diff --git a/src/com/rjconsultores/ventaboletos/service/impl/UsuarioServiceImpl.java b/src/com/rjconsultores/ventaboletos/service/impl/UsuarioServiceImpl.java index 933e5a275..af4cd3850 100644 --- a/src/com/rjconsultores/ventaboletos/service/impl/UsuarioServiceImpl.java +++ b/src/com/rjconsultores/ventaboletos/service/impl/UsuarioServiceImpl.java @@ -21,84 +21,93 @@ import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; /** - * + * * @author Administrador */ @Service("usuarioService") public class UsuarioServiceImpl implements UsuarioService, UserDetailsService { - @Autowired - private UsuarioDAO usuarioDAO; + @Autowired + private UsuarioDAO usuarioDAO; - public List buscarPeloNome(String nome) { - return usuarioDAO.buscarPeloNome(nome); - } + public List buscarPeloNome(String nome) { + return usuarioDAO.buscarPeloNome(nome); + } - public String encriptarSenha(String login, String senha) { - org.springframework.security.authentication.encoding.Md5PasswordEncoder a = - new org.springframework.security.authentication.encoding.Md5PasswordEncoder(); + public String encriptarSenha(String login, String senha) { + org.springframework.security.authentication.encoding.Md5PasswordEncoder a = + new org.springframework.security.authentication.encoding.Md5PasswordEncoder(); - return a.encodePassword(senha, login); - } + return a.encodePassword(senha, login); + } - public List obtenerTodos() { - return usuarioDAO.obtenerTodos(); - } + public List obtenerTodos() { + return usuarioDAO.obtenerTodos(); + } - public Usuario obtenerID(Integer id) { - return usuarioDAO.obtenerID(id); - } + public Usuario obtenerID(Integer id) { + return usuarioDAO.obtenerID(id); + } - @Transactional - public Usuario suscribir(Usuario entidad) { - entidad.setUsuariomodifId(UsuarioLogado.getUsuarioLogado().getUsuarioId()); - entidad.setFecmodif(Calendar.getInstance().getTime()); - entidad.setActivo(Boolean.TRUE); + @Transactional + public Usuario suscribir(Usuario entidad) { + entidad.setUsuariomodifId(UsuarioLogado.getUsuarioLogado().getUsuarioId()); + entidad.setFecmodif(Calendar.getInstance().getTime()); + entidad.setActivo(Boolean.TRUE); - return usuarioDAO.suscribir(entidad); - } + return usuarioDAO.suscribir(entidad); + } - @Transactional - public Usuario actualizacion(Usuario entidad) { - entidad.setUsuariomodifId(UsuarioLogado.getUsuarioLogado().getUsuarioId()); - entidad.setFecmodif(Calendar.getInstance().getTime()); - entidad.setActivo(Boolean.TRUE); + @Transactional + public Usuario actualizacion(Usuario entidad) { + entidad.setUsuariomodifId(UsuarioLogado.getUsuarioLogado().getUsuarioId()); + entidad.setFecmodif(Calendar.getInstance().getTime()); + entidad.setActivo(Boolean.TRUE); - return usuarioDAO.actualizacion(entidad); - } + return usuarioDAO.actualizacion(entidad); + } - @Transactional - public void borrar(Usuario entidad) { + @Transactional + public void borrar(Usuario entidad) { - entidad = obtenerID(entidad.getUsuarioId()); + entidad = obtenerID(entidad.getUsuarioId()); - for (UsuarioPerfil up : entidad.getUsuarioPerfilList()) { - up.setUsuariomodifId(UsuarioLogado.getUsuarioLogado().getUsuarioId()); - up.setFecmodif(Calendar.getInstance().getTime()); - up.setActivo(Boolean.FALSE); - } + for (UsuarioPerfil up : entidad.getUsuarioPerfilList()) { + up.setUsuariomodifId(UsuarioLogado.getUsuarioLogado().getUsuarioId()); + up.setFecmodif(Calendar.getInstance().getTime()); + up.setActivo(Boolean.FALSE); + } - entidad.setUsuariomodifId(UsuarioLogado.getUsuarioLogado().getUsuarioId()); - entidad.setFecmodif(Calendar.getInstance().getTime()); - entidad.setActivo(Boolean.FALSE); + entidad.setUsuariomodifId(UsuarioLogado.getUsuarioLogado().getUsuarioId()); + entidad.setFecmodif(Calendar.getInstance().getTime()); + entidad.setActivo(Boolean.FALSE); - usuarioDAO.actualizacion(entidad); - } + usuarioDAO.actualizacion(entidad); + } - public Usuario buscarPeloNomeSenha(String stUsuario, String senha) { - return usuarioDAO.buscarPeloNomeSenha(stUsuario, senha); - } + public Usuario buscarPeloNomeSenha(String stUsuario, String