Commit f57fae78 authored by michael.simon's avatar michael.simon
Browse files

define more admin account roles. Make admin user password hashable

parent 2c2d1a61
......@@ -102,13 +102,14 @@ public class ApplicationBootstrap {
checkRole("UserAdmin");
checkRole("GroupAdmin");
checkRole("ServiceAdmin");
checkRole("RestServiceAdmin");
checkRole("SamlAdmin");
checkRole("BusinessRuleAdmin");
checkRole("BulkAdmin");
checkRole("TimerAdmin");
checkRole("AuditAdmin");
checkRole("User");
logger.info("Initializing admin Account");
if (adminUserService.findByUsername("admin") == null) {
AdminUserEntity a = adminUserService.createNew();
......
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.bean.admin;
import java.io.Serializable;
import javax.annotation.PostConstruct;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.inject.Named;
import edu.kit.scc.webreg.entity.AdminUserEntity;
import edu.kit.scc.webreg.service.AdminUserService;
import edu.kit.scc.webreg.util.ViewIds;
@Named("addAdminUserBean")
@RequestScoped
public class AddAdminUserBean implements Serializable {
private static final long serialVersionUID = 1L;
@Inject
private AdminUserService service;
private AdminUserEntity entity;
@PostConstruct
public void init() {
entity = service.createNew();
}
public String save() {
entity = service.save(entity);
return ViewIds.SHOW_ADMIN_USER + "?id=" + entity.getId() + "&faces-redirect=true";
}
public AdminUserEntity getEntity() {
return entity;
}
public void setEntity(AdminUserEntity entity) {
this.entity = entity;
}
}
......@@ -11,6 +11,12 @@
package edu.kit.scc.webreg.bean.admin;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Provider.Service;
import java.security.Security;
import java.util.ArrayList;
import java.util.List;
......@@ -19,8 +25,10 @@ import javax.faces.bean.ViewScoped;
import javax.faces.event.ComponentSystemEvent;
import javax.inject.Inject;
import org.apache.commons.codec.binary.Base64;
import org.primefaces.event.TransferEvent;
import org.primefaces.model.DualListModel;
import org.slf4j.Logger;
import edu.kit.scc.webreg.entity.AdminUserEntity;
import edu.kit.scc.webreg.entity.RoleEntity;
......@@ -33,6 +41,9 @@ public class ShowAdminUserBean implements Serializable {
private static final long serialVersionUID = 1L;
@Inject
private Logger logger;
@Inject
private AdminUserService adminUserService;
......@@ -44,14 +55,11 @@ public class ShowAdminUserBean implements Serializable {
private DualListModel<RoleEntity> roleList;
private Long id;
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
private String newPassword;
private Boolean hashPassword;
private String[] hashMethod;
private String selectedHashMethod;
public void preRenderView(ComponentSystemEvent ev) {
if (entity == null) {
......@@ -65,11 +73,27 @@ public class ShowAdminUserBean implements Serializable {
roleList.setSource(sourceList);
roleList.setTarget(targetList);
fillHashMethod();
selectedHashMethod = hashMethod[0];
}
}
protected void fillHashMethod() {
Provider provider = Security.getProvider("BC");
List<String> algoList = new ArrayList<String>();
for (Service service : provider.getServices()) {
if (service.getType().equals("MessageDigest")) {
algoList.add(service.getAlgorithm());
}
}
hashMethod = algoList.toArray(new String[]{});
}
public void onTransfer(TransferEvent event) {
entity = adminUserService.findByIdWithAttrs(id, "roles");
if (event.isAdd()) {
for (Object o : event.getItems()) {
RoleEntity role = (RoleEntity) o;
......@@ -87,6 +111,34 @@ public class ShowAdminUserBean implements Serializable {
entity = adminUserService.findByIdWithAttrs(id, "roles");
}
public void savePassword() {
if (newPassword != null) {
newPassword = newPassword.trim();
if (hashPassword) {
try {
MessageDigest md = MessageDigest.getInstance(selectedHashMethod);
byte[] bytes = newPassword.getBytes(("UTF-8"));
md.update(bytes);
byte[] digest = md.digest();
String hash = "{" + selectedHashMethod + "|" + new String(Base64.encodeBase64(digest)) + "}";
entity.setPassword(hash);
} catch (NoSuchAlgorithmException e) {
logger.warn("Oh no", e);
} catch (UnsupportedEncodingException e) {
logger.warn("Oh no", e);
}
}
else {
entity.setPassword(newPassword);
}
entity = adminUserService.save(entity);
entity = adminUserService.findByIdWithAttrs(id, "roles");
newPassword = "";
}
}
public AdminUserEntity getEntity() {
return entity;
}
......@@ -102,5 +154,44 @@ public class ShowAdminUserBean implements Serializable {
public void setRoleList(DualListModel<RoleEntity> roleList) {
this.roleList = roleList;
}
public String getNewPassword() {
return newPassword;
}
public void setNewPassword(String newPassword) {
this.newPassword = newPassword;
}
public Boolean getHashPassword() {
return hashPassword;
}
public void setHashPassword(Boolean hashPassword) {
this.hashPassword = hashPassword;
}
public String[] getHashMethod() {
return hashMethod;
}
public void setHashMethod(String[] hashMethod) {
this.hashMethod = hashMethod;
}
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
public String getSelectedHashMethod() {
return selectedHashMethod;
}
public void setSelectedHashMethod(String selectedHashMethod) {
this.selectedHashMethod = selectedHashMethod;
}
}
......@@ -57,7 +57,8 @@ public class AccessChecker {
addAccessNode(adminNode, "group", true, "ROLE_GroupAdmin");
AccessNode restNode = addAccessNode(root, "rest", false, "ROLE_MasterAdmin", "ROLE_RestAdmin");
addAccessNode(restNode, "service-admin", true, "ROLE_RestServiceAdmin");
AccessNode droolsNode = addAccessNode(restNode, "drools", true);
addAccessNode(droolsNode, "test", true);
......
