public class SecurityMgr extends BaseMgr implements SecurityMgrIf
Modifier and Type | Class and Description |
---|---|
class |
SecurityMgr.LoginAttempt
Class that contains the login attempt, information for a user so that we can block hackers
|
class |
SecurityMgr.StaticData
Used to store the static data of this manager
|
Modifier and Type | Field and Description |
---|---|
protected java.lang.String |
availableChars
Characters used for generating customer passwords - can be set in konakartadmin.properties
|
static java.lang.String |
DEFAULT_PASSWORD_CHARACTERS
Used for customer password generation
|
protected static org.apache.commons.logging.Log |
log
the log
|
protected static java.lang.String |
mutex
mutex
|
protected static java.util.Map<java.lang.String,SecurityMgr.StaticData> |
staticDataHM
Hash Map that contains the static data
|
templateBaseDir
Constructor and Description |
---|
SecurityMgr(KKEngIf eng)
Constructor
|
Modifier and Type | Method and Description |
---|---|
void |
addCustomDataToSession(java.lang.String sessionId,
java.lang.String data,
int position)
Implemented in SecurityMgrEE
|
protected java.lang.String |
byteToHex(byte data)
Utility method
|
void |
changePassword(java.lang.String sessionId,
java.lang.String currentPassword,
java.lang.String newPassword)
The method ensures that the current password is correct, and then changes it with the new
password.
|
int |
checkAdminSession(java.lang.String adminSession,
int customerId)
If the session of the admin user is valid and refers to an administrator then the id of the
admin user is returned.
|
void |
checkFileAccess(java.lang.String fileName)
Check that we allow access to this location
|
protected LoginResult |
checkPassword(java.lang.String eMail,
java.lang.String password)
The customer is searched for using his email as the key.
|
protected LoginResult |
checkPassword(java.lang.String username,
java.lang.String password,
int usernameType)
The customer is searched for using his email, telephone number or telephone number 1 as the
key.
|
int |
checkSession(java.lang.String sessionId)
The given sessionId is checked to see whether it exists and whether it is has timed out.
|
protected com.konakart.app.KKException |
createNotFoundException(java.lang.String username,
int usernameType)
Creates an exception depending on the usernameType
|
protected java.lang.String |
createSessionId()
Create a sessionId string
|
void |
enableCustomer(java.lang.String secretKey)
This method retrieves the SSO token using the Secret Key.
|
java.lang.String |
encrypt(java.lang.String password)
Generates a random byte which it concatenates with the password placing it in front (i.e.
|
protected int |
externalCredentialsCheck(java.lang.String emailAddr,
java.lang.String password)
Called whenever a login attempt is made.
|
ExternalLoginResult |
externalLogin(ExternalLoginInputIf loginInfo)
Used for logging in customers using a mechanism outside of KonaKart such as social login
using Facebook.
|
java.lang.String |
getAvailableChars() |
java.lang.String |
getCustomDataFromSession(java.lang.String sessionId,
int position)
Implemented in SecurityMgrEE
|
protected int |
getExpiryTimeInSecs()
Utility method to return the expiry time in minutes calculated from now.
|
protected LDAPMgrIf |
getLDAPMgr()
Used to get an instance of the LDAPMgr
|
protected LoginIntegrationMgrInterface |
getLoginIntegrationMgr()
Used to get an instance of the LoginIntegrationMgr
|
protected java.util.Set<java.lang.String> |
getPermittedLocations()
Parses the konakart.permittedLocations property value in konakart.properties to find the
permitted locations for file I/O.
|
java.lang.String |
getRandomPassword(int length)
Get a random password for a Customer.
|
protected int |
getSessionDurationInSecs()
Utility method to return the session duration in seconds.
|
protected int |
getSessionUpdateThresholdInSecs()
Utility method to return the session update threshold in seconds.
|
SSOTokenIf |
getSSOToken(java.lang.String secretKey,
boolean deleteToken)
Returns an SSOToken object for the secretKey (UUID).
|
static java.util.Map<java.lang.String,SecurityMgr.StaticData> |
getStaticDataHM() |
int |
getTimeInSecs()
Utility method to return the current time in seconds
|
protected void |
insertSessionId(java.lang.String sessionId,
int expiryInSecs,
int customerId)
Insert the sessionId passed in as a parameter
|
protected boolean |
isUserBlocked(java.lang.String user)
Is the user blocked?
