· 10 years ago · Mar 16, 2016, 07:21 AM
1/**
2 * Title: blogAdmin<p>
3 * Description: Used to create and manage new threads, entries, groups and users in/for the journal.<p>
4 * @author Nathan Binford
5 * @version 1.2
6 */
7package org.nb.blog;
8
9import java.sql.*;
10import java.util.Date;
11import org.nb.Preferences;
12import org.xml.sax.SAXException;
13import javax.xml.parsers.ParserConfigurationException;
14import java.io.*;
15import java.security.*;
16import java.security.spec.*;
17import javax.crypto.*;
18import javax.crypto.spec.*;
19
20public class blogAdmin
21{
22 blogUser user; /** Authenticated User */
23 private Preferences pref; /** Application settings */
24
25 /**
26 *Constructor
27 */
28 public blogAdmin(blogUser user, String prefPath) throws blogException
29 {
30 if (user != null)
31 this.user = user; //set active user
32 else
33 throw new blogException("Authentication Failure. Invalid user name and password.");
34 try
35 {
36 pref = new Preferences(prefPath);
37 }
38 catch (ParserConfigurationException e) { throw new blogException("Cannot load preferences file. Message: " + e.getMessage()); }
39 catch (SAXException e) { throw new blogException("Cannot load preferences file. Message: " + e.getMessage()); }
40 catch (IOException e) { throw new blogException("Cannot load preferences file. Message: " + e.getMessage()); }
41 }
42
43 /**
44 *Create new thread and make it a child of the thread whose threadID matches parent (for top-level threads - those w/o parents - set parent = 0).
45 */
46 public void createThread(blogThread thread) throws blogException
47 {
48 Connection conn;
49 Statement stmt;
50
51 try
52 {
53 //open database and write to it
54 Class.forName(pref.getPreference("DB", "ClassString"));
55 conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
56 stmt = conn.createStatement();
57
58 //check rights on parent thread if adding as a child
59 if (thread.getParent() != 0)
60 {
61 if (user.checkRights(thread.getParent()).indexOf("write") == -1)
62 throw new blogException("Authentication Error. User does not have sufficent access rights.");
63 }
64
65 //if user does have rights or doesn't need them, then add the thread
66 stmt.executeUpdate("INSERT INTO threads (parent, title, description, owner) VALUES (" + thread.getParent() + ", '" + thread.getTitle() + "', '" + thread.getDescription() + "', '" + user.getUser() + "')");
67 stmt.close();
68 conn.close();
69 }
70 catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
71 catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
72 }
73
74 /**
75 *Creates a new entry.
76 */
77 public void createEntry(blogEntry entry) throws blogException
78 {
79 Connection conn;
80 Statement stmt;
81 int threadID;
82
83 //check user's access rights
84 if ((user.checkRights(entry.getThreadID()).indexOf("write")) != -1)
85 {
86 try
87 {
88 //open the database and search for the given thread
89 Class.forName(pref.getPreference("DB", "ClassString"));
90 conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
91 stmt = conn.createStatement();
92
93 stmt.executeUpdate("INSERT INTO entries (threadID, name, author, date, content) VALUES (" + entry.getThreadID() + ", '" + entry.getName() + "', '" + entry.getAuthor() + "', '" + entry.getDate() + "', '" + entry.getContent() + "')");
94
95 stmt.close();
96 conn.close();
97 }
98 catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
99 catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
100 }
101 else
102 throw new blogException("Authentication Error. User does not have sufficent access rights.");
103 }
104
105 /*
106 *Delete a thread and all of its children.
107 **/
108 public void deleteThread(int threadID) throws blogException
109 {
110 Connection conn;
111 Statement stmt;
112 ResultSet rs;
113
114 if ((user.checkRights(threadID).indexOf("write")) != -1)
115 {
116 try
117 {
118 //open db
119 Class.forName(pref.getPreference("DB", "ClassString"));
120 conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
121 stmt = conn.createStatement();
122
123 //check the rights on all children
124 rs = stmt.executeQuery("SELECT threadID FROM threads WHERE parent = " + threadID);
125 while (rs.next())
126 deleteThread(rs.getInt("threadID"));
127 rs.close();
128
129 //user has access (blogException is thrown otherwise), continue
130 stmt.execute("DELETE FROM threads WHERE threadID = " + threadID); //delete thread
131 stmt.execute("DELETE FROM entries WHERE threadID = " + threadID); //delete thread's entries
132 stmt.execute("DELETE FROM threadPrivs WHERE threadID = " + threadID); //delete privilege records
133
134 stmt.close();
135 conn.close();
136 }
137 catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
138 catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
139 }
140 else
141 throw new blogException("Authentication Error. User does not have sufficent access rights to this thread, or a child of this thread.");
142 }
143
144 /*
145 *Delete an entry
146 **/
147 public void deleteEntry(int entryID, int threadID) throws blogException
148 {
149 Connection conn;
150 Statement stmt;
151
152 if ((user.checkRights(threadID).indexOf("write")) != -1)
153 {
154 try
155 {
156 Class.forName(pref.getPreference("DB", "ClassString"));
157 conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
158 stmt = conn.createStatement();
159 stmt.execute("DELETE FROM entries WHERE entryID = " + entryID); //delete entry
160
161 stmt.close();
162 conn.close();
163 }
164 catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
165 catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
166 }
167 else
168 throw new blogException("Authentication Error. User does not have sufficent access rights.");
169 }
170
171 /**
172 *Create a user
173 */
174 public void createUser(String usr, String password, String group) throws blogException
175 {
176 Connection conn;
177 Statement stmt;
178 ResultSet rs;
179 SecretKey key;
180 Cipher cip;
181 String keyStr;
182
183 try
184 {
185 BufferedReader r = new BufferedReader(new FileReader(pref.getPreference("KEY", "KeyFile")));
186
187 //user must be administrator to perform this action, is the user?