......@@ -11,6 +11,9 @@
package edu.kit.scc.webreg.sec;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
......@@ -140,10 +143,11 @@ public class SecurityFilter implements Filter {
new String(Base64.decodeBase64(auth.substring(index).getBytes())), ":", 2);
if (credentials.length == 2) {
AdminUserEntity adminUser = adminUserService.findByUsernameAndPassword(
credentials[0], credentials[1]);
AdminUserEntity adminUser = adminUserService.findByUsername(
credentials[0]);
if (adminUser != null) {
if (adminUser != null && passwordsMatch(adminUser.getPassword(), credentials[1])) {
List<RoleEntity> roleList = adminUserService.findRolesForUserById(adminUser.getId());
Set<String> roles = convertRoles(roleList);
......@@ -166,6 +170,31 @@ public class SecurityFilter implements Filter {
response.sendError( HttpServletResponse.SC_UNAUTHORIZED );
}
private boolean passwordsMatch(String password, String comparePassword) {
if (password == null || comparePassword == null)
return false;
if (password.startsWith("{") && password.endsWith("}") && password.contains("|")) {
String method = password.substring(1, password.indexOf("|") - 1);
try {
MessageDigest md = MessageDigest.getInstance(method);
byte[] bytes = comparePassword.getBytes(("UTF-8"));
md.update(bytes);
byte[] digest = md.digest();
comparePassword = "{" + method + "|" + new String(Base64.encodeBase64(digest)) + "}";
} catch (NoSuchAlgorithmException e) {
logger.warn("Oh no", e);
} catch (UnsupportedEncodingException e) {
logger.warn("Oh no", e);
}
}
if (password.equals(comparePassword))
return true;
else
return false;
}
private String getFullURL(HttpServletRequest request) {
StringBuilder sb = new StringBuilder(request.getRequestURI());
String query = request.getQueryString();
......
......@@ -18,6 +18,9 @@ public class ViewIds {
public static final String SHOW_USER = "/admin/user/show-user.xhtml";
public static final String LIST_USERS = "/admin/user/list-users.xhtml";
public static final String SHOW_ADMIN_USER = "/admin/user/show-admin-user.xhtml";
public static final String LIST_ADMIN_USERS = "/admin/user/list-admin-users.xhtml";
/*
* Config
*/
......
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:bw="http://www.scc.kit.edu/bwfacelets"
xmlns:p="http://primefaces.org/ui">
<head>
<title></title>
</head>
<body>
<ui:composition template="/template/default-admin.xhtml">
<ui:param name="title" value="#{messages.title}"/>
<ui:define name="content">
<h:form id="form">
<h2><h:outputText value="#{messages.admin_user}: #{messages.add_user}"/></h2>
<div id="panelInline">
<p:panel header="#{messages.admin_user}">
<p:panelGrid id="baseData" columns="2">
<bw:inputText id="nameField" label="#{messages.name}"
value="#{addAdminUserBean.entity.username}" required="true"/>
<bw:inputText id="pwField" label="#{messages.password}"
value="#{addAdminUserBean.entity.password}" required="true"/>
</p:panelGrid>
<p:commandButton id="save" action="#{addAdminUserBean.save}" value="#{messages.save}"/>
</p:panel>
</div>
</h:form>
</ui:define>
</ui:composition>
</body>
</html>
......@@ -60,6 +60,8 @@
<h:outputText value="#{user.version}" />
</p:column>
</p:dataTable>
<h:link outcome="add-admin-user.xhtml" value="#{messages.add_admin_user}"/><br />
</h:form>
......
......@@ -35,7 +35,7 @@
<h:outputText value="#{messages.id}:"/>
<h:outputText value="#{showAdminUserBean.entity.id}"/>
<h:outputText value="#{messages.given_name}:"/>
<h:outputText value="#{messages.name}:"/>
<h:outputText value="#{showAdminUserBean.entity.username}"/>
<h:outputText value="#{messages.created_at}:"/>
......@@ -50,7 +50,8 @@
</p:panelGrid>
</p:panel>
</div>
<div id="panelInline">
<div id="panelInline" style="margin-top: 8px;">
<p:panel id="rolePanel" header="#{messages.roles}">
<p:pickList var="role" value="#{showAdminUserBean.roleList}" itemLabel="#{role.name}"
itemValue="#{role}" converter="#{roleConverter}"
......@@ -60,6 +61,30 @@
</p:panel>
</div>
<div id="panelInline" style="margin-top: 8px;">
<p:panel id="pwPanel" header="#{messages.password}" collapsed="true" toggleable="true">
<p:panelGrid id="pwBaseData" columns="2">
<h:outputText value="#{messages.password}:"/>
<h:outputText value="#{showAdminUserBean.entity.password}"/>
<h:outputText value="#{messages.new_password}:"/>
<p:inputText value="#{showAdminUserBean.newPassword}"/>
<h:outputText value="#{messages.hash_password}:"/>
<h:panelGroup>
<p:selectBooleanCheckbox value="#{showAdminUserBean.hashPassword}"/>
<p:selectOneMenu value="#{showAdminUserBean.selectedHashMethod}" style="margin-left: 8px;">
<f:selectItems value="#{showAdminUserBean.hashMethod}"/>
</p:selectOneMenu>
</h:panelGroup>
</p:panelGrid>
<p:commandButton action="#{showAdminUserBean.savePassword()}" update=":form:pwPanel"
value="#{messages.set_new_password}"/>
</p:panel>
</div>
</h:form>
</ui:define>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment