You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@rave.apache.org by mp...@apache.org on 2011/08/10 00:28:54 UTC
svn commit: r1155576 - in /incubator/rave/trunk/rave-commons: pom.xml
src/main/java/org/apache/rave/jdbc/util/SqlFileParser.java
Author: mpierce
Date: Tue Aug 9 22:28:53 2011
New Revision: 1155576
URL: http://svn.apache.org/viewvc?rev=1155576&view=rev
Log:
(RAVE-167) adding hashing and salting based on user name for built in user accounts.
Modified:
incubator/rave/trunk/rave-commons/pom.xml
incubator/rave/trunk/rave-commons/src/main/java/org/apache/rave/jdbc/util/SqlFileParser.java
Modified: incubator/rave/trunk/rave-commons/pom.xml
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-commons/pom.xml?rev=1155576&r1=1155575&r2=1155576&view=diff
==============================================================================
--- incubator/rave/trunk/rave-commons/pom.xml (original)
+++ incubator/rave/trunk/rave-commons/pom.xml Tue Aug 9 22:28:53 2011
@@ -46,6 +46,11 @@
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-web</artifactId>
+ </dependency>
+
<!--Persistence-->
<dependency>
<groupId>org.apache.openjpa</groupId>
Modified: incubator/rave/trunk/rave-commons/src/main/java/org/apache/rave/jdbc/util/SqlFileParser.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-commons/src/main/java/org/apache/rave/jdbc/util/SqlFileParser.java?rev=1155576&r1=1155575&r2=1155576&view=diff
==============================================================================
--- incubator/rave/trunk/rave-commons/src/main/java/org/apache/rave/jdbc/util/SqlFileParser.java (original)
+++ incubator/rave/trunk/rave-commons/src/main/java/org/apache/rave/jdbc/util/SqlFileParser.java Tue Aug 9 22:28:53 2011
@@ -20,6 +20,9 @@
package org.apache.rave.jdbc.util;
import org.springframework.core.io.Resource;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.encoding.PasswordEncoder;
+import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
import java.io.BufferedReader;
import java.io.File;
@@ -30,6 +33,7 @@ import java.util.Set;
import java.util.Stack;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import java.util.StringTokenizer;
/**
* Parses a file looking for create, alter, insert, update, delete or drop commands and appends them to an output
@@ -63,14 +67,19 @@ public class SqlFileParser {
private Stack<State> stateStack;
private Resource resource;
+ private PasswordEncoder passwordEncoder;
+
/**
* Constructor takes a Spring {@link org.springframework.core.io.Resource}
*
* @param resource the initial file to parse
*/
+
public SqlFileParser(Resource resource) {
stateStack = new Stack<State>();
this.resource = resource;
+
+ passwordEncoder=new ShaPasswordEncoder();
}
/**
@@ -139,6 +148,10 @@ public class SqlFileParser {
break;
}
case READSQL: {
+ //This is specific to Rave's initial_data.sql.
+ //TODO replace this with an external, pluggable utility class.
+ line=hashAndSaltPassword(line);
+
sql.append(line);
//add a space to accommodate line breaks. Not a big deal if extraneous spaces are added
sql.append(" ");
@@ -153,9 +166,57 @@ public class SqlFileParser {
}
}
}
+
+ //TODO: this is specific to initial_data.sql while rest of the class code is
+ //general purpose. Need to find a better way to do this.
+ private String hashAndSaltPassword(String line) {
+ String newLine=line;
+
+ //TODO This will BREAK if the SQL line ever gets changed.
+ //TODO This is a not very good way to make sure we have the correct line.
+ if(line.indexOf("@user_id_")>-1 && line.indexOf("user_id_seq")>-1) {
+ StringTokenizer st=new StringTokenizer(newLine,",");
+ if(st.countTokens()>4) {
+ String userid=st.nextToken();
+ String userseq=st.nextToken();
+ String username=st.nextToken();
+ String password=st.nextToken();
+ username=stripQuotes(username);
+ password=stripQuotes(password);
+ //TODO: This assumes that the user name is used for the salt. This may change.
+ //See DefaultNewAccountService
+ String saltedHash=passwordEncoder.encodePassword(password,username);
+ newLine=replacePassword(newLine,password,saltedHash);
+ }
+ else {
+ //Line was unexpectedly formatted
+ }
+ }
+ else {
+ //Do nothing.
+ }
+
+ return newLine;
+ }
+
+ //Used to strip the single quotes around the input string
+ private String stripQuotes(String quotedString) {
+ StringBuilder unquoted=new StringBuilder(quotedString);
+ int index1=unquoted.indexOf("'");
+ int index2=unquoted.lastIndexOf("'");
+ return unquoted.substring(index1+1,index2);
+ }
+
+ //Replace the password in the original string with the hashed and salted password
+ private String replacePassword(String line, String password, String hashedPassword) {
+ StringBuilder newLine=new StringBuilder(line);
+ newLine=newLine.replace(line.lastIndexOf(password),line.lastIndexOf(password)+password.length(),hashedPassword);
+ return newLine.toString();
+ }
private static String getFirstWord(String line) {
Matcher match = WORD_PATTERN.matcher(line);
return match.find() ? match.group(1) : null;
}
+
}