FWD » Core Development » User Interface

/*

 ** Module   : HotelGuiSsoAuthenticator.java

 ** Abstract : SsoAuthenticator implementation for hotel_gui.

 **

 ** Copyright (c) 2023, Golden Code Development Corporation.

 **

 ** _#_ _I_ __Date__ ________________________________Description___________________________________

 ** 001 GBB 20231005 Created initial version.

 */

/*

 ** This program is free software: you can redistribute it and/or modify

 ** it under the terms of the GNU Affero General Public License as

 ** published by the Free Software Foundation, either version 3 of the

 ** License, or (at your option) any later version.

 **

 ** This program is distributed in the hope that it will be useful,

 ** but WITHOUT ANY WARRANTY; without even the implied warranty of

 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 ** GNU Affero General Public License for more details.

 **

 ** You may find a copy of the GNU Affero GPL version 3 at the following

 ** location: https://www.gnu.org/licenses/agpl-3.0.en.html

 **

 ** Additional terms under GNU Affero GPL version 3 section 7:

 **

 **   Under Section 7 of the GNU Affero GPL version 3, the following additional

 **   terms apply to the works covered under the License.  These additional terms

 **   are non-permissive additional terms allowed under Section 7 of the GNU

 **   Affero GPL version 3 and may not be removed by you.

 **

 **   0. Attribution Requirement.

 **

 **     You must preserve all legal notices or author attributions in the covered

 **     work or Appropriate Legal Notices displayed by works containing the covered

 **     work.  You may not remove from the covered work any author or developer

 **     credit already included within the covered work.

 **

 **   1. No License To Use Trademarks.

 **

 **     This license does not grant any license or rights to use the trademarks

 **     Golden Code, FWD, any Golden Code or FWD logo, or any other trademarks

 **     of Golden Code Development Corporation. You are not authorized to use the

 **     name Golden Code, FWD, or the names of any author or contributor, for

 **     publicity purposes without written authorization.

 **

 **   2. No Misrepresentation of Affiliation.

 **

 **     You may not represent yourself as Golden Code Development Corporation or FWD.

 **

 **     You may not represent yourself for publicity purposes as associated with

 **     Golden Code Development Corporation, FWD, or any author or contributor to

 **     the covered work, without written authorization.

 **

 **   3. No Misrepresentation of Source or Origin.

 **

 **     You may not represent the covered work as solely your work.  All modified

 **     versions of the covered work must be marked in a reasonable way to make it

 **     clear that the modified work is not originating from Golden Code Development

 **     Corporation or FWD.  All modified versions must contain the notices of

 **     attribution required in this license.

 */

package com.goldencode.hotel;

import com.goldencode.p2j.directory.*;

import com.goldencode.p2j.main.*;

import com.goldencode.p2j.persist.*;

import com.goldencode.p2j.security.*;

import com.goldencode.p2j.util.*;

import com.goldencode.p2j.util.logging.*;

import com.goldencode.util.*;

import javax.servlet.http.*;

import java.lang.*;

import java.sql.*;

import java.util.*;

import java.util.logging.*;

/** SsoAuthenticator implementation for hotel_gui */

public class HotelGuiSsoAuthenticator

implements SsoAuthenticator

{

   /** Logger. */

   private static final CentralLogger LOG = CentralLogger.get(HotelGuiSsoAuthenticator.class);

   /** Select query for prepared statement to check for user / pass */

   private static final String QUERY_SELECT_COUNT_MATCHING_CREDS =

      "SELECT COUNT(*) as count FROM meta_user WHERE userid = upper(rtrim(?)) AND password = ?";

   /** Database connection. */

   private static Connection dbConnection;

   /** Database connection. */

   private String defaultFwdAccount;

   /**

    * Provides options configured in directory under config/auth-mode/ssopluginoption. Plain text that can 

    * contain any number of configs to be parsed by the custom implementation of the authenticator. The 

    * method is called right after the current object is instantiated, before any authentication takes place.

    *

    * @param    option

    *           Plain text that can contain any number of configs.

    */

   @Override

   public void setOption(String option)

   {

      if (StringHelper.hasContent(option))

      {

         defaultFwdAccount = option;

      }

   }

   /**

    * Receives as an argument the html template loaded from the standard location in the custom package or 

    * null if no resource present.

    *

    * @param    loadedTemplate

    *           The html template loaded from the standard location in the custom root package or null.

    *

    * @return   The inflated template ready to be served as login page or null.

