |
{ |
public NotAuthenticatedException() { |
super(); |
} |
public NotAuthenticatedException(String message) { |
super(message); |
} |
public NotAuthenticatedException(String message, Throwable cause) { |
super(message, cause); |
} |
public NotAuthenticatedException(Throwable cause) { |
super(cause); |
} |
public NotAuthenticatedException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) { |
super(message, cause, enableSuppression, writableStackTrace); |
} |
} |
/es2018/17210/src/java/pt/estgp/es/exemplos/hibernate/security/logic/Transaction.java |
---|
New file |
0,0 → 1,7 |
package pt.estgp.es.exemplos.hibernate.security.logic; |
/** |
* Created by jorgemachado on 18/10/18. |
*/ |
public @interface Transaction { |
} |
/es2018/17210/src/java/pt/estgp/es/exemplos/hibernate/security/logic/AccessDeniedException.java |
---|
New file |
0,0 → 1,28 |
package pt.estgp.es.exemplos.hibernate.security.logic; |
/** |
* Created by jorgemachado on 23/10/18. |
*/ |
public class AccessDeniedException extends Throwable |
{ |
public AccessDeniedException() { |
super(); |
} |
public AccessDeniedException(String message) { |
super(message); |
} |
public AccessDeniedException(String message, Throwable cause) { |
super(message, cause); |
} |
public AccessDeniedException(Throwable cause) { |
super(cause); |
} |
public AccessDeniedException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) { |
super(message, cause, enableSuppression, writableStackTrace); |
} |
} |
/es2018/17210/src/java/pt/estgp/es/exemplos/hibernate/security/logic/PrintParameterExample.java |
---|
New file |
0,0 → 1,16 |
package pt.estgp.es.exemplos.hibernate.security.logic; |
import java.lang.annotation.ElementType; |
import java.lang.annotation.Retention; |
import java.lang.annotation.RetentionPolicy; |
import java.lang.annotation.Target; |
/** |
* Created by jorgemachado on 18/10/18. |
*/ |
@Retention(RetentionPolicy.RUNTIME) |
@Target({ElementType.TYPE, ElementType.METHOD, ElementType.PARAMETER}) |
public @interface PrintParameterExample |
{ |
public String paramName() default ""; |
} |
/es2018/17210/src/java/pt/estgp/es/exemplos/hibernate/security/logic/SecurityAspects.java |
---|
New file |
0,0 → 1,116 |
package pt.estgp.es.exemplos.hibernate.security.logic; |
import org.apache.log4j.Logger; |
import org.aspectj.lang.ProceedingJoinPoint; |
import org.aspectj.lang.annotation.Around; |
import org.aspectj.lang.annotation.Aspect; |
import org.aspectj.lang.annotation.Pointcut; |
import pt.estgp.es.exemplos.hibernate.HibernateUtils; |
import pt.estgp.es.exemplos.hibernate.UserSession; |
import pt.estgp.es.exemplos.hibernate.security.SecurityContextProvider; |
import java.util.Arrays; |
/** |
* Created by jorgemachado on 18/10/18. |
*/ |
@Aspect |
public class SecurityAspects |
{ |
private static final Logger logger = Logger.getLogger(SecurityAspects.class); |
//Defines a pointcut that we can use in the @Before,@After, @AfterThrowing, @AfterReturning,@Around specifications |
//The pointcut will look for the @YourAnnotation |
@Pointcut("@annotation(Transaction)") |
public void serviceTransactionPointCutDefinition(){} |
@Pointcut("@annotation(IsAuthenticated)") |
public void isAuthenticatedPointCut(){} |
@Pointcut("@annotation(hasRole)") |
public void hasRolePointCut(HasRole hasRole){} |
@Pointcut("@annotation(printParameterExample)") |
public void printParameterExamplePointCut(PrintParameterExample printParameterExample){} |
@Pointcut("execution(* *(..))") |
public void executionPointCut(){} |
@Around("serviceTransactionPointCutDefinition() && executionPointCut()") |
public Object envolventeServico(ProceedingJoinPoint pjp) throws Throwable |
{ |
HibernateUtils.getCurrentSession().beginTransaction(); |
//Sugestão: um motor de serviços poderia neste ponto abrir a transação na base de dados |
logger.info("Iniciando chamada do servico:" + pjp.getSignature().getName() + |
" na classe " + pjp.getSourceLocation().getClass().getName()); |
try { |
Object returnObj = pjp.proceed(); |
//Sugestão: um motor de serviços poderia neste ponto fazer commit da transação na base de dados |
logger.info("Terminado chamada do servico"); |
HibernateUtils.getCurrentSession().getTransaction().commit(); |
return returnObj; |
} catch (Exception e) { |
HibernateUtils.getCurrentSession().getTransaction().rollback(); |
//Sugestão: um motor de serviços poderia neste ponto fazer rollback da transação na base de dados |
logger.error("Excepcao no Servico",e); |
throw e; |
} |
} |
@Around("isAuthenticatedPointCut() && executionPointCut()") |
public Object isAuthenticatedAdvise(ProceedingJoinPoint pjp) throws Throwable |
{ |
logger.info("Is Authenticated Aspect"); |
String cookie = SecurityContextProvider.getInstance().getSecuritySessionContext().getRequester(); |
UserSession session = (UserSession) HibernateUtils.getCurrentSession().load(UserSession.class,cookie); |
if(session.getUser() != null) |
return pjp.proceed(); |
//Com o cookie ir buscar a sessao e seguidamente o User e ver se esta logado |
throw new NotAuthenticatedException("Access Denied, not authenticated at " + pjp.getSourceLocation().getFileName() + " " + pjp.getSourceLocation().getLine() + " service: " + pjp.getSignature().getName()); |
} |
@Around("hasRolePointCut(hasRole) && executionPointCut()") |
public Object hasRoleAdvise(ProceedingJoinPoint pjp, HasRole hasRole) throws Throwable |
{ |
logger.info("Has Role Aspect"); |
String cookie = SecurityContextProvider.getInstance().getSecuritySessionContext().getRequester(); |
UserSession session = (UserSession) HibernateUtils.getCurrentSession().load(UserSession.class,cookie); |
String[] rolesIn = hasRole.role().split(","); |
if(session.getUser() == null) |
throw new NotAuthenticatedException("Access Denied, not authenticated at " + pjp.getSourceLocation().getFileName() + " " + pjp.getSourceLocation().getLine() + " service: " + pjp.getSignature().getName()); |
//session.getUser().get |
//verificar se o username é um user com o role que está em hasRole.role() |
if(session.getUser().getRoles() == null) |
throw new NotAuthenticatedException("Access Denied, missing role at " + pjp.getSourceLocation().getFileName() + " " + pjp.getSourceLocation().getLine() + " service: " + pjp.getSignature().getName()); |
String[] roles = session.getUser().getRoles().split(","); |
for(String checkRole: rolesIn) |
{ |
if(Arrays.asList(roles).contains(checkRole)) |
{ |
return pjp.proceed(); |
} |
} |
throw new FailRoleException("Access Denied, does not have role " + hasRole.role() + " at " + pjp.getSourceLocation().getFileName() + " " + pjp.getSourceLocation().getLine() + " service: " + pjp.getSignature().getName()); |
} |
@Around("printParameterExamplePointCut(printParameterExample) && executionPointCut()") |
public Object printParameterExampleAdvise(ProceedingJoinPoint pjp, PrintParameterExample printParameterExample) throws Throwable |
{ |
System.out.println("PARAMETRO: " + JointPointUtils.getParameter(pjp,printParameterExample.paramName())); |
return pjp.proceed(); |
} |
} |
/es2018/17210/src/java/pt/estgp/es/exemplos/hibernate/security/logic/FailRoleException.java |
---|
New file |
0,0 → 1,28 |
package pt.estgp.es.exemplos.hibernate.security.logic; |
/** |
* Created by jorgemachado on 23/10/18. |
*/ |
public class FailRoleException extends AccessDeniedException |
{ |
public FailRoleException() { |
super(); |
} |
public FailRoleException(String message) { |
super(message); |
} |
public FailRoleException(String message, Throwable cause) { |
super(message, cause); |
} |
public FailRoleException(Throwable cause) { |
super(cause); |
} |
public FailRoleException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) { |
super(message, cause, enableSuppression, writableStackTrace); |
} |
} |
/es2018/17210/src/java/pt/estgp/es/exemplos/hibernate/security/logic/HasRole.java |
---|
New file |
0,0 → 1,16 |
package pt.estgp.es.exemplos.hibernate.security.logic; |
import java.lang.annotation.ElementType; |
import java.lang.annotation.Retention; |
import java.lang.annotation.RetentionPolicy; |
import java.lang.annotation.Target; |
/** |
* Created by jorgemachado on 18/10/18. |
*/ |
@Retention(RetentionPolicy.RUNTIME) |
@Target({ElementType.TYPE, ElementType.METHOD, ElementType.PARAMETER}) |
public @interface HasRole |
{ |
public String role() default ""; |
} |
/es2018/17210/src/java/pt/estgp/es/exemplos/hibernate/security/logic/IsAuthenticated.java |
---|
New file |
0,0 → 1,9 |
package pt.estgp.es.exemplos.hibernate.security.logic; |
/** |
* Created by jorgemachado on 18/10/18. |
*/ |
public @interface IsAuthenticated |
{ |
} |
/es2018/17210/src/java/pt/estgp/es/exemplos/hibernate/security/logic/JointPointUtils.java |
---|
New file |
0,0 → 1,27 |
package pt.estgp.es.exemplos.hibernate.security.logic; |
import org.aspectj.lang.ProceedingJoinPoint; |
import org.aspectj.lang.Signature; |
import org.aspectj.lang.reflect.MethodSignature; |
/** |
* Created by jorgemachado on 30/10/18. |
*/ |
public class JointPointUtils |
{ |
public static Object getParameter(ProceedingJoinPoint joinPoint, String paramName) throws Throwable { |
final Signature signature = joinPoint.getStaticPart().getSignature(); |
if (signature instanceof MethodSignature) { |
final MethodSignature ms = (MethodSignature) signature; |
String[] params = ms.getParameterNames(); |
Object[] args = joinPoint.getArgs(); |
for (int argIndex = 0; argIndex < args.length; argIndex++) |
{ if(params[argIndex].equals(paramName)) |
return args[argIndex]; |
} |
} |
return null; |
} |
} |
/es2018/17210/src/java/pt/estgp/es/exemplos/hibernate/security.zip |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+ application/octet-stream |
/es2018/17210/src/java/pt/estgp/es/exemplos/hibernate/web/pluginSession/ServerRegisterSession.java |
---|
New file |
0,0 → 1,34 |
package pt.estgp.es.exemplos.hibernate.web.pluginSession; |
import pt.estgp.es.exemplos.hibernate.UserSession; |
import pt.estgp.es.exemplos.hibernate.services.ServicoSessoes; |
import javax.servlet.ServletException; |
import javax.servlet.ServletRequest; |
import javax.servlet.http.HttpServletRequest; |
import java.io.IOException; |
public class ServerRegisterSession implements RegisterSession { |
/** |
* Abre uma sessao se esta não existir |
* Não lida com o User da Sessão, se não existir |
* significa que não está autenticado |
* |
* @param servletRequest |
* @return |
* @throws IOException |
* @throws ServletException |
*/ |
@Override |
public UserSession openSession(ServletRequest servletRequest) |
{ |
return new ServicoSessoes() |
.registerUserSession( |
((HttpServletRequest)servletRequest).getSession().getId() |
); |
} |
} |
/es2018/17210/src/java/pt/estgp/es/exemplos/hibernate/web/pluginSession/PluginFactory.java |
---|
New file |
0,0 → 1,23 |
package pt.estgp.es.exemplos.hibernate.web.pluginSession; |
import java.io.IOException; |
import java.util.Properties; |
public class PluginFactory |
{ |
static Properties properties = new Properties(); |
static |
{ |
try { |
properties.load(PluginFactory.class.getResourceAsStream("/plugins.properties")); |
} catch (IOException e) { |
e.printStackTrace(); |
} |
} |
public static Object getPlugin(Class iface) throws ClassNotFoundException, IllegalAccessException, InstantiationException |
{ |
String classNameVerdadeiro = properties.getProperty(iface.getName()); |
return Class.forName(classNameVerdadeiro).newInstance(); |
} |
} |
/es2018/17210/src/java/pt/estgp/es/exemplos/hibernate/web/pluginSession/DevelopRegisterSession.java |
---|
New file |
0,0 → 1,55 |
package pt.estgp.es.exemplos.hibernate.web.pluginSession; |
import pt.estgp.es.exemplos.hibernate.HibernateUtils; |
import pt.estgp.es.exemplos.hibernate.User; |
import pt.estgp.es.exemplos.hibernate.UserSession; |
import pt.estgp.es.exemplos.hibernate.UserSessionImpl; |
