Jive之抽象工厂模式

最新推荐文章于 2024-06-10 10:58:58 发布

原创最新推荐文章于 2024-06-10 10:58:58 发布 · 114 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#authorization #exception #string #token #null #database

public abstract class AuthorizationFactory {

    /**
     * The default class to instantiate is database implementation.
     */
    private static String className =
        "com.jivesoftware.forum.database.DbAuthorizationFactory";

private static AuthorizationFactory factory = null;

    /**
     * Returns the Authorization token associated with the specified username
     * and password. If the username and password do not match the record of
     * any user in the system, the method throws an UnauthorizedException.<p>
     *
     * When using most implementations of this class, authorization tokens
     * should be cached. A convenient place to store a token is often in the
     * HttpSession.
     *
     * @param username the username to create an Authorization with.
     * @param password the password to create an Authorization with.
     * @return an Authorization token if the username and password are correct.
     * @throws UnauthorizedException if the username and password do not match
     *      any existing user.
     */
    public static Authorization getAuthorization(String username,
            String password) throws UnauthorizedException
    {
        loadAuthorizationFactory();
        return factory.createAuthorization(username, password);
    }

    /**
     * Returns the anonymous user Authorization.
     *
     * @return an anonymous Authorization token.
     */
    public static Authorization getAnonymousAuthorization() {
        loadAuthorizationFactory();
        return factory.createAnonymousAuthorization();
    }

    /**
     * Creates anonymous Authorization tokens. This method is implemented by
     * concrete subclasses AuthorizationFactory.
     *
     * @return an anonymous Authorization token.
     */
    protected abstract Authorization createAnonymousAuthorization();

    /**
     * Loads a concrete AuthorizationFactory that can be used generate
     * Authorization tokens for authorized users.<p>
     *
     * By default, the implementation used will be an instance of
     * DbAuthorizationFactory -- the standard database implementation that uses
     * the Jive user table. A different factory can be specified by setting the
     * Jive property "AuthorizationFactory.className". However, you must
     * restart Jive for any change to take effect.
     */
    private static void loadAuthorizationFactory() {
        if (factory == null) {
            //Use className as a convenient object to get a lock on.
            synchronized(className) {
                if (factory == null) {
                    //See if the classname has been set as a Jive property.
                    String classNameProp = JiveGlobals.getJiveProperty(
                            "AuthorizationFactory.className");
                    if (classNameProp != null) {
                        className = classNameProp;
                    }
                    try {
                        Class c = Class.forName(className);
                        factory = (AuthorizationFactory)c.newInstance();
                    }
                    catch (Exception e) {
                        System.err.println("Exception loading class: " + e);
                        e.printStackTrace();
                    }
                }
            }
        }
    }
}

public class DbAuthorizationFactory extends AuthorizationFactory {

    /** DATABASE QUERIES **/
    private static final String AUTHORIZE =
        "SELECT userID FROM jiveUser WHERE username=? AND passwordHash=?";

    /**
     * The same token can be used for all anonymous users, so cache it.
     */
    private static final Authorization anonymousAuth = new DbAuthorization(-1);

    /**
     * Creates Authorization tokens for users. This method is implemented by
     * concrete subclasses of AuthorizationFactory.
     *
     * @param username the username to create an Authorization with.
     * @param password the password to create an Authorization with.
     * @return an Authorization token if the username and password are correct.
     * @throws UnauthorizedException if the username and password do not match
     *      any existing user.
     */
    public Authorization createAuthorization(String username, String password)
            throws UnauthorizedException
    {
        if (username == null || password == null) {
            throw new UnauthorizedException();
        }
        //Jive stores all passwords in hashed form. So, hash the plain text
        //password for comparison.
        password = StringUtils.hash(password);
        long userID = 0;
        Connection con = null;
        PreparedStatement pstmt = null;
        try {
            con = ConnectionManager.getConnection();
            pstmt = con.prepareStatement(AUTHORIZE);
            pstmt.setString(1, username);
            pstmt.setString(2, password);

            ResultSet rs = pstmt.executeQuery();
            //If the query had no results, the username and password
            //did not match a user record. Therefore, throw an exception.
            if (!rs.next()) {
                throw new UnauthorizedException();
            }
            userID = rs.getLong(1);
        }
        catch( SQLException sqle ) {
            System.err.println("Exception in DbAuthorizationFactory:" + sqle);
            sqle.printStackTrace();
            throw new UnauthorizedException();
        }
        finally {
            try { pstmt.close(); }
            catch (Exception e) { e.printStackTrace(); }
            try { con.close();   }
            catch (Exception e) { e.printStackTrace(); }
        }
        //Got this far, so the user must be authorized.
        return new DbAuthorization(userID);
    }

    /**
     * Creates anonymous Authorization tokens.
     *
     * @return an anonymous Authorization token.
     */
    public Authorization createAnonymousAuthorization() {
        return anonymousAuth;
    }
}