senha) { + return usuarioDAO.buscarPeloNomeSenha(stUsuario, senha); + } - public UserDetails loadUserByUsername(String string) - throws UsernameNotFoundException, DataAccessException { - return UsuarioLogado.getUsuarioLogado(); - } + @Override + public UserDetails loadUserByUsername(String login) throws UsernameNotFoundException, DataAccessException { + if (login == null) { + throw new UsernameNotFoundException("Usuario não encontrado"); + } + List list = usuarioDAO.buscarPelaCveUsuario(login.toUpperCase()); - public List buscarPorEmpleado(Empleado empleado) { - return usuarioDAO.buscarPorEmpleado(empleado); - } + if (list.isEmpty()) { + throw new UsernameNotFoundException("Usuario não encontrado"); + } - public List buscarPelaCveUsuario(String cveUsuario) { - return usuarioDAO.buscarPelaCveUsuario(cveUsuario); - } + return list.get(0); + } + + public List buscarPorEmpleado(Empleado empleado) { + return usuarioDAO.buscarPorEmpleado(empleado); + } + + public List buscarPelaCveUsuario(String cveUsuario) { + return usuarioDAO.buscarPelaCveUsuario(cveUsuario); + } } diff --git a/src/com/rjconsultores/ventaboletos/utilerias/UsuarioLogado.java b/src/com/rjconsultores/ventaboletos/utilerias/UsuarioLogado.java index ccf0a9092..d2f1a130c 100644 --- a/src/com/rjconsultores/ventaboletos/utilerias/UsuarioLogado.java +++ b/src/com/rjconsultores/ventaboletos/utilerias/UsuarioLogado.java @@ -10,30 +10,24 @@ import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; /** - * + * * @author rodrigo */ public class UsuarioLogado { - private static Usuario usuario; + public static Usuario getUsuarioLogado() { + Usuario usuario = null; + SecurityContext sc = SecurityContextHolder.getContext(); + if (sc != null) { + Authentication authentication = (Authentication) sc.getAuthentication(); - public static Usuario getUsuarioLogado() { - SecurityContext sc = SecurityContextHolder.getContext(); - if (sc != null) { - Authentication authentication = (Authentication) SecurityContextHolder.getContext().getAuthentication(); + if ((authentication != null) && (authentication.getPrincipal() instanceof Usuario)) { + usuario = (Usuario) authentication.getPrincipal(); + } else { + usuario = null; + } + } - if (authentication instanceof Usuario) { - usuario = (Usuario) authentication.getPrincipal(); - } else { - usuario = null; - } - } - - return usuario; - } - - public static void setUsuarioLogado(Usuario usuario) { - SecurityContext sc = SecurityContextHolder.getContext(); - sc.setAuthentication(usuario); - } + return usuario; + } } diff --git a/src/com/rjconsultores/ventaboletos/utilerias/spring/security/Base64.java b/src/com/rjconsultores/ventaboletos/utilerias/spring/security/Base64.java new file mode 100644 index 000000000..4294bd6aa --- /dev/null +++ b/src/com/rjconsultores/ventaboletos/utilerias/spring/security/Base64.java @@ -0,0 +1,247 @@ +/* + * @(#)Base64.java 1.3 01/12/03 + * + * Copyright 2002 Sun Microsystems, Inc. All rights reserved. + * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. + */ +package com.rjconsultores.ventaboletos.utilerias.spring.security; + +/** + * Static methods for translating Base64 encoded strings to byte arrays + * and vice-versa. + * + * @author Josh Bloch + * @version 1.3, 12/03/01 + * @see Preferences + * @since 1.4 + */ +public class Base64 { + + /** + * Translates the specified byte array into a Base64 string as per + * Preferences.put(byte[]). + */ + public static String byteArrayToBase64(byte[] a) { + return byteArrayToBase64(a, false); + } + + /** + * Translates the specified byte array into an "aternate representation" + * Base64 string. This non-standard variant uses an alphabet that does + * not contain the uppercase alphabetic characters, which makes it + * suitable for use in situations where case-folding occurs. + */ + public static String byteArrayToAltBase64(byte[] a) { + return byteArrayToBase64(a, true); + } + + private static String byteArrayToBase64(byte[] a, boolean alternate) { + int aLen = a.length; + int numFullGroups = aLen / 3; + int numBytesInPartialGroup = aLen - 3 * numFullGroups; + int resultLen = 4 * ((aLen + 2) / 3); + StringBuffer result = new StringBuffer(resultLen); + char[] intToAlpha = (alternate ? intToAltBase64 : intToBase64); + + // Translate all full groups from byte array elements to Base64 + int inCursor = 0; + for (int i = 0; i < numFullGroups; i++) { + int byte0 = a[inCursor++] & 0xff; + int byte1 = a[inCursor++] & 0xff; + int byte2 = a[inCursor++] & 0xff; + result.append(intToAlpha[byte0 >> 2]); + result.append(intToAlpha[(byte0 << 4) & 0x3f | (byte1 >> 4)]); + result.append(intToAlpha[(byte1 << 2) & 0x3f | (byte2 >> 6)]); + result.append(intToAlpha[byte2 & 0x3f]); + } + + // Translate partial group if present + if (numBytesInPartialGroup != 0) { + int byte0 = a[inCursor++] & 0xff; + result.append(intToAlpha[byte0 >> 2]); + if (numBytesInPartialGroup == 1) { + result.append(intToAlpha[(byte0 << 4) & 0x3f]); + result.append("=="); + } else { + // assert numBytesInPartialGroup == 2; + int byte1 = a[inCursor++] & 0xff; + result.append(intToAlpha[(byte0 << 4) & 0x3f | (byte1 >> 4)]); + result.append(intToAlpha[(byte1 << 2) & 0x3f]); + result.append('='); + } + } + // assert inCursor == a.length; + // assert result.length() == resultLen; + return result.toString(); + } + /** + * This array is a lookup table that translates 6-bit positive integer + * index values into their "Base64 Alphabet" equivalents as specified + * in Table 1 of RFC 2045. + */ + private static final char intToBase64[] = { + 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', + 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', + 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', + 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', + '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/' + }; + /** + * This array is a lookup table that translates 6-bit positive integer + * index values into their "Alternate Base64 Alphabet" equivalents. + * This is NOT the real Base64 Alphabet as per in Table 1 of RFC 2045. + * This alternate alphabet does not use the capital letters. It is + * designed for use in environments where "case folding" occurs. + */ + private static final char intToAltBase64[] = { + '!', '"', '#', '$', '%', '&', '\'', '(', ')', ',', '-', '.', ':', + ';', '<', '>', '@', '[', ']', '^', '`', '_', '{', '|', '}', '~', + 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', + 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', + '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '?' + }; + + /** + * Translates the specified Base64 string (as per Preferences.get(byte[])) + * into a byte array. + * + * @throw IllegalArgumentException if s is not a valid Base64 + * string. + */ + public static byte[] base64ToByteArray(String s) { + return base64ToByteArray(s, false); + } + + /** + * Translates the specified "aternate representation" Base64 string + * into a byte array. + * + * @throw IllegalArgumentException or ArrayOutOfBoundsException + * if s is not a valid alternate representation + * Base64 string. + */ + public static byte[] altBase64ToByteArray(String s) { + return base64ToByteArray(s, true); + } + + private static byte[] base64ToByteArray(String s, boolean alternate) { + byte[] alphaToInt = (alternate ? altBase64ToInt : base64ToInt); + int sLen = s.length(); + int numGroups = sLen / 4; + if (4 * numGroups != sLen) { + throw new IllegalArgumentException( + "String length must be a multiple of four."); + } + int missingBytesInLastGroup = 0; + int numFullGroups = numGroups; + if (sLen != 0) { + if (s.charAt(sLen - 1) == '=') { + missingBytesInLastGroup++; + numFullGroups--; + } + if (s.charAt(sLen - 2) == '=') { + missingBytesInLastGroup++; + } + } + byte[] result = new byte[3 * numGroups - missingBytesInLastGroup]; + + // Translate all full groups from base64 to byte array elements + int inCursor = 0, outCursor = 0; + for (int i = 0; i < numFullGroups; i++) { + int ch0 = base64toInt(s.charAt(inCursor++), alphaToInt); + int ch1 = base64toInt(s.charAt(inCursor++), alphaToInt); + int ch2 = base64toInt(s.charAt(inCursor++), alphaToInt); + int