File Source: BaseAPIHandler.java
1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one or more
3 * contributor license agreements. The ASF licenses this file to You
4 * under the Apache License, Version 2.0 (the "License"); you may not
5 * use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License. For additional information regarding
15 * copyright in this work, please see the NOTICE file in the top level
16 * directory of this distribution.
17 */
18 /*
19 * Created on Apr 11, 2003
20 */
21 package org.apache.roller.weblogger.webservices.xmlrpc;
22
23 import java.io.Serializable;
24
25 import org.apache.commons.logging.Log;
26 import org.apache.commons.logging.LogFactory;
27 import org.apache.xmlrpc.XmlRpcException;
28 import org.apache.roller.weblogger.config.WebloggerConfig;
29 import org.apache.roller.weblogger.business.WebloggerFactory;
30 import org.apache.roller.weblogger.business.UserManager;
31 import org.apache.roller.weblogger.pojos.User;
32 import org.apache.roller.weblogger.pojos.Weblog;
33 import org.apache.roller.weblogger.util.cache.CacheManager;
34 import org.apache.roller.weblogger.util.Utilities;
35 import org.apache.xmlrpc.common.XmlRpcNotAuthorizedException;
36
37 /**
38 * Base API handler does user validation, provides exception types, etc.
39 * @author David M Johnson
40 */
41 public class BaseAPIHandler implements Serializable {
42 static final long serialVersionUID = -698186274794937582L;
43
/*
P/P * Method: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler__static_init
*
* Presumptions:
* org.apache.commons.logging.LogFactory:getFactory(...)@44 != null
*
* Postconditions:
* init'ed(mLogger)
*/
44 private static Log mLogger =
45 LogFactory.getFactory().getInstance(BaseAPIHandler.class);
46
47 public static final int AUTHORIZATION_EXCEPTION = 0001;
48 public static final String AUTHORIZATION_EXCEPTION_MSG =
49 "Invalid Username and/or Password";
50
51 public static final int UNKNOWN_EXCEPTION = 1000;
52 public static final String UNKNOWN_EXCEPTION_MSG =
53 "An error occured processing your request";
54
55 public static final int UNSUPPORTED_EXCEPTION = 1001;
56 public static final String UNSUPPORTED_EXCEPTION_MSG =
57 "Unsupported method - Roller does not support this method";
58
59 public static final int USER_DISABLED = 1002;
60 public static final String USER_DISABLED_MSG =
61 "User is disabled";
62
63 public static final int WEBLOG_NOT_FOUND = 1003;
64 public static final String WEBLOG_NOT_FOUND_MSG =
65 "Weblog is not found or is disabled";
66
67 public static final int WEBLOG_DISABLED = 1004;
68 public static final String WEBLOG_DISABLED_MSG =
69 "Weblog is not found or is disabled";
70
71 public static final int BLOGGERAPI_DISABLED = 1005;
72 public static final String BLOGGERAPI_DISABLED_MSG =
73 "Weblog does not exist or XML-RPC disabled in web";
74
75 public static final int BLOGGERAPI_INCOMPLETE_POST = 1006;
76 public static final String BLOGGERAPI_INCOMPLETE_POST_MSG =
77 "Incomplete weblog entry";
78
79 public static final int INVALID_POSTID = 2000;
80 public static final String INVALID_POSTID_MSG =
81 "The entry postid you submitted is invalid";
82
83 //public static final int NOBLOGS_EXCEPTION = 3000;
84 //public static final String NOBLOGS_EXCEPTION_MSG =
85 //"There are no categories defined for your user";
86
87 public static final int UPLOAD_DENIED_EXCEPTION = 4000;
88 public static final String UPLOAD_DENIED_EXCEPTION_MSG =
89 "Upload denied";
90
91 //------------------------------------------------------------------------
/*
P/P * Method: void org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler()
*/
92 public BaseAPIHandler() {
93 }
94
95 //------------------------------------------------------------------------
96 //public void prep( HttpServletRequest req )
97 //{
98 //mRoller = RollerContext.getWeblogger(req);
99 //mContextUrl = RollerContext.getRollerContext(req).getAbsoluteContextUrl(req);
100 //
101
102 //------------------------------------------------------------------------
103 /**
104 * Returns website, but only if user authenticates and is authorized to edit.
105 * @param blogid Blogid sent in request (used as website's hanldle)
106 * @param username Username sent in request
107 * @param password Password sent in requeset
108 */
109 protected Weblog validate(String blogid, String username, String password)
110 throws Exception {
/*
P/P * Method: Weblog validate(String, String, String)
*
* Preconditions:
* (soft) mLogger != null
* (soft) password != null
*
* Presumptions:
* org.apache.roller.weblogger.business.UserManager:getUserByUserName(...)@120 != null
* org.apache.roller.weblogger.business.Weblogger:getUserManager(...)@119 != null
* org.apache.roller.weblogger.business.WebloggerFactory:getWeblogger(...)@119 != null
* org.apache.roller.weblogger.pojos.User:getEnabled(...)@121 != null
* org.apache.roller.weblogger.pojos.Weblog:getEnableBloggerApi(...)@127 != null
* ...