|
java.lang.String |
login(int customerId)
Login method that assumes that all checks have already been taken.
|
java.lang.String |
login(java.lang.String emailAddr,
java.lang.String password)
Returns a session id if successful.
|
java.lang.String |
loginByAdmin(java.lang.String adminSession,
int customerId)
Used to log in to the application as a customer by an Administrator.
|
LoginResult |
loginWithOptions(LoginInputIf input)
Returns a LoginResult object containing the result of the login.
|
void |
logout(java.lang.String sessionId)
Logout the user with the specified session Id.
|
void |
refreshConfigs()
Refresh the configuration of the Security Manager
|
protected void |
removeSession(java.lang.String sessionId)
Remove the specified session from the database
|
protected void |
removeUser(java.lang.String user)
Removes the user from the Login hash map
|
java.lang.String |
saveSSOToken(SSOTokenIf token)
Saves the SSOToken in the database and returns a UUID secret key identifier.
|
void |
sendNewPassword(java.lang.String emailAddr,
java.lang.String subject,
java.lang.String countryCode)
Deprecated.
|
EmailIf |
sendNewPassword1(java.lang.String emailAddr,
EmailOptionsIf options)
If a customer exists with the email address passed in as a parameter, then a new password is
generated and sent to the customer.
|
void |
setAvailableChars(java.lang.String availableChars) |
protected void |
setCriteriaForUsernameType(java.lang.String username,
int usernameType,
KKCriteria c)
Sets the criteria depending on the username type
|
void |
setNewPassword(java.lang.String adminSession,
java.lang.String customerEmailAddr,
int customerId,
java.lang.String newPassword)
Used to change the password of a customer.
|
protected char |
toHexChar(int i)
Utility method
|
CaptchaResultIf |
validateCaptcha(CaptchaInputIf captchaInfo)
Used for validate captcha
|
boolean |
validatePassword(java.lang.String sessionId,
java.lang.String password)
This method validates the password of a logged in customer and can be used to force the
customer to enter his password before allowing certain actions like the modification of the
customer's email address.
|
acquireLock, addInsertAttr, addInsertAttr, addStringRuleConstraint, addStringRuleConstraint, checkRequired, escapeHTML, executeQuery, executeQuery, executeQuery, executeQuery, executeQuery, getAdminEngMgr, getBasketMgr, getBillingMgr, getBookableProductMgr, getCacheMgr, getCatMgr, getConfigMgr, getCookieMgr, getCurrMgr, getCustMgr, getCustomerIdFromSession, getCustomerStatsMgr, getCustomerTagMgr, getEmailMgr, getEng, getEventMgr, getExportMgr, getHTMLEscaper, getKonaKartConfig, getKonaKartConfig, getKonaKartConfig, getLangMgr, getManuMgr, getMiscItemMgr, getMiscPriceMgr, getMode, getModeString, getMqMgr, getMultiStoreMgr, getNewCriteria, getNewCriteria, getOrderIntegrationMgr, getOrderMgr, getOrderTotalMgr, getPaymentMgr, getProdMgr, getProductsToCategoresCriteria, getPromMgr, getPunchOutMgr, getRewardPointMgr, getSecMgr, getShippingMgr, getSolrMgr, getStoreId, getStoreMgr, getStoreTime, getSuggestionMgr, getTaxMgr, getTemplate, getTemplateRoot, getVelocityContextMgr, getWishListMgr, init, insertKKEvent, insertKKEvent, isBusiness, isBusinessOrEnterprise, isClassPresent, isCommunity, isDeadlockException, isEnterprise, isMultiStoreShareCategories, isMultiStoreShareCustomers, isMultiStoreShareCustomersOrProducts, isMultiStoreSharedDb, isMultiStoreShareProducts, isMultiVendor, isUnix, manageThrowable, releaseLock, updateStaticVariablesNow
protected static org.apache.commons.logging.Log log
public static final java.lang.String DEFAULT_PASSWORD_CHARACTERS
protected static java.lang.String mutex
protected java.lang.String availableChars
protected static java.util.Map<java.lang.String,SecurityMgr.StaticData> staticDataHM
public SecurityMgr(KKEngIf eng) throws java.lang.Exception
eng
- the engjava.lang.Exception
- an unexpected exceptionpublic java.lang.String login(java.lang.String emailAddr, java.lang.String password) throws java.lang.Exception
login
in interface SecurityMgrIf
emailAddr
- the emailAddrpassword
- the passwordjava.lang.Exception
- an unexpected exceptionpublic LoginResult loginWithOptions(LoginInputIf input) throws java.lang.Exception