    */

   @Override

   public String getLoginPage(String loadedTemplate)

   {

      return null;

   }

   /**

    * Validates the POST request data against an authentication provider (DB, 3rd party directory, custom 

    * auth server, etc) and returns a container with all details needed by the FWD framework to respond to 

    * the auth request and eventually spawn a new client with the specified authorization. If the FWD SDK

    * script is used on the login page, the parameters map contains {@link #FWD_SDK_LOGIN_PARAM_USER} and

    * {@link #FWD_SDK_LOGIN_PARAM_PASS}.

    *

    * @param    paramMap

    *           A map of all query / form params.

    * @param    cookies

    *           All cookies coming with the HTTP request.

    * @param    licensingData

    *           Data that can be used for enforcing licensing policy.

    *

    * @return   A container with all details needed by the FWD framework to spawn a new client.

    */

   @Override

   public Result authenticate(Map<String, String[]> paramMap, Cookie[] cookies, LicensingData licensingData)

   {

      if (dbConnection == null)

      {

         try

         {

            connectToDb();

         }

         catch (Throwable e)

         {

            LOG.severe("Can't connect to db.", e);

            return generateFailedAuthResult();

         }

      }

      String appUser = paramMap.get(FWD_SDK_LOGIN_PARAM_USER)[0];

      String appPass = paramMap.get(FWD_SDK_LOGIN_PARAM_PASS)[0];

      String encodedPass = SecurityOps.encode(appPass).toStringMessage();

      try

      {

         PreparedStatement stmt = dbConnection.prepareStatement(QUERY_SELECT_COUNT_MATCHING_CREDS);

         stmt.setString(1, appUser);

         stmt.setString(2, encodedPass);

         ResultSet resultSet = stmt.executeQuery();

         if (!resultSet.next() || resultSet.getInt("count") == 0)

         {

            LOG.log(Level.FINER, "Cant authenticate the user %s against the db.", appUser);

            return generateFailedAuthResult();

         }

      }

      catch (SQLException e)

      {

         LOG.log(Level.FINER, e, "Cant authenticate the user %s against the db.", appUser);

         return generateFailedAuthResult();

      }

      return new Result(true, defaultFwdAccount, appUser, null, null);

   }

   /**

    * Invalidates the web session associated with the authentication cookie by communicating with the auth 

    * server or updating the DB and returns a cookie with the same name, but invalid value.

    *

    * @param    cookies

    *           The cookie to be returned to the browser and used in the next auth requests.

    *

    * @return   <code>null</code> if the web session / cookie invalidation failed, otherwise an 

    *           authentication Cookie with invalid value.

    */

   @Override

   public Cookie logout(Cookie[] cookies)

   {

      return null;

   }

   /**

    * Synchronized class method to load the DB configurations, driver and establish the connection.

    * 

    * @throws   ClassNotFoundException

    *           May get produced by loading the driver class, if it's not in the classpath.

    * @throws   SQLException

    *           May get produced by trying to establish the DB connection.

    */

   private static synchronized void connectToDb()

   throws ClassNotFoundException,

          SQLException

   {

      if (dbConnection != null)

      {

         return;

      }

      String dbName = DatabaseManager.loadedOnStartup().get(0);

      DirectoryService ds = DirectoryService.getInstance();

      ds.bind();

      String driverClass = getDirString(ds, "database/" + dbName + "/orm/connection/driver_class");

      String url = getDirString(ds, "database/" + dbName + "/orm/connection/url");

      String username = getDirString(ds, "database/" + dbName + "/orm/connection/username");

      String password = getDirString(ds, "database/" + dbName + "/orm/connection/password");

      ds.unbind();

      // load db driver

      Class.forName(driverClass);

      dbConnection = DriverManager.getConnection(url, username, password);

   }

   /**

    * Convenience method to get the string from directory node.

    *

    * @param    ds

    *           Bound directory service.

    * @param    nodeId

    *           The node path.

    *           

    * @return   Returns the string value found in the specified note or null.

    */

   private static String getDirString(DirectoryService ds, String nodeId)

   {

      return Utils.getDirectoryNodeString(ds, nodeId, null,false);

   }

   /**

    * Returns the result, when the authentication fails.

    * 

    * @return   See above.

    */

   private static Result generateFailedAuthResult()

   {

      return new Result(false, WebDriverHandler.SupportedHttpCode.UNAUTHORIZED, null);

   }

}