*
* Postconditions:
* return_value != null
*
* Test Vectors:
* java.lang.String:equalsIgnoreCase(...)@135: {0}, {1}
* org.apache.roller.weblogger.business.UserManager:getWebsiteByHandle(...)@123: Addr_Set{null}, Inverse{null}
*/
111 boolean authenticated = false;
112 boolean userEnabled = false;
113 boolean weblogEnabled = false;
114 boolean apiEnabled = false;
115 boolean weblogFound = false;
116 Weblog website = null;
117 User user = null;
118 try {
119 UserManager userMgr = WebloggerFactory.getWeblogger().getUserManager();
120 user = userMgr.getUserByUserName(username);
121 userEnabled = user.getEnabled().booleanValue();
122
123 website = userMgr.getWebsiteByHandle(blogid);
124 if (website != null) {
125 weblogFound = true;
126 weblogEnabled = website.getEnabled().booleanValue();
127 apiEnabled = website.getEnableBloggerApi().booleanValue();
128 }
129
130 if (user != null) {
131 // are passwords encrypted
132 String encrypted =
133 WebloggerConfig.getProperty("passwds.encryption.enabled");
134 //System.out.print("password was [" + password + "] ");
135 if ("true".equalsIgnoreCase(encrypted)) {
136 password = Utilities.encodePassword(password,
137 WebloggerConfig.getProperty("passwds.encryption.algorithm"));
138 }
139 authenticated = password.equals(user.getPassword());
140 }
141 } catch (Exception e) {
142 mLogger.error("ERROR internal error validating user", e);
143 }
144
145 if ( !authenticated ) {
146 throw new XmlRpcNotAuthorizedException(AUTHORIZATION_EXCEPTION_MSG);
147 }
148 if ( !userEnabled ) {
149 throw new XmlRpcNotAuthorizedException(USER_DISABLED_MSG);
150 }
151 if ( !weblogEnabled ) {
152 throw new XmlRpcNotAuthorizedException(WEBLOG_DISABLED_MSG);
153 }
154 if ( !weblogFound ) {
+ 155 throw new XmlRpcException(WEBLOG_NOT_FOUND, WEBLOG_NOT_FOUND_MSG);
156 }
157 if ( !apiEnabled ) {
158 throw new XmlRpcNotAuthorizedException(BLOGGERAPI_DISABLED_MSG);
159 }
160 return website;
161 }
162
163 //------------------------------------------------------------------------
164 /**
165 * Returns true if username/password are valid and user is not disabled.
166 * @param username Username sent in request
167 * @param password Password sent in requeset
168 */
169 protected boolean validateUser(String username, String password)
170 throws Exception {
/*
P/P * Method: bool validateUser(String, String)
*
* Preconditions:
* (soft) mLogger != null
*
* Presumptions:
* org.apache.roller.weblogger.business.UserManager:getUserByUserName(...)@177 != null
* org.apache.roller.weblogger.business.Weblogger:getUserManager(...)@176 != null
* org.apache.roller.weblogger.business.WebloggerFactory:getWeblogger(...)@176 != null
* org.apache.roller.weblogger.pojos.User:getEnabled(...)@179 != null
* org.apache.roller.weblogger.pojos.User:getPassword(...)@190 != null
*
* Postconditions:
* return_value == 1
*
* Test Vectors:
* java.lang.Boolean:booleanValue(...)@179: {0}, {1}
* java.lang.String:equalsIgnoreCase(...)@185: {0}, {1}
*/
171 boolean authenticated = false;
172 boolean enabled = false;
173 User user = null;
174 try {
175
176 UserManager userMgr = WebloggerFactory.getWeblogger().getUserManager();
177 user = userMgr.getUserByUserName(username);
178
179 enabled = user.getEnabled().booleanValue();
180 if (enabled) {
181 // are passwords encrypted?
182 String encrypted =
183 WebloggerConfig.getProperty("passwds.encryption.enabled");
184 //System.out.print("password was [" + password + "] ");
185 if ("true".equalsIgnoreCase(encrypted)) {
186 password = Utilities.encodePassword(password,
187 WebloggerConfig.getProperty("passwds.encryption.algorithm"));
188 }
189 //System.out.println("is now [" + password + "]");
190 authenticated = user.getPassword().equals(password);
191 if (authenticated) {
192 //WebloggerFactory.getWeblogger().setUser(user);
193 }
194 }
195 } catch (Exception e) {
196 mLogger.error("ERROR internal error validating user", e);
197 }
198
199 if ( !enabled ) {
200 throw new XmlRpcNotAuthorizedException(USER_DISABLED_MSG);
201 }
202
203 if ( !authenticated ) {
204 throw new XmlRpcNotAuthorizedException(AUTHORIZATION_EXCEPTION_MSG);
205 }
206 return authenticated;
207 }
208
209 //------------------------------------------------------------------------
210 protected void flushPageCache(Weblog website) throws Exception {
/*
P/P * Method: void flushPageCache(Weblog)
*/
211 CacheManager.invalidate(website);
212 }
213 }
SofCheck Inspector Build Version : 2.18479
| BaseAPIHandler.java |
2009-Jan-02 14:25:46 |
| BaseAPIHandler.class |
2009-Sep-04 03:12:46 |