loginWithOptions
in interface SecurityMgrIf
input
- LoginInput object containing the username and passwordjava.lang.Exception
- an unexpected exceptionprotected int externalCredentialsCheck(java.lang.String emailAddr, java.lang.String password) throws java.lang.Exception
emailAddr
- The username required to log inpassword
- The log in passwordjava.lang.Exception
- an unexpected exceptionpublic java.lang.String login(int customerId) throws java.lang.Exception
login
in interface SecurityMgrIf
customerId
- the customerIdjava.lang.Exception
- an unexpected exceptionprotected void insertSessionId(java.lang.String sessionId, int expiryInSecs, int customerId) throws org.apache.torque.TorqueException, com.konakart.app.KKException
sessionId
- the sessionIdexpiryInSecs
- the expiryInSecscustomerId
- the customerIdorg.apache.torque.TorqueException
- an unexpected exception in Torque (the database layer)com.konakart.app.KKException
- an unexpected KKException exceptionprotected java.lang.String createSessionId()
public void logout(java.lang.String sessionId) throws org.apache.torque.TorqueException, com.workingdogs.village.DataSetException, com.konakart.app.KKException
logout
in interface SecurityMgrIf
sessionId
- the sessionIdcom.workingdogs.village.DataSetException
- an unexpected exception due to data in Torque (the database layer)org.apache.torque.TorqueException
- an unexpected exception in Torque (the database layer)com.konakart.app.KKException
- an unexpected KKException exceptionprotected void removeSession(java.lang.String sessionId) throws org.apache.torque.TorqueException, com.workingdogs.village.DataSetException, com.konakart.app.KKException
sessionId
- The session Id of the logged in userorg.apache.torque.TorqueException
- an unexpected exception in Torque (the database layer)com.workingdogs.village.DataSetException
- an unexpected exception due to data in Torque (the database layer)com.konakart.app.KKException
- an unexpected KKException exceptionpublic int getTimeInSecs()
getTimeInSecs
in interface SecurityMgrIf
protected int getExpiryTimeInSecs()
protected int getSessionDurationInSecs()
protected int getSessionUpdateThresholdInSecs()
public int checkSession(java.lang.String sessionId) throws org.apache.torque.TorqueException, com.workingdogs.village.DataSetException, com.konakart.app.KKException
checkSession
in interface SecurityMgrIf
sessionId
- the sessionIdorg.apache.torque.TorqueException
- an unexpected exception in Torque (the database layer)com.workingdogs.village.DataSetException
- an unexpected exception due to data in Torque (the database layer)com.konakart.app.KKException
- an unexpected KKException exceptionpublic java.lang.String encrypt(java.lang.String password) throws java.security.NoSuchAlgorithmException
encrypt
in interface SecurityMgrIf
password
- the passwordjava.security.NoSuchAlgorithmException
- an unexpected NoSuchAlgorithmException exceptionprotected LoginResult checkPassword(java.lang.String eMail, java.lang.String password) throws org.apache.torque.TorqueException, com.workingdogs.village.DataSetException, java.security.NoSuchAlgorithmException, com.konakart.app.KKException
eMail
- the eMailpassword
- the passwordorg.apache.torque.TorqueException
- an unexpected exception in Torque (the database layer)com.workingdogs.village.DataSetException
- an unexpected exception due to data in Torque (the database layer)java.security.NoSuchAlgorithmException
- an unexpected NoSuchAlgorithmException exceptioncom.konakart.app.KKException
- an unexpected KKException exceptionprotected LoginResult checkPassword(java.lang.String username, java.lang.String password, int usernameType) throws org.apache.torque.TorqueException, com.workingdogs.village.DataSetException, java.security.NoSuchAlgorithmException, com.konakart.app.KKException
username
- the usernamepassword
- the passwordusernameType
- the usernameTypeorg.apache.torque.TorqueException
- an unexpected exception in Torque (the database layer)com.workingdogs.village.DataSetException
- an unexpected exception due to data in Torque (the database layer)java.security.NoSuchAlgorithmException
- an unexpected NoSuchAlgorithmException exceptioncom.konakart.app.KKException
- an unexpected KKException exceptionprotected boolean isUserBlocked(java.lang.String user) throws com.konakart.app.KKException
user
- the usercom.konakart.app.KKException
- unexpected exception in the KonaKart Storefront Engineprotected void removeUser(java.lang.String user) throws com.konakart.app.KKException
user
- the usercom.konakart.app.KKException
- unexpected exception in the KonaKart Storefront Engineprotected void setCriteriaForUsernameType(java.lang.String username, int usernameType, KKCriteria c) throws com.konakart.app.KKException
username
- the usernameusernameType
- the usernameTypec
- the ccom.konakart.app.KKException
- an unexpected KKException exceptionprotected com.konakart.app.KKException createNotFoundException(java.lang.String username, int usernameType) throws com.konakart.app.KKException
username
- the usernameusernameType
- the usernameTypecom.konakart.app.KKException
- an unexpected KKException exceptionprotected java.lang.String byteToHex(byte data)
data
- the dataprotected char toHexChar(int i)
i
- the ipublic void changePassword(java.lang.String sessionId, java.lang.String currentPassword, java.lang.String newPassword) throws java.lang.Exception
changePassword
in interface SecurityMgrIf
sessionId
- the sessionIdcurrentPassword
- the currentPasswordnewPassword
- the newPasswordjava.lang.Exception
- an unexpected exceptionpublic void setNewPassword(java.lang.String adminSession, java.lang.String customerEmailAddr, int customerId, java.lang.String newPassword) throws java.lang.Exception
For security purposes, the session id of a KonaKart administrator must be passed in as a parameter. This session id is checked to ensure that it applies to a logged in administrator.
If customerEmailAddr
is set then the customer is looked up from the email
address. Otherwise the customerId is used to look up the customer. If the customer isn't
found, an exception is thrown.
setNewPassword
in interface SecurityMgrIf
adminSession
- The session id of an administratorcustomerEmailAddr
- The email address of the customercustomerId
- The id of the customer. Only used if customerEmailAddr is nullnewPassword
- The new passwordjava.lang.Exception
- an unexpected exceptionpublic java.lang.String getRandomPassword(int length) throws java.lang.Exception
getRandomPassword
in interface SecurityMgrIf
length
- the lengthjava.lang.Exception
- an unexpected exception@Deprecated public void sendNewPassword(java.lang.String emailAddr, java.lang.String subject, java.lang.String countryCode) throws java.security.NoSuchAlgorithmException, java.lang.Exception
sendNewPassword
in interface SecurityMgrIf
emailAddr
- the emailAddrsubject
- the subjectcountryCode
- the countryCodejava.security.NoSuchAlgorithmException
- an unexpected NoSuchAlgorithmException exceptionjava.lang.Exception
- an unexpected exceptionpublic EmailIf sendNewPassword1(java.lang.String emailAddr, EmailOptionsIf options) throws java.security.NoSuchAlgorithmException, java.lang.Exception
sendNewPassword1
in interface SecurityMgrIf
emailAddr
- the emailAddroptions
- the optionsjava.security.NoSuchAlgorithmException
- an unexpected NoSuchAlgorithmException exceptionjava.lang.Exception
- an unexpected exceptionpublic java.lang.String loginByAdmin(java.lang.String adminSession, int customerId) throws java.lang.Exception
loginByAdmin
in interface SecurityMgrIf
adminSession
- The session of a logged in administrator usercustomerId
- The id of the customer to login asjava.lang.Exception
- an unexpected exceptionpublic int checkAdminSession(java.lang.String adminSession, int customerId) throws java.lang.Exception
checkAdminSession
in interface SecurityMgrIf
adminSession
- Session of the admin usercustomerId
- Used when the admin user is of type CUST_TYPE_B2B_COMPANY_ADMIN to ensure that the
customer the admin user is logging in for, is actually a child of the admin userjava.lang.Exception
- an unexpected exceptionprotected LoginIntegrationMgrInterface getLoginIntegrationMgr()
protected LDAPMgrIf getLDAPMgr()
public void addCustomDataToSession(java.lang.String sessionId, java.lang.String data, int position) throws org.apache.torque.TorqueException, com.konakart.app.KKException
addCustomDataToSession