ch3 = base64toInt(s.charAt(inCursor++), alphaToInt); + result[outCursor++] = (byte) ((ch0 << 2) | (ch1 >> 4)); + result[outCursor++] = (byte) ((ch1 << 4) | (ch2 >> 2)); + result[outCursor++] = (byte) ((ch2 << 6) | ch3); + } + + // Translate partial group, if present + if (missingBytesInLastGroup != 0) { + int ch0 = base64toInt(s.charAt(inCursor++), alphaToInt); + int ch1 = base64toInt(s.charAt(inCursor++), alphaToInt); + result[outCursor++] = (byte) ((ch0 << 2) | (ch1 >> 4)); + + if (missingBytesInLastGroup == 1) { + int ch2 = base64toInt(s.charAt(inCursor++), alphaToInt); + result[outCursor++] = (byte) ((ch1 << 4) | (ch2 >> 2)); + } + } + // assert inCursor == s.length()-missingBytesInLastGroup; + // assert outCursor == result.length; + return result; + } + + /** + * Translates the specified character, which is assumed to be in the + * "Base 64 Alphabet" into its equivalent 6-bit positive integer. + * + * @throw IllegalArgumentException or ArrayOutOfBoundsException if + * c is not in the Base64 Alphabet. + */ + private static int base64toInt(char c, byte[] alphaToInt) { + int result = alphaToInt[c]; + if (result < 0) { + throw new IllegalArgumentException("Illegal character " + c); + } + return result; + } + /** + * This array is a lookup table that translates unicode characters + * drawn from the "Base64 Alphabet" (as specified in Table 1 of RFC 2045) + * into their 6-bit positive integer equivalents. Characters that + * are not in the Base64 alphabet but fall within the bounds of the + * array are translated to -1. + */ + private static final byte base64ToInt[] = { + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, 52, 53, 54, + 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, -1, 0, 1, 2, 3, 4, + 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, + 24, 25, -1, -1, -1, -1, -1, -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, + 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51 + }; + /** + * This array is the analogue of base64ToInt, but for the nonstandard + * variant that avoids the use of uppercase alphabetic characters. + */ + private static final byte altBase64ToInt[] = { + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 0, 1, + 2, 3, 4, 5, 6, 7, 8, -1, 62, 9, 10, 11, -1, 52, 53, 54, 55, 56, 57, + 58, 59, 60, 61, 12, 13, 14, -1, 15, 63, 16, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 17, -1, 18, 19, 21, 20, 26, 27, 28, 29, 30, 31, 32, 33, + 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, + 51, 22, 23, 24, 25 + }; + + public static void main(String args[]) { +// int numRuns = Integer.parseInt(args[0]); +// int numBytes = Integer.parseInt(args[1]); +// java.util.Random rnd = new java.util.Random(); +// for (int i=0; i + * false - Acceso de lectura
+ * + */ + public boolean fullAccess(); +} diff --git a/src/com/rjconsultores/ventaboletos/utilerias/spring/security/MiPasswordEncoder.java b/src/com/rjconsultores/ventaboletos/utilerias/spring/security/MiPasswordEncoder.java new file mode 100644 index 000000000..75a44fdde --- /dev/null +++ b/src/com/rjconsultores/ventaboletos/utilerias/spring/security/MiPasswordEncoder.java @@ -0,0 +1,31 @@ +package com.rjconsultores.ventaboletos.utilerias.spring.security; + +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + +import org.springframework.dao.DataAccessException; +import org.springframework.security.authentication.encoding.PasswordEncoder; + + +public class MiPasswordEncoder implements PasswordEncoder { + + @Override + public String encodePassword(String pwd, Object salt) throws DataAccessException { + + try { + MessageDigest md = MessageDigest.getInstance("MD5"); + byte[] pass = md.digest(pwd.getBytes()); + return Base64.byteArrayToBase64(pass); + + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException("No fue posible firmar el usuario. El algoritmo no fue encontrado", e); + } + + } + + @Override + public boolean isPasswordValid(String encPass, String pwd, Object salt) throws DataAccessException { + return encodePassword(pwd, salt).equals(encPass); + } + +}