import pt.estgp.es.exemplos.hibernate.security.SecurityContextProvider; |
import javax.servlet.ServletException; |
import javax.servlet.ServletRequest; |
import javax.servlet.http.HttpServletRequest; |
import java.io.IOException; |
public class DevelopRegisterSession implements RegisterSession { |
/** |
* Abre uma sessao se esta não existir e associa-a sempre ao User com id 1 |
* @param servletRequest |
* @return |
* @throws IOException |
* @throws ServletException |
*/ |
@Override |
public UserSession openSession(ServletRequest servletRequest) { |
HttpServletRequest request = (HttpServletRequest) servletRequest; |
SecurityContextProvider.getInstance().registerSessionContext(request.getSession().getId()); |
UserSession session; |
HibernateUtils.getCurrentSession().beginTransaction(); |
try { |
//TODO Mudar par get em vez de load como demonstra a imagem |
session = (UserSession) HibernateUtils.getCurrentSession().get(UserSession.class, request.getSession().getId()); |
if(session == null) |
{ |
session = new UserSessionImpl(); |
session.setCookie(request.getSession().getId()); |
HibernateUtils.getCurrentSession().save(session); |
} |
}catch(Exception e) |
{ |
session = new UserSessionImpl(); |
session.setCookie(request.getSession().getId()); |
HibernateUtils.getCurrentSession().save(session); |
} |
User u = (User) HibernateUtils.getCurrentSession().get(User.class, new Long(1)); |
u = (User) HibernateUtils.narrow(u); |
session.setUser(u); |
session = (UserSession) HibernateUtils.narrow(session); |
HibernateUtils.getCurrentSession().getTransaction().commit(); |
return session; |
} |
} |
/es2018/17210/src/java/pt/estgp/es/exemplos/hibernate/web/pluginSession/RegisterSession.java |
---|
New file |
0,0 → 1,12 |
package pt.estgp.es.exemplos.hibernate.web.pluginSession; |
import pt.estgp.es.exemplos.hibernate.UserSession; |
import javax.servlet.ServletException; |
import javax.servlet.ServletRequest; |
import java.io.IOException; |
public interface RegisterSession |
{ |
public UserSession openSession(ServletRequest servletRequest); |
} |
/es2018/17210/src/java/pt/estgp/es/exemplos/hibernate/web/pluginSession.zip |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+ application/octet-stream |
/es2018/17210/src/java/pt/estgp/es/exemplos/hibernate/web/login/LoginRest.java |
---|
New file |
0,0 → 1,35 |
package pt.estgp.es.exemplos.hibernate.web.login; |
import org.json.JSONException; |
import org.json.JSONObject; |
import pt.estgp.es.exemplos.hibernate.web.rest.AbstractRestServlet; |
import javax.servlet.http.HttpServletRequest; |
import javax.servlet.http.HttpServletResponse; |
public class LoginRest extends AbstractRestServlet |
{ |
public JSONObject login(JSONObject data, HttpServletRequest req, HttpServletResponse resp) throws JSONException |
{ |
String username = data.getString("username"); |
String password = data.getString("password"); |
System.out.println(username); |
System.out.println(password); |
JSONObject js = new JSONObject(); |
js.put("result","ok"); |
addMessage("User autenticado com sucesso",req); |
return js; |
} |
public JSONObject logout(JSONObject data, HttpServletRequest req, HttpServletResponse resp) throws JSONException |
{ |
JSONObject js = new JSONObject(); |
js.put("result","ok"); |
return js; |
} |
} |
/es2018/17210/src/java/pt/estgp/es/exemplos/hibernate/web/SecurityFilter.java |
---|
New file |
0,0 → 1,55 |
package pt.estgp.es.exemplos.hibernate.web; |
import org.apache.log4j.Logger; |
import pt.estgp.es.exemplos.hibernate.UserSession; |
import pt.estgp.es.exemplos.hibernate.web.pluginSession.PluginFactory; |
import pt.estgp.es.exemplos.hibernate.web.pluginSession.RegisterSession; |
import javax.servlet.*; |
import javax.servlet.http.HttpServletResponse; |
import java.io.IOException; |
public class SecurityFilter implements Filter { |
private static final Logger logger = Logger.getLogger(SecurityFilter.class); |
private static final String SESSION_IN_REQUEST_KEY = "UserSession"; |
@Override |
public void init(FilterConfig filterConfig) throws ServletException { |
} |
@Override |
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { |
HttpServletResponse response = (HttpServletResponse) servletResponse; |
loadSessionProxy(servletRequest); |
filterChain.doFilter(servletRequest, response); |
} |
public static UserSession loadSessionProxy(ServletRequest servletRequest) throws IOException, ServletException { |
UserSession session = (UserSession) servletRequest.getAttribute(SESSION_IN_REQUEST_KEY); |
try { |
if(session == null) { |
RegisterSession plugin; |
plugin = (RegisterSession) PluginFactory.getPlugin(RegisterSession.class); |
session = plugin.openSession(servletRequest); |
servletRequest.setAttribute(SESSION_IN_REQUEST_KEY,session); |
} |
} catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) { |
logger.error(e,e); |
return null; |
} |
return session; |
} |
@Override |
public void destroy() { |
} |
} |
/es2018/17210/src/java/pt/estgp/es/exemplos/hibernate/web/rest/AbstractRestServlet.java |
---|
New file |
0,0 → 1,150 |
package pt.estgp.es.exemplos.hibernate.web.rest; |
import org.json.JSONArray; |
import org.json.JSONException; |
import org.json.JSONObject; |
import pt.estgp.es.exemplos.hibernate.utils.StreamsUtils; |
import javax.servlet.ServletException; |
import javax.servlet.http.HttpServlet; |
import javax.servlet.http.HttpServletRequest; |
import javax.servlet.http.HttpServletResponse; |
import java.io.IOException; |
import java.io.InputStream; |
import java.io.PrintWriter; |
import java.lang.reflect.InvocationTargetException; |
import java.lang.reflect.Method; |
import java.util.ArrayList; |
import java.util.List; |
public abstract class AbstractRestServlet extends HttpServlet |
{ |
public void addMessage(String mensagem, HttpServletRequest request) |
{ |
List<String> messages = (List<String>) request.getAttribute("Messages"); |
messages.add(mensagem); |
} |
@Override |
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { |
process(req,resp); |
} |
@Override |
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { |
process(req,resp); |
} |
protected void process(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException |
{ |
req.setAttribute("Messages",new ArrayList<String>()); |
if(req.getContentType() != null && req.getContentType().equalsIgnoreCase("application/json")) |
{ |
InputStream content = req.getInputStream(); |
if(content != null) |
{ |
try { |
ParseJsonRequestResult parseJsonRequestResult = new ParseJsonRequestResult(content).invoke(); |
invokeService(req, resp, parseJsonRequestResult.getService(), parseJsonRequestResult.getData()); |
} catch (Throwable e) { |
sendErrorResponse(resp, e); |
} |
} |
} |
else |
{ |
JSONObject response = new JSONObject(); |
try { |
response.put("service","error"); |
response.put("response","REST REQUEST REQUIRED"); |
resp.setContentType("application/json"); |
PrintWriter pw = resp.getWriter(); |
pw.write(response.toString()); |
} catch (JSONException e) { |
e.printStackTrace(); |
} |
} |
} |
private void invokeService(HttpServletRequest req, HttpServletResponse resp, String service, JSONObject data) throws NoSuchMethodException, IllegalAccessException, InvocationTargetException, JSONException, IOException { |
Method innerMethod = this.getClass().getMethod(service,new Class[]{ |
JSONObject.class, |
HttpServletRequest.class, |
HttpServletResponse.class}); |
JSONObject obj = (JSONObject) innerMethod.invoke(this,new Object[]{data,req,resp}); |
JSONObject response = new JSONObject(); |
response.put("service","ok"); |
response.put("response",obj); |
List<String> messages = (List<String>) req.getAttribute("Messages"); |
if(messages.size() > 0) |
{ |
JSONArray msgs = new JSONArray(); |
for(String msgAdded: messages) |
{ |
msgs.put(msgAdded); |
} |
response.put("messages",msgs); |
} |
resp.setContentType("application/json"); |
PrintWriter pw = resp.getWriter(); |
pw.write(response.toString()); |
} |
private void sendErrorResponse(HttpServletResponse resp, Throwable e) throws IOException { |
e.printStackTrace(); |
JSONObject response = new JSONObject(); |
try { |
response.put("service","error"); |
response.put("exception",e.toString()); |
resp.setContentType("application/json"); |
PrintWriter pw = resp.getWriter(); |
pw.write(response.toString()); |
} catch (JSONException e1) { |
e1.printStackTrace(); |
} |
} |
private class ParseJsonRequestResult { |
private InputStream content; |
private String service; |
private JSONObject data; |
public ParseJsonRequestResult(InputStream content) { |
this.content = content; |
} |
public String getService() { |
return service; |
} |
public JSONObject getData() { |
return data; |
} |
public ParseJsonRequestResult invoke() throws IOException, JSONException { |
JSONObject requestObj; |
String json = StreamsUtils.readString(content); |
requestObj = new JSONObject(json); |
System.out.println("REQUEST JSON:"); |
System.out.println(requestObj.toString()); |
service = requestObj.getString("service"); |
data = requestObj.has("data") ? requestObj.getJSONObject("data") : null; |
return this; |
} |
} |
} |
/es2018/17210/src/java/teste/Teste2.java |
---|
New file |
0,0 → 1,4 |
package teste; |
public class Teste2 { |
} |
/es2018/17210/src/java/teste/Teste3.java |
---|
New file |
0,0 → 1,4 |
package teste; |
public class Teste3 { |
} |
/es2018/17210/src/web/errors/403.jsp |
---|
New file |
0,0 → 1,8 |
<%@ page import="pt.estgp.es.Teste" %> |
<%@page language="java" contentType="UTF-8" %> |
<% |
request.getSession().setAttribute("user",u); |
%> |
Nao autorizado |
/es2018/17210/src/web/errors/404.jsp |
---|
New file |
0,0 → 1,4 |
<%@ page import="pt.estgp.es.Teste" %> |
<%@page language="java" contentType="UTF-8" %> |
POagina nao encontrada |
/es2018/17210/src/web/js/rest-layer.js |
---|
New file |
0,0 → 1,47 |
function rest(restAction,serviceName,data,webMessagesContainer,handlerOk,handlerFail) |
{ |
var request = |
{ |
data : data, |
service : serviceName |
}; |
$.ajax({ |
url: restAction, |
type: "POST", |
contentType: "application/json", |
data: JSON.stringify(request), |
dataType: "json", |
success: function(resposta) |
{ |
$(webMessagesContainer).find(".web-messages").html(""); |
if(resposta.service == "error") |
{ |
$(webMessagesContainer).find(".web-messages").html('<div class="alert alert-danger">' + resposta.exception + '</div>'); |
if(handlerFail != undefined) |
{ |
handlerFail(resposta.exception); |
} |
} |
else if(resposta.service == "ok") |
{ |
for(var msg in resposta.messages) |
{ |
$(webMessagesContainer).find(".web-messages").append('<div class="alert alert-success">' + resposta.messages[msg] + '</div>'); |
} |
if(handlerOk != undefined) |
handlerOk(resposta.response); |
} |
}, |
error: function(resposta) { |
$(webMessagesContainer).find(".web-messages").html('<div class="alert alert-danger">Erro de comunicação, por favor tente novamente</div>'); |
if(handlerFail != undefined) |
{ |
handlerFail(resposta); |
} |
} |
}); |
} |
/es2018/17210/src/web/apresentaPagina.jsp |
---|
16,17 → 16,11 |
<title></title> |
</head> |
<body> |
<% |
if(UserSession.getUser() != null) |
{ |
} |
%> |
Olá ${UserSession.user.nome} estamos a ver uma página. |
<% |
pt.estgp.es.exemplos.hibernate.UserSession sess = SecurityFilter.loadSessionProxy(request); |
String id = request.getParameter("id"); |
HibernateUtils.getCurrentSession().beginTransaction(); |
/es2018/17210/build.properties |
---|
1,6 → 1,6 |
#tomcat.home=C:/Users/Jorge/Documents/estg/cadeiras/EngSoft/material/apache-tomcat-5.5.27 |
#tomcat.home=C:/Users/17210/Desktop/apache-tomcat-9.0.0.M6 |
tomcat.home=C:/Users/Nox/Desktop/3ano/es/Desktop/apache-tomcat-9.0.0.M6 |
tomcat.home=C:/Users/jmachado/Documents/workspace/apache-tomcat-9.0.0.M6 |
#tomcat.common.lib=${tomcat.home}/common/lib |
#tomcat.server.lib=${tomcat.home}/server/lib |
tomcat.common.lib=${tomcat.home}/lib |