SuperX
/
kern
7
0
Fork 0
Code Issues 10 Pull Requests Projects Releases Wiki Activity
SuperX-Kernmodul
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
129 Commits
10 Branches
0 Tags
1.3 GiB
 
 
 
 
 
 
Tree: c9b4656eab
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c9b4656eab'
${ noResults }
kern/src/de/superx/servlet/UserInitializer.java

1067 lines
42 KiB
Raw Blame History

package de.superx.servlet;
import static de.superx.servlet.SxSQL_Server.DEFAULT_MANDANTEN_ID;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.sql.Connection;
import java.sql.DatabaseMetaData;
import java.sql.Date;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.TreeSet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerException;
import org.apache.log4j.Logger;
import org.h2.util.StringUtils;
import org.saiku.web.service.SessionService;
import org.springframework.context.ApplicationContext;
import de.memtext.db.DBAccess;
import de.memtext.db.NichtAngemeldetException;
import de.memtext.tree.KeyParentEqualException;
import de.memtext.tree.NoMainEntryException;
import de.memtext.util.CryptUtils;
import de.memtext.util.DateUtils;
import de.memtext.util.EqualsUtil;
import de.memtext.util.ServletHelper;
import de.superx.bianalysis.service.DbMetaAdapter;
import de.superx.common.AbstractSicht;
import de.superx.common.DBServletException;
import de.superx.common.OrgUnit;
import de.superx.common.Sichten;
import de.superx.common.SxFinRechte;
import de.superx.common.SxResultRow;
import de.superx.common.SxResultSet;
import de.superx.common.SxUser;
import de.superx.saiku.SuperxSaikuSessionService;
import de.superx.util.SqlStringUtils;
import freemarker.template.TemplateException;
/**
* Erstellt User Objekt, wenn Authentifizierung ok
*
*/
public class UserInitializer {
private static Logger logger = Logger.getLogger(UserInitializer.class);
private static final String SELECT_ORGUNIT = "select key_apnr as apnr,uniquename,lid,name,gueltig_seit,gueltig_bis from organigramm where lid in ";
public static final String MAXIMALE_LOGIN_VERSUCHE_UEBERSCHRITTEN = " Maximale Login-Versuche überschritten";
private SxUser user = new SxUser();
private boolean isPasswordChangeDemanded = false;
protected HttpServletRequest request;
private String mandantenID = DEFAULT_MANDANTEN_ID;
private String oldsha;
private boolean implicit_orgunit_rights_table_exists = false;
/**
* @param request kann Null sein, wenn von ExecuteMask ausgefuehrt
* @param token
*/
public UserInitializer(HttpServletRequest request) throws IOException {
this.request = request;
}
/**
* Zum Aufbau von Testusern für ExecuteMask
*
* @param mandantenID
* @param userName
* @param userid
* @param adminUser
* @throws TransformerException
* @throws DBServletException
* @throws SQLException
*/
public UserInitializer(String mandantenID, String userName, Integer userid, Object adminUser) throws SQLException, DBServletException, TransformerException {
this.mandantenID = mandantenID;
this.user = new SxUser(userName, userid, mandantenID);
if (adminUser.toString().contentEquals("1"))
user.setAdmin(true);
}
/**
* Der Authentifizierte User wird auch in die Session gesteckt.
*
* @throws NichtAngemeldetException
* @throws IllegalArgumentException
* @throws SecurityException
* @throws TransformerConfigurationException
* @throws InstantiationException
* @throws IllegalAccessException
* @throws InvocationTargetException
* @throws NoSuchMethodException
* @throws TransformerException
* @throws KeyParentEqualException
* @throws SQLException
* @throws DBServletException
*/
public void perform(TokenChecker tokenChecker, ApplicationContext springApplicationContext)
throws NichtAngemeldetException, IllegalArgumentException, SecurityException,
TransformerConfigurationException, InstantiationException, IllegalAccessException,
InvocationTargetException, NoSuchMethodException, TransformerException, KeyParentEqualException,
SQLException, DBServletException
{
Map<String, Object> attributes = new HashMap<String, Object>();
if (tokenChecker != null) {
streamLineTokenRightsAndFillRightsMap(tokenChecker, attributes);
}
mandantenID = ServletHelper.getParameter(request, RequestParameter.MandantenID);
if (mandantenID == null)
mandantenID = DEFAULT_MANDANTEN_ID;
user.setMandantenID(mandantenID);
try (Connection con = SxPools.getConnection(mandantenID)) {
authenticate(con);
synchronized (this) {
if (SxPools.get(mandantenID).userpool.containsItemWithId(user.getId().toString())) {
user = (SxUser) SxPools.get(mandantenID).userpool.getById(user.getId().toString());
} else {
try {
initUser(con, attributes);
} catch (Exception e) {
e.printStackTrace();
throw new IllegalArgumentException(e.toString());
}
}
initHttpSession();
attributes.putAll(initAttributes(tokenChecker, user.isAdmin()));
updateUserAndSessionAttrib(user, attributes);
// logging out and in to Spring
if (springApplicationContext != null) {
SessionService sessionService = (SessionService) springApplicationContext.getBean("sessionService");
sessionService.logout(request);
sessionService.authenticate(request, user.getName(), null);
}
}
if ( DbMetaAdapter.rechteModus == DbMetaAdapter.Rechtekonzept.SchemaBased) {
createUserRechteSchema(con);
}
}
}
private void createUserRechteSchema(Connection con) throws SQLException {
String userName = user.getName();
Statement stmt = con.createStatement();
stmt.execute("SELECT * FROM rechte_views_function('metadata', '" + userName + "')");
stmt.execute("SELECT * FROM rechte_views_function('presentation', '" + userName + "')");
}
private void initHttpSession() {
HttpSession session = request.getSession(true);
session.setAttribute("UserID", user.getId().toString());
session.setAttribute("sessiontype", "superx");
session.setAttribute("MandantenID", mandantenID);
session.setAttribute("User-A", request.getHeader("User-Agent"));
String desiredLocale = ServletHelper.getParameter(request, RequestParameter.locale);
if (desiredLocale != null)
session.setAttribute("locale", desiredLocale);
session.setAttribute("username", user.getName());
session.setAttribute("user", user);
session.setAttribute("sessiontype", "superx");
session.setAttribute("UserIsAdmin", user.isAdmin() ? "true" : "false");
session.setAttribute("UserMaskRights", user.getMaskRights());
session.setAttribute("UserGroups", user.getGroups());
session.setAttribute("UserSachgebiete", user.getSachgebiete());
session.setAttribute("UserGroupnames", user.getGroupnames());
if (isPasswordChangeDemanded())
session.setAttribute("passwordchange", "true");
}
private void initPWGueltigkeit_Oldshas(Connection con) throws SQLException {
try (Statement st = con.createStatement();) {
try (ResultSet rs = st
.executeQuery("select passwd_sha from userinfo where tid=" + user.getUserIdAsInt());) {
while (rs.next()) {
user.setCurrentSha(rs.getString(1));
}
}
try (ResultSet rs = st.executeQuery(
"select pw_gueltig_bis,old_sha1,old_sha2,old_sha3,old_sha4,old_sha5,old_sha6,old_sha7 from user_pw where userinfo_id="
+ user.getUserIdAsInt());) {
while (rs.next()) {
Date gueltig_bis = rs.getDate(1);
java.util.Date today = new java.util.Date();
if (gueltig_bis != null && !DateUtils.isDateInFuture(gueltig_bis))
isPasswordChangeDemanded = true;
user.setOldSha(0, rs.getString(2));
user.setOldSha(1, rs.getString(3));
user.setOldSha(2, rs.getString(4));
user.setOldSha(3, rs.getString(5));
user.setOldSha(4, rs.getString(6));
user.setOldSha(5, rs.getString(7));
user.setOldSha(6, rs.getString(8));
}
}
}
}
/**
* Implizite Rechte werden im Arbeitsspeicher gehalten, aber zu
* Debugging/Kontrollzwecken auch in die Datenbank geschrieben
*
* @param mandantenID
* @param userid
* @throws SQLException
*/
private void initImplicitOrgUnitRights(Connection con) throws SQLException {
if (DBAccess.hasTable(con, "implicit_orgunit_rights"))
implicit_orgunit_rights_table_exists = true;
if (implicit_orgunit_rights_table_exists) {
logger.info(
"Leere implicit_orgunit_rights für User " + user.getName() + " (" + user.getUserIdAsInt() + ")");
PreparedStatement pst_delete = con
.prepareStatement("delete from implicit_orgunit_rights where userinfo_id=?");
pst_delete.setInt(1, user.getUserIdAsInt());
pst_delete.execute();
pst_delete.close();
}
logger.info("BI-Trage implizite erlaubte Orgeinheiten ein für User " + user.getName() + " ("
+ user.getUserIdAsInt() + ")");
if (user.hasAllOrgUnitRights())
allowAllOrgUnitsImplicitly(con);
else {
ImplicitOrgEinheitFillerI iof = null;
if (SxPools.get(mandantenID).getSqlDialect().contentEquals("Postgres")) {
logger.info("Using PostgresImplicitOrgEinheitFiller");
iof = new PostgresImplicitOrgEinheitFiller(implicit_orgunit_rights_table_exists, user);
} else {
logger.info("Using JavaRecursiveImplicitOrgEinheitFiller");
iof = new JavaRecursiveImplicitOrgEinheitFiller(implicit_orgunit_rights_table_exists, user);
}
for (OrgUnit ou : user.getAllowedOrgUnits()) {
iof.insertImplicitOrgUnitRights(con, ou);
}
}
}
private void allowAllOrgUnitsImplicitly(Connection con) throws SQLException {
if (implicit_orgunit_rights_table_exists) {
logger.info("Trage alle Einheiten komplett ein in implicit_orgunit_rights für UserId " + user.getName()
+ " (" + user.getUserIdAsInt() + ")");
try (PreparedStatement pst = con
.prepareStatement("insert into implicit_orgunit_rights (userinfo_id,apnr,uniquename,lid)\n"
+ "select ?::integer,key_apnr,nvl(uniquename,key_apnr)::varchar(255),lid from organigramm union\n"
+
// in alten SuperX-Standalone Installationen kann uniquename noch null sein
// daher nvl
"select ?::integer,mapped_id,uniquename,lid from orgunit_mapping union\n"
+ "select ?::integer,uniquename,uniquename,lid from orgunit_mapping");) {
pst.setInt(1, user.getUserIdAsInt());
pst.setInt(2, user.getUserIdAsInt());
pst.setInt(3, user.getUserIdAsInt());
pst.execute();
}
}
try (Statement stm = con.createStatement();
ResultSet rs = stm.executeQuery(
"select key_apnr,nvl(uniquename,key_apnr) as uniquename,lid,name,gueltig_seit,gueltig_bis from organigramm");) {
while (rs.next()) {
OrgUnit ou = new OrgUnit(rs.getString("key_apnr"), rs.getString("uniquename"), rs.getString("lid"),
rs.getString("name"), rs.getDate("gueltig_seit"), rs.getDate("gueltig_bis"));
user.addImplicitlyAllowedOrgUnit(ou);
}
}
}
/**
*
*
* @throws DBServletException
* @throws NichtAngemeldetException
* @throws SQLException
*/
private void authenticate(Connection con) throws DBServletException, NichtAngemeldetException, SQLException {
logger.debug("Session authentication for user=" + user.getName());
String token = ServletHelper.getParameter(request, RequestParameter.token);
if (!SuperXManager.isHis1) {
superxStandaloneAuthenfication(con);
} else if (token != null) {
TokenChecker tokenChecker = new TokenChecker(token);
tokenChecker.testAll();
user.setName(tokenChecker.getKennung());
user.setHisInOneOrgUnitLidOfRole(tokenChecker.getOrgunitLid());
checkIfUserExistsInDatabaseAndUpdateDetails(con, false);
} else {
his1GuestAuthentication(con);
}
erfolgreicheAnmeldungVerarbeiten(con);
}
private void superxStandaloneAuthenfication(Connection con) throws NichtAngemeldetException, SQLException {
if (SuperXManager.isHis1) {
// Anmerkung: Die Fehlermeldung ist leider für Nutzer wenig hilfreich, allerdings sollte im Kontext von
// Authentifizierung nicht zu viel Information "exposed" werden!!1!
throw new NichtAngemeldetException("Keine Anmeldung möglich: Fehler in der Anwendungskonfiguration");
}
user.setName(ServletHelper.getParameter(request, RequestParameter.kennung));
if (StringUtils.isNullOrEmpty(user.getName()))
throw new NichtAngemeldetException(" Keine Anmeldung möglich, da im request keine Kennung angegeben.");
checkIfUserExistsInDatabaseAndUpdateDetails(con, true);
System.out.println("AUTH1:"+user.getName());
String passwort = ServletHelper.getParameter(request, RequestParameter.passwort);
// neue Funktion "Gastanmeldung", Admins können in der userinfo verschluesselt
// Passwort
// notsecret hintelegen für Gastzugänge wie anonym,public oder gast, für die
// kein Passwort kontrolliert werden soll
// falls im Request ein Passwort übergeben, das prüfen (Uni Düsseldorf)
if (passwort == null || passwort.length() == 0)
passwort = "notsecret";
boolean isPasswordOK = false;
if (SuperXManager.isStandaloneLdapActive()) {
if ("superx".equals(ServletHelper.getParameter(request, RequestParameter.login))) {
logger.debug("LDAP aktiv aber Passwortkontrolle für " + user.getName()
+ " aus SuperX-Datenbank wegen Parameter login=superx");
isPasswordOK = isPasswordInSuperXDatabaseOK(passwort);
} else {
isPasswordOK = new LdapPasswordChecker().isLdapPasswordOK(false, mandantenID, user.getName(), passwort);
}
} else {
//Support fuer LDAP-Technik via Tomcat Remote User
System.out.println("AUTH2:via Tomcat Remote User");
System.out.println("AUTH3:"+request.getAuthType());
if (request.getRemoteUser()!=null ||
(request.getAuthType() !=null && request.getAuthType().equals("shibboleth"))
)
{
isPasswordOK=true;
}
else
{
isPasswordOK = isPasswordInSuperXDatabaseOK(passwort);
}
}
if (!isPasswordOK) {
passwortFehlerVerarbeiten(con);
throw new NichtAngemeldetException(" Falsches Passwort für User " + user.getName());
}
}
private void his1GuestAuthentication(Connection con) throws NichtAngemeldetException, SQLException {
user.setName(ServletBasics.getParameter(request, RequestParameter.kennung));
if (StringUtils.isNullOrEmpty(user.getName()))
throw new NichtAngemeldetException(" Keine Anmeldung möglich, da im request keine Kennung angegeben.");
if (!isGuestUser(con, user.getName())) {
throw new NichtAngemeldetException("Kein Gastzugang für " + user.getName());
}
checkIfUserExistsInDatabaseAndUpdateDetails(con, false);
}
/**
* Erzeugen des UserObjekts mit Rechten auch von ExecuteMask für Shellaufruf
* ohne Webserver genutzt
*
* @param hisinoneRightsMap - optional kann null sein
* @param userid
* @param adminUser
* @throws IllegalArgumentException
* @throws SecurityException
* @throws TransformerConfigurationException
* @throws InstantiationException
* @throws IllegalAccessException
* @throws InvocationTargetException
* @throws NoSuchMethodException
* @throws TransformerException
* @throws KeyParentEqualException
* @throws SQLException
* @throws DBServletException
* @throws NichtAngemeldetException
* @throws IOException
* @throws TemplateException
* @throws NoMainEntryException
* @throws CloneNotSupportedException
*/
public void initUser(Connection con, Map<String, Object> hisInOneAttributMap)
throws IllegalArgumentException, SecurityException, TransformerConfigurationException,
InstantiationException, IllegalAccessException, InvocationTargetException, NoSuchMethodException,
TransformerException, KeyParentEqualException, SQLException, DBServletException, NichtAngemeldetException,
CloneNotSupportedException, NoMainEntryException, TemplateException, IOException {
user.getSelectionBuffer().setActive(SuperXManager.isSessionFieldDefaultsWanted(mandantenID));
user.setDBVersion(SxPools.get(mandantenID).getDatabaseMajorVersion(),
SxPools.get(mandantenID).getDatabaseMinorVersion());
if (hisInOneAttributMap != null) {
addH1TokenOrgUnitRights(con, hisInOneAttributMap);
}
addSuperXOrBIDirectOrgUnitRights(con);
initImplicitOrgUnitRights(con);
initMaskenUndSachgebietsRechte(con);
initGroups(con);
initSichten();
initFinRechte();
if (SxPools.get(mandantenID).hasKontierungsrechte()) {
user.initKontierungsrechte();
}
user.initThemenbaum();
user.updateFreemarkerBasicMap();
initPWGueltigkeit_Oldshas(con);
initMaskenEditRechte();
}
private void addH1TokenOrgUnitRights(Connection con, Map<String, Object> hisInOneAttributMap) throws SQLException {
Map<String, Map<String, String>> rightsMap = (Map<String, Map<String, String>>) hisInOneAttributMap
.get("rightsMap");
if (rightsMap != null) {
// nur der Form/Einfachheithalber eine Map<String><String> es sind die erlaubten
// apnrs enthalten vergl. UserAndRightsStreamliner
Map<String, String> allowedOrgUnitLids = rightsMap.get("allowedOrgUnits");
if (allowedOrgUnitLids != null) {
if (allowedOrgUnitLids.size() == 0) {
throw new RuntimeException("Keine gültige Organisationseinheit für Nutzer gefunden."
+ " Bitte Hauptladeroutine Kostenrechnung ausführen!");
}
String sqlLidInString = buildInString(allowedOrgUnitLids.keySet());
try (Statement stm = con.createStatement();
ResultSet rs = stm.executeQuery(SELECT_ORGUNIT + sqlLidInString)) {
while (rs.next()) {
OrgUnit ou = new OrgUnit(rs.getString("apnr"), rs.getString("uniquename"), rs.getString("lid"),
rs.getString("name"), rs.getDate("gueltig_seit"), rs.getDate("gueltig_bis"));
user.addStandardOrgUnitRight(ou);
}
}
}
}
}
private static String buildInString(Collection<String> items) {
String result = "(";
int count = items.size();
int i = 0;
for (String item : items) {
i++;
result += "'" + item + "'";
if (i < count) {
result += ",";
}
}
return result + ")";
}
/**
* in SuperX/BI selbst vergebene zusätzliche OrgEinheit Rehte Merkmal
* external_entry!=1
*
* @param user
* @throws DBServletException
* @throws SQLException
*/
private void addSuperXOrBIDirectOrgUnitRights(Connection con) throws SQLException, DBServletException {
try (Statement stm = con.createStatement();
ResultSet rs = stm.executeQuery(
"select trim(ch110_institut) as apnr,O.uniquename,O.name,O.lid,O.gueltig_seit,O.gueltig_bis from user_institution U left outer join organigramm O on (ch110_institut=key_apnr) where userid="
+ user.getId()
+ " and ch110_institut is not null and (external_entry is null or external_entry!=1) "
+ "and (U.gueltig_seit is null or U.gueltig_seit<=today()) and (U.gueltig_bis is null or U.gueltig_bis>=today()) ");) {
while (rs.next()) {
OrgUnit ou = new OrgUnit(rs.getString("apnr"), rs.getString("uniquename"), rs.getString("lid"),
rs.getString("name"), rs.getDate("gueltig_seit"), rs.getDate("gueltig_bis"));
user.addStandardOrgUnitRight(ou);
}
}
}
private void initFinRechte() throws SQLException, DBServletException {
SxResultSet rs = null;
int finRightVariant = SxPools.get(mandantenID).getFinRightVariant();
if (finRightVariant != SxFinRechte.NO_RIGHTS && !user.isAdmin()) {
if (finRightVariant == SxFinRechte.SIMPLE_RIGHTS) {
rs = ServletUtils.execute("Einlesen von einfachtenFin-Rechten für Benutzer " + user.getId(),
SxFinRechte.getReadingSqlUserKamSimple(user), user.getMandantenID());
}
if (finRightVariant == SxFinRechte.EXTENDED_RIGHTS) {
rs = ServletUtils.execute("Einlesen von erweiterten Fin-Rechten für Benutzer " + user.getId(),
SxFinRechte.getReadingSqlUserKam(user), user.getMandantenID());
}
if (finRightVariant == SxFinRechte.INS3_RIGHTS) {
rs = ServletUtils.execute(
"Einlesen von erweiterten Fin-Rechten inkl. ins3 für Benutzer " + user.getId(),
SxFinRechte.getReadingSqlUserKamIns3(user,
SxPools.get(mandantenID).hasFinUserKamRestrictionFields()), // erweitert!!
user.getMandantenID());
}
SxResultSet rs2 = ServletUtils
.executeALL_el(null, null, "Einlesen von Fin-Rechten proj_to_inst für Benutzer " + user.getId(),
SxFinRechte.getReadingSqlProjToInst(SxPools.get(mandantenID).getDatabaseAbbr(), user),
user.getMandantenID(), true)
.getResultSet();
user.initFinRechte(rs, finRightVariant, rs2, SxPools.get(mandantenID).is0FINJoker(),
SxPools.get(mandantenID).getRepository());
}
}
private void initSichten() throws SQLException, DBServletException, KeyParentEqualException,
CloneNotSupportedException, NoMainEntryException, TemplateException, IOException {
boolean hasSichtartRechteDefinitionen = SxPools.get(user.getMandantenID()).getSichtartRechteDefinitionen()
.size() > 0;
if (hasSichtartRechteDefinitionen) {
readAdditionalSichtenRights1();
}
SxResultSet rs = ServletUtils.execute("Einlesen von Sichten für Benutzer " + user.getId(),
Sichten.getReadingSql(user), user.getMandantenID());
user.getSichten().init(user.getMandantenID(), rs, SichtServlet.class);
if (hasSichtartRechteDefinitionen) {
readAdditionalSichtenRights2();
}
rs = ServletUtils.execute("Einlesen von Sichtrechten für Benutzer " + user.getId(),
"select distinct tid,type from sichten S where " + Sichten.getErlaubteSichtenSql(user),
user.getMandantenID());
user.getSichten().setAllowedSichten(rs, user.isAdmin());
}
private void readAdditionalSichtenRights1() throws SQLException, DBServletException {
for (Iterator it = SxPools.get(user.getMandantenID()).getSichtartRechteDefinitionen().iterator(); it
.hasNext();) {
SichtartRechteDefinition sd = (SichtartRechteDefinition) it.next();
SxResultSet rs = ServletUtils.execute(
"Einlesen von Sichtart " + sd.getName() + " Rechten für Benutzer " + user.getId(),
sd.getSql((Integer) user.getId()), user.getMandantenID());
user.getSichten().addSichtartRechte(sd.getName(), sd.isFallback_user_inst(), rs);
}
}
private void readAdditionalSichtenRights2() throws SQLException, DBServletException, KeyParentEqualException,
CloneNotSupportedException, NoMainEntryException, TemplateException, IOException {
for (Iterator it = SxPools.get(user.getMandantenID()).getSichtartRechteDefinitionen().iterator(); it
.hasNext();) {
SichtartRechteDefinition sd = (SichtartRechteDefinition) it.next();
if (sd.hasAdditionalKeysSQL()) {
boolean isSQLOK = true;
String sql = sd.getAdditionalKeysSQL();
sql = sql.replaceAll("<<UserID>>", user.getId().toString());
for (Iterator<String> it2 = user.getSichten().getSichtenArten().iterator(); it2.hasNext();) {
String sichtart = it2.next();
if (sql.indexOf("<<" + sichtart + ">>") > -1) {
String sichtartkeys = user.getSichten().getSichtartKeys(sichtart);
if (sichtartkeys.equals(""))
isSQLOK = false;
sql = sql.replaceAll("<<" + sichtart + ">>", sichtartkeys);
}
}
if (isSQLOK) {
SxResultSet rs2 = ServletUtils.execute("Einlesen ergänzenden Rechten von Sichtart " + sd.getName()
+ " Rechten für Benutzer " + user.getId(), sql, user.getMandantenID());
user.getSichten().addSichtartRechte(sd.getName(), sd.isFallback_user_inst(), rs2);
// nicht nötig, weil Sichten erst eingelesen werden, wenn
// tatsächlich gebaucht
// user.getSichten().reinit(sd.getName());
}
}
}
}
private void initGroups(Connection con) throws SQLException {
try (Statement stm = con.createStatement();
ResultSet rs = stm.executeQuery(
"select tid::varchar(10) as groupid,name from groupinfo G, user_group_bez U where G.tid=U.groupinfo_id and userinfo_id="
+ user.getUserIdAsInt());) {
while (rs.next()) {
user.addGruppe(rs.getString("groupid"), rs.getString("name"));
}
}
}
private void initMaskenUndSachgebietsRechte(Connection con) throws SQLException, DBServletException {
String queryMaskenRechte = "--alle Abfragen für die die Gruppe über Sachgebiete berechtigt \n"
+ "select distinct M.tid,M.name \n"
+ " from maskeninfo M, sachgeb_maske_bez S, group_sachgeb_bez G, user_group_bez U \n"
+ " where M.tid = S.maskeninfo_id \n" + " and S.sachgebiete_id = G.sachgebiete_id \n"
+ " and G.groupinfo_id = U.groupinfo_id \n" + " and U.userinfo_id = " + user.getId()
+ " \n" + " union \n" + " --alle Abfragen für die die Gruppe berechtigt (Einzelrechte) \n"
+ " select distinct M.tid,M.name \n"
+ " from maskeninfo M, group_masken_bez G, user_group_bez U \n"
+ " where M.tid = G.maskeninfo_id \n" + " and G.groupinfo_id = U.groupinfo_id \n"
+ " and U.userinfo_id = " + user.getId() + " \n" + " union \n"
+ "--alle Abfragen aus Sachgebieten für die der Nutzer Rechte hat \n"
+ " select distinct M.tid,M.name \n" + " from maskeninfo M \n" + " where \n"
+ " (M.tid in (select maskeninfo_id from sachgeb_maske_bez S where S.sachgebiete_id in \n"
+ " (select sachgebiete_id from user_sachgeb_bez U where U.userinfo_id=" + user.getId()
+ " ))) \n" + " union \n"
+ "--alle Abfragen für die Einzelrechte in user_masken_bez angegeben \n"
+ " select distinct M.tid,M.name \n" + " from maskeninfo M, user_masken_bez B \n"
+ " where \n" + " B.userinfo_id = " + user.getId() + " \n"
+ " and (M.tid = B.maskeninfo_id \n" + " or B.maskeninfo_id = 0)";
SxResultSet rs = ServletUtils.execute("Erlaubte Masken für User " + user.getName() + " (" + user.getId() + ")",
queryMaskenRechte, user.getMandantenID());
List<Integer> erlaubteMasken = new ArrayList<>();
for (Iterator it = rs.iterator(); it.hasNext();) {
SxResultRow row = (SxResultRow) it.next();
erlaubteMasken.add((Integer) row.get(0));
}
user.initErlaubteMasken(erlaubteMasken);
rs = ServletUtils.execute("Erlaubte Sachgebiete für User " + user.getName() + " (" + user.getId() + ")",
"select sachgebiete_id from user_sachgeb_bez where userinfo_id=" + user.getId() + " \n" + "union \n"
+ "select sachgebiete_id from group_sachgeb_bez where groupinfo_id in ( \n"
+ "select groupinfo_id from user_group_bez where userinfo_id=" + user.getId() + ")",
user.getMandantenID());
user.setSachgebiete(rs);
try {
rs = ServletUtils.execute("Einlesen von versteckten Feldern für Benutzer " + user.getId(),
"select field_id from group_field_pref where pref='hidden' and groupinfo_id in"
+ " (select groupinfo_id from user_group_bez where userinfo_id=" + user.getId() + ")",
user.getMandantenID());
user.setHiddenFields(rs);
} catch (Exception e) {
e.printStackTrace();
}
}
private void initMaskenEditRechte() throws SQLException, DBServletException {
String sql =
" SELECT (SELECT count(*) from user_group_bez U,group_sachgeb_bez B, sachgebiete S "
+ "where S.tid=B.sachgebiete_id "
+ "and U.groupinfo_id=B.groupinfo_id "
+ "and U.userinfo_id=" + user.getId()
+ " and (S.name like 'Bearbeitung%' or S.name like 'Administration%') "
+ ") "
+ "+ "
+ "(SELECT count(*) from user_sachgeb_bez B, sachgebiete S "
+ "where S.tid=B.sachgebiete_id "
+ "and B.userinfo_id=" + user.getId()
+ " and (S.name like 'Bearbeitung%' or S.name like 'Administration%') "
+ ")";
// String sql = "SELECT distinct trim(dbf.name) FROM db_forms dbf "
// + "JOIN sachgeb_dbform_bez sdb ON sdb.dbform_id = dbf.tid "
// + "JOIN sachgebiete s ON s.tid = sdb.sachgebiete_id "
// + "AND s.rightname LIKE 'CS_BIA_ADMINISTRATE_TOPIC_AREA%' "
// + "AND s.tid IN(" + user.getSachgebieteIn() + ")";
SxResultSet rs = ServletUtils.execute("Bearbeitungsrechte auf Masken", sql, user.getMandantenID());
user.setMaskenEditRights(rs);
}
/**
* not in use
*
* @deprecated
* @param user
* @throws SQLException
* @throws DBServletException
*/
@Deprecated
private static void initUserField1Cache(SxUser user) throws SQLException, DBServletException {
SxResultSet rs = ServletUtils
.execute("potentielle zu cachende User-Field1-quellen lesen",
"select distinct relation from felderinfo where "
// + SuperXManager.userField1Cache
+ " and art=1 and tid!=23541",
user.getMandantenID());
TreeSet sqls = new TreeSet();
String haushaltsjahr = DateUtils.getYear(new java.sql.Date(new java.util.Date().getTime()));
Hashtable formular = new Hashtable();
formular.put("Haushaltsjahr", haushaltsjahr);
for (Iterator it = rs.iterator(); it.hasNext();) {
SxResultRow row = (SxResultRow) it.next();
String sql = (String) row.get(0);
if (sql.trim().indexOf("<<SQL>>") == -1)
continue;
sql = SqlStringUtils.generateSQL("PG", formular, sql);// Database-Abbr
// für
// haushaltsjahr
// egal
try {
HashMap map = new HashMap();
map.putAll(user.getBasicMap());
sql = SxPools.get(user.getMandantenID()).getTemplateProcessor().process(map, null, "user Field1 Cache",
sql, null, SxPools.get(user.getMandantenID()).getRepository(),
SxPools.get(user.getMandantenID()).getSqlDialect());
sql = AbstractSicht.getStrippedSQL(sql);
if (sql.indexOf("<<") == -1)
sqls.add(sql);
} catch (Exception e) {
logger.info("Problem bei Caching des User-Feld-SQLs " + sql + " " + e);
}
}
/*
* FieldElementCache userFieldElementCache = (FieldElementCache)
* user.getFieldElementCache(); for (Iterator it = sqls.iterator();
* it.hasNext();) { String sql = (String) it.next(); Logger.getLogger("superx_"
* + user.getMandantenID()).log(Level.FINER, " Cache User-Feld-SQL: " + sql);
* try { rs = ServletUtils.executeALL_el(null, null, "Felder-SQL cachen", sql,
* user.getMandantenID(), true).getResultSet(); userFieldElementCache.add(sql,
* rs); } catch (Exception e) { Logger.getLogger("superx_" +
* user.getMandantenID()).log(Level.INFO,
* "Problem bei Caching des User-Feld-SQLs " + sql + " " + e); } }
*/
}
private void checkIfUserExistsInDatabaseAndUpdateDetails(Connection con, boolean isStandardLogin)
throws SQLException, NichtAngemeldetException {
boolean wasUserFound = false;
boolean isUserinfoMitGueltigkeit=checkUserinfoMitGueltigkeit(con); // #305059
String select="select tid, passwd_sha, administration, kennwort,akt_versuch,max_versuch from userinfo where benutzer = ? ";
if (isUserinfoMitGueltigkeit) {
select+= "and ( (gueltig_von is null or gueltig_von<=today()) and (gueltig_bis is null or gueltig_bis>=today()) )";
}
try (PreparedStatement pst = con
.prepareStatement(select);) {
pst.setString(1, user.getName());
try (ResultSet rs = pst.executeQuery();) {
while (rs.next()) {
wasUserFound = true;
checkAndUpdateUserDetails(isStandardLogin, rs);
}
}
}
if (!wasUserFound) {
fehlerhafteAnmeldungProtokollieren(con);
throw new NichtAngemeldetException(" Kombination von " + user.getName() + " und Passwort ungültig");
}
}
private boolean checkUserinfoMitGueltigkeit(Connection dbConnection) throws SQLException
{
boolean result=false;
Statement stm = dbConnection.createStatement();
DatabaseMetaData md = dbConnection.getMetaData();
ResultSet rs = md.getColumns(null, null, "userinfo", null);
while (rs.next()) {
if (rs.getString(4).equals("gueltig_von")) {
result=true;
}
}
rs.close();
return result;
}
private static boolean isGuestUser(Connection con, String kennung) throws SQLException {
boolean result = false;
try (PreparedStatement pst = con
.prepareStatement("select name from userinfo where benutzer = ?");) {
pst.setString(1, kennung);
try (ResultSet rs = pst.executeQuery()) {
if (rs.next()) {
String name = rs.getString("name");
result = name != null && name.trim().equals("Gastkennung");
}
}
}
return result;
}
private void passwortFehlerVerarbeiten(Connection con) throws SQLException {
try (Statement stm = con.createStatement();) {
// Versuchszahl erhöhen
stm.executeUpdate(
"update userinfo set akt_versuch=akt_versuch+1 " + " where tid=" + user.getUserIdAsInt());
// protokollieren
stm.execute("insert into protokoll (proto_fkt_id, userinfo_id, "
+ "ip_adresse, client_name, zeitpunkt) values (" + "2," + user.getUserIdAsInt() + ",'"
+ request.getRemoteAddr() + "','" + request.getRemoteHost() + "'" + "," + now_command() + ");");
}
}
private void erfolgreicheAnmeldungVerarbeiten(Connection con) throws SQLException {
try (Statement stm = con.createStatement();) {
if (user.getId() != null)
stm.executeUpdate("update userinfo set akt_versuch=0 " + " where tid = " + user.getUserIdAsInt());
updateLastLogin(stm);
if (SxPools.get(mandantenID).isErweitertesProtokollWanted()) {
stm.execute("insert into protokoll (proto_fkt_id, userinfo_id, "
+ "ip_adresse, client_name, zeitpunkt) values (" + "1," + user.getUserIdAsInt() + ",'"
+ request.getRemoteAddr() + "','" + request.getRemoteHost() + "'" + "," + now_command() + ");");
}
}
}
private String now_command() {
if (SxPools.get(mandantenID).getSqlDialect().equals("Postgres")) {
return "now()";
} else {
return "current";
}
}
private void fehlerhafteAnmeldungProtokollieren(Connection con) throws SQLException {
try (Statement stm = con.createStatement();) {
stm.execute("insert into protokoll (proto_fkt_id, userinfo_id, "
+ "ip_adresse, client_name, zeitpunkt) values (" + "2, -1,'" + request.getRemoteAddr() + "','"
+ request.getRemoteHost() + "'" + "," + now_command() + ");");
}
}
private void checkAndUpdateUserDetails(boolean isStandardLogin, ResultSet rs)
throws SQLException, NichtAngemeldetException {
String password_sha;
Integer userid = (Integer) rs.getObject(1);
user.setId(userid);
String kennwortSpalte = (String) rs.getString(4);
if (kennwortSpalte != null)
kennwortSpalte = kennwortSpalte.trim().toLowerCase();
if (isStandardLogin && kennwortSpalte != null
&& (kennwortSpalte.equals("ändern") || kennwortSpalte.equals("aendern")))
isPasswordChangeDemanded = true;
Short adminUser = Short.valueOf(rs.getShort(3));
if (adminUser.shortValue() == 1)
user.setAdmin(true);
password_sha = (String) rs.getString(2);
if (password_sha == null)
throw new NichtAngemeldetException("Kein Passwort in DB gefunden");
else
password_sha = password_sha.trim();
user.setCurrentSha(password_sha);
oldsha = password_sha;
int akt_versuch = rs.getInt(5);
int max_versuch = rs.getInt(6);
if (akt_versuch > max_versuch || max_versuch==0) {
throw new NichtAngemeldetException(MAXIMALE_LOGIN_VERSUCHE_UEBERSCHRITTEN);
}
}
private boolean isPasswordInSuperXDatabaseOK(String enteredPassword) {
return EqualsUtil.areEqual(user.getCurrentSha(), CryptUtils.encodeSHA(enteredPassword)) || EqualsUtil
.areEqual(user.getCurrentSha(), CryptUtils.encodeSHA(enteredPassword + CryptUtils.geheimnis1));
}
private void updateLastLogin(Statement stm) throws SQLException {
int userInDB = 0;
try (ResultSet rs = stm
.executeQuery("select count(*) from user_pw where userinfo_id=" + user.getUserIdAsInt());) {
while (rs.next()) {
userInDB = rs.getInt(1);
}
}
if (userInDB == 0) {
stm.executeUpdate(
"insert into user_pw (userinfo_id,last_login) values (" + user.getUserIdAsInt() + ",now());");
} else {
stm.executeUpdate("update user_pw set last_login=now() where userinfo_id=" + user.getUserIdAsInt());
}
}
public String getUsername() {
return user.getName();
}
public SxUser getUser() {
return user;
}
/**
* @return Returns the isPasswordChangeDemanded. checks session attribute also
*/
public boolean isPasswordChangeDemanded() {
String attrib = "false";
if (request.getSession() != null) {
attrib = (String) request.getSession().getAttribute("passwordchange");
if (attrib == null)
attrib = "false";
}
return isPasswordChangeDemanded || attrib.equals("true");
}
/**
* @param isPasswordChangeDemanded The isPasswordChangeDemanded to set.
*/
public void setPasswordChangeDemanded(boolean isPasswordChangeDemanded) {
this.isPasswordChangeDemanded = isPasswordChangeDemanded;
}
public static String getPwChangeHtml(String message) {
return de.superx.servlet.SuperXManager.htmlPageHead("Erfolg")
+ "<form action=\"/superx/servlet/SuperXmlPwChanger\" method=post>"
+ message + "<br>"
+ "Bisheriges Passwort<br><input type=password name=\"altes_passwort\" maxlength=40 size=20><br><br>"
+ "Neues Passwort<br><input type=password name=\"passwort\" maxlength=40 size=20><br>"
+ "Erneut eingeben<br><input type=password name=\"passwort2\" maxlength=40 size=20><br>" + "<br>"
+ "<input type=submit value=\"Abschicken\">" + "</form>" + "</body></html>";
}
/**
* @return Returns the oldsha.
*/
public String getOldsha() {
return oldsha;
}
@Deprecated
void initSessionOld(TokenChecker tokenChecker, ApplicationContext springApplicationContext)
throws NichtAngemeldetException, TransformerConfigurationException, InstantiationException,
IllegalAccessException, InvocationTargetException, NoSuchMethodException, TransformerException,
KeyParentEqualException, SQLException, DBServletException {
Map<String, Object> attributes = new HashMap<String, Object>();
if (tokenChecker != null) {
streamLineTokenRightsAndFillRightsMap(tokenChecker, attributes);
}
// perform(attributes);
attributes.putAll(initAttributes(tokenChecker, user.isAdmin()));
updateUserAndSessionAttrib(user, attributes);
//logging out and in to Spring
if (springApplicationContext != null) {
SessionService sessionService = (SessionService) springApplicationContext.getBean("sessionService");
sessionService.logout(request);
sessionService.authenticate(request, user.getName(), null);
}
}
private void streamLineTokenRightsAndFillRightsMap(TokenChecker tokenChecker, Map<String, Object> attributes)
throws SQLException, NichtAngemeldetException, DBServletException {
Map<String, Map<String, String>> rightsMap = UserAndRightsStreamliner.streamline(mandantenID, tokenChecker);
attributes.put("rightsMap", rightsMap);
}
/**
*
* @param tokenChecker - darf null sein, dann wird für SuperXStandalone
* vorbereitet
* @param isAdmin
* @return
* @throws SQLException
* @throws DBServletException
* @throws NichtAngemeldetException
* @throws TransformerConfigurationException
* @throws InstantiationException
* @throws IllegalAccessException
* @throws InvocationTargetException
* @throws NoSuchMethodException
* @throws TransformerException
* @throws KeyParentEqualException
*/
private Map<String, Object> initAttributes(TokenChecker tokenChecker, boolean isAdmin)
throws SQLException, DBServletException, NichtAngemeldetException, TransformerConfigurationException,
InstantiationException, IllegalAccessException, InvocationTargetException, NoSuchMethodException,
TransformerException, KeyParentEqualException {
Map<String, Object> attributes = null;
// TODO check hier von isTokenUsed==true geändert
if (tokenChecker != null) {
attributes = getAttributesFromToken(tokenChecker);
} else {
attributes = getSxStandaloneAttributes(isAdmin);
}
return attributes;
}
private void updateUserAndSessionAttrib(SxUser user, Map<String, Object> attributes) {
user.setRights((Map<String, Map<String, String>>) attributes.get("rightsMap"), (String) attributes.get("role"));
user.setHisInOneOrgUnitLidOfRole((Integer) attributes.get("orgUnit"));
user.setRoleId((Integer) attributes.get("roleId"));
// save rights in session
if (request.getSession() != null) {
request.getSession().setAttribute(SessionAttribute.isSuperXStandalone.toString(),
(SuperXManager.isHis1() ? "false" : "true"));
request.getSession().setAttribute(SessionAttribute.rights.toString(),
(String) attributes.get(SessionAttribute.rightsString.toString()));
request.getSession().setAttribute(SessionAttribute.orgUnit.toString(),
(Integer) attributes.get(SessionAttribute.orgUnit.toString()));
}
}
private Map<String, Object> getSxStandaloneAttributes(boolean isAdmin)
throws NichtAngemeldetException, TransformerConfigurationException, InstantiationException,
IllegalAccessException, InvocationTargetException, NoSuchMethodException, TransformerException,
KeyParentEqualException, SQLException, DBServletException {
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put("orgUnit", Integer.getInteger("-1")); // wichtig, dass ein Wert da ist, da ggfs. mit equals
// gearbeitet wird isKennungOrRightsInTokenChanged
Map<String, Map<String, String>> sx_rightsMap = new HashMap<String, Map<String, String>>();
// 2. Parameter der Map ist null, hier kämen bei HisInOne Rechteparameter vergl.
// de.superx.util.RightsParser.parse()
if (isAdmin) {
sx_rightsMap.put(SuperxSaikuSessionService.ADMIN_RIGHT, null);
sx_rightsMap.put(SuperxSaikuSessionService.VIEW_OLAP_RIGHT, null);
attributes.put("rightsString",
SuperxSaikuSessionService.VIEW_OLAP_RIGHT + "," + SuperxSaikuSessionService.ADMIN_RIGHT);
attributes.put("role", SuperxSaikuSessionService.ROLE_BI_ADMIN);
} else if (this.user.getName().startsWith("gast")){
sx_rightsMap.put(SuperxSaikuSessionService.STANDARDREPORTS_RIGHT, null);
attributes.put("rightsString", SuperxSaikuSessionService.STANDARDREPORTS_RIGHT);
attributes.put("role", SuperxSaikuSessionService.ROLE_BI_SPECIALIST);
} else {
sx_rightsMap.put(SuperxSaikuSessionService.STANDARDREPORTS_RIGHT, null);
sx_rightsMap.put(SuperxSaikuSessionService.VIEW_OLAP_RIGHT, null);
attributes.put("rightsString",
SuperxSaikuSessionService.VIEW_OLAP_RIGHT + "," + SuperxSaikuSessionService.STANDARDREPORTS_RIGHT);
attributes.put("role", SuperxSaikuSessionService.ROLE_BI_SPECIALIST);
}
attributes.put("rightsMap", sx_rightsMap);
return attributes;
}
private Map<String, Object> getAttributesFromToken(TokenChecker tokenChecker)
throws NichtAngemeldetException, TransformerConfigurationException, InstantiationException,
IllegalAccessException, InvocationTargetException, NoSuchMethodException, TransformerException,
KeyParentEqualException, SQLException, DBServletException {
logger.debug("Request.token: " + tokenChecker.getTokenString());
Map<String, Object> attributes = new HashMap<String, Object>();
// rightsMap wird schon vorher gefüllt in streamLineTokenRightsAndFillRightsMap
attributes.put("role", tokenChecker.getRole());
attributes.put("orgUnit", tokenChecker.getOrgunitLid());
attributes.put("rightsString", tokenChecker.getRights());
attributes.put("roleId", tokenChecker.getExternRoleID());
return attributes;
}
}
// Created on 17.03.2005 at 09:09:00