in interface SecurityMgrIf
sessionId
- The sessionIddata
- The data to be savedposition
- This must be in the range of 1-5 to identify custom1 to custom5org.apache.torque.TorqueException
- an unexpected exception in Torque (the database layer)com.konakart.app.KKException
- an unexpected KKException exceptionpublic java.lang.String getCustomDataFromSession(java.lang.String sessionId, int position) throws com.konakart.app.KKException, org.apache.torque.TorqueException, com.workingdogs.village.DataSetException
getCustomDataFromSession
in interface SecurityMgrIf
sessionId
- The sessionIdposition
- This must be in the range of 1-5 to identify custom1 to custom5com.konakart.app.KKException
- an unexpected KKException exceptionorg.apache.torque.TorqueException
- an unexpected exception in Torque (the database layer)com.workingdogs.village.DataSetException
- an unexpected exception due to data in Torque (the database layer)public java.lang.String saveSSOToken(SSOTokenIf token) throws java.lang.Exception
saveSSOToken
in interface SecurityMgrIf
token
- The SSO token to be savedjava.lang.Exception
- an unexpected exceptionpublic SSOTokenIf getSSOToken(java.lang.String secretKey, boolean deleteToken) throws org.apache.torque.TorqueException, com.workingdogs.village.DataSetException
deleteToken
parameter is set to true, the token is deleted from the
database after having been read.getSSOToken
in interface SecurityMgrIf
secretKey
- The UUID secretKey used to identify the tokendeleteToken
- The token is deleted from the database after being readorg.apache.torque.TorqueException
- an unexpected exception in Torque (the database layer)com.workingdogs.village.DataSetException
- an unexpected exception due to data in Torque (the database layer)public void enableCustomer(java.lang.String secretKey) throws java.lang.Exception
If the custom1
attribute of the SSO token object is set to true
then the emailVerified
attribute of the customer is also set.
enableCustomer
in interface SecurityMgrIf
secretKey
- the secretKeyjava.lang.Exception
- an unexpected exceptionpublic boolean validatePassword(java.lang.String sessionId, java.lang.String password) throws java.lang.Exception
The method returns true if the password validates against the session. If either the session is invalid or the password and session don't match, then the method returns false.
validatePassword
in interface SecurityMgrIf
sessionId
- the sessionIdpassword
- the passwordjava.lang.Exception
- an unexpected exceptionpublic ExternalLoginResult externalLogin(ExternalLoginInputIf loginInfo) throws java.lang.Exception
com.konakart.bl.modules.others.ExternalLoginInterface
) must be present in the
system and must have been installed and activated.
The function of this method is to instantiate the module, to call its
externalLogin
method and to return the result from the module which should
contain a KonaKart sessionId if the login was successful.
externalLogin
in interface SecurityMgrIf
loginInfo
- Contains the information required by the module to perform the loginjava.lang.Exception
- an unexpected exceptionpublic java.lang.String getAvailableChars()
public void setAvailableChars(java.lang.String availableChars)
availableChars
- the availableChars to setpublic void checkFileAccess(java.lang.String fileName) throws java.lang.Exception
checkFileAccess
in interface SecurityMgrIf
fileName
- the file to be accessed (read or written)java.lang.Exception
- an unexpected exception if access to the filepath isn't permitted a Exception is
thrown otherwise the method returns successfully.protected java.util.Set<java.lang.String> getPermittedLocations()
public void refreshConfigs() throws com.konakart.app.KKException
refreshConfigs
in interface SecurityMgrIf
com.konakart.app.KKException
- unexpected exception in the KonaKart Storefront Enginepublic CaptchaResultIf validateCaptcha(CaptchaInputIf captchaInfo) throws java.lang.Exception
validateCaptcha
in interface SecurityMgrIf
captchaInfo
- Contains the information required by the module to perform the validationjava.lang.Exception
- an unexpected exceptionpublic static java.util.Map<java.lang.String,SecurityMgr.StaticData> getStaticDataHM()
Copyright © 2018 DS Data Systems UK Ltd.