188 if (user.getUser().equals(pref.getPreference("USERS", "AdministrativeUser")))
189 {
190 //register JCE provider
191 Provider sunJce = new com.sun.crypto.provider.SunJCE();
192 Security.addProvider(sunJce);
193
194 //read in private key record from file
195 if ((keyStr = r.readLine()) != null)
196 {
197 //create SecretKey from key record
198 key = new SecretKeySpec(keyStr.getBytes(), "DES");
199
200 //encrypt supplied password using key
201 cip = Cipher.getInstance("DES");
202 cip.init(Cipher.ENCRYPT_MODE, key);
203 password = new String(cip.doFinal(password.getBytes()));
204 }
205 r.close();
206
207 Class.forName(pref.getPreference("DB", "ClassString"));
208 conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
209 stmt = conn.createStatement();
210
211 //check to see if group exists
212 rs = stmt.executeQuery("SELECT groupID FROM groups WHERE groupID = '" + group + "'");
213 if (!(rs.next()))
214 {
215 rs.close();
216 throw new blogException("Invalid data. Group " + group + " does not exist.");
217 }
218
219 //create user
220 stmt.execute("INSERT INTO users (user, password, groupID) VALUES ('" + usr + "', '" + password + "', '" + group + "')");
221
222 rs.close();
223 stmt.close();
224 conn.close();
225 }
226 else
227 throw new blogException("Authentication Error. User does not have sufficent access rights.");
228 }
229 catch (IllegalBlockSizeException e) { throw new blogException("Encryption Failure. Private Key Invalid."); }
230 catch (BadPaddingException e) { throw new blogException("Encryption Failure. Private Key Invalid."); }
231 catch (NoSuchPaddingException e) { throw new blogException("Encryption Failure. Private Key Invalid."); }
232 catch (InvalidKeyException e) { throw new blogException("Encryption Failure. Private Key Invalid."); }
233 catch (NoSuchAlgorithmException e) { throw new blogException("Encryption Failure. DES Algorithm Not Available."); }
234 catch (FileNotFoundException e) { throw new blogException("File Access Failure. Cannot locate key file specified."); }
235 catch (IOException e) { throw new blogException("File Access Failure: " + e.getMessage()); }
236 catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
237 catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
238 }
239
240 /**
241 *Create a group
242 */
243 public void createGroup(String group) throws blogException
244 {
245 Connection conn;
246 Statement stmt;
247
248 //user must be administrator to perform this action, is the user?
249 if (!(user.getUser().equals(pref.getPreference("Users", "AdministrativeUser"))))
250 {
251 try
252 {
253 Class.forName(pref.getPreference("DB", "ClassString"));
254 conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
255 stmt = conn.createStatement();
256
257 //create group
258 stmt.execute("INSERT INTO groups (groupID) VALUES ('" + group + "')");
259
260 stmt.close();
261 conn.close();
262 }
263 catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
264 catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
265 }
266 else
267 throw new blogException("Authentication Error. User must be administrator to perform this action.");
268 }
269
270 public static final int RIGHT_READ = 1; /** Used in context with setGroupRights, sets rights to read-only **/
271 public static final int RIGHT_READ_WRITE = 2; /** Used in context with setGroupRights, sets rights to read and write **/
272
273 /**
274 *Sets the access rights on a thread for a group.
275 */
276 public void setGroupRights(String group, int threadID, int rightsFlg) throws blogException
277 {
278 Connection conn;
279 Statement stmt;
280 ResultSet rs;
281 String rights;
282
283 //user must be administrator to perform this action, is user?
284 if (!(user.getUser().equals(pref.getPreference("Users", "AdministrativeUser"))))
285 {
286 //get rights to set
287 switch (rightsFlg)
288 {
289 case 1:
290 rights = "read";
291 break;
292 case 2:
293 rights = "read,write";
294 break;
295 default:
296 throw new blogException("Invalid data. Access rights setting not a valid option.");
297 }
298
299 try
300 {
301 Class.forName(pref.getPreference("DB", "ClassString"));
302 conn = DriverManager.getConnection(pref.getPreference("DB", "ConnectionString"));
303 stmt = conn.createStatement();
304
305 //set group access rights to thread
306 //has rights entry already been made?
307 rs = stmt.executeQuery("SELECT groupID FROM threadPrivs WHERE groupID = '" + group + "' AND threadID = " + threadID);
308 if (!rs.next())
309 //if so
310 stmt.execute("INSERT INTO threadPrivs (rights, groupID, threadID) VALUES ('" + rights + "', '" + group + "', " + threadID + ")");
311 else
312 //if not
313 stmt.executeUpdate("UPDATE threadPrivs SET rights = '" + rights + "' WHERE threadID = " + threadID + " AND groupID = '" + group + "'");
314
315 rs.close();
316 stmt.close();
317 conn.close();
318 }
319 catch (ClassNotFoundException e) { throw new blogException("Invalid Preference File Setting: JDBC Class. Message: " + e.getMessage()); }
320 catch (SQLException e) { throw new blogException("Database error. Message: " + e.getMessage()); }
321 }
322 else
323 throw new blogException("Authentication Error. User must be administrator to perform this action.");
324 }
325}