Skip to content
Snippets Groups Projects
Commit e5840bba authored by Falucho's avatar Falucho
Browse files

Quedo la Password

parent f16b70b3
No related branches found
No related tags found
No related merge requests found
Showing
with 241 additions and 26 deletions
package uy.edu.fing.tse.jsf;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import uy.edu.fing.tse.central.business.security.SecurityLocal;
import uy.edu.fing.tse.dto.UserBO;
import javax.ejb.EJB;
import javax.enterprise.context.RequestScoped;
import javax.inject.Named;
import java.io.Serializable;
......@@ -10,24 +16,15 @@ public class UserLoginBean implements Serializable {
private static final long serialVersionUID = -7674319505640122631L;
private String username;
private String password;
private String repassword;
private static final Logger LOG = LoggerFactory.getLogger(UserLoginBean.class);
@EJB
private SecurityLocal securityLocal;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
final UserBO user = new UserBO();
private String repassword;
public void setPassword(String password) {
this.password = password;
public UserBO getUser() {
return user;
}
public String getRepassword() {
......@@ -40,11 +37,13 @@ public class UserLoginBean implements Serializable {
public void login() {
//aca va el login
final var s = securityLocal.login(user);
LOG.info(s);
}
public void register() {
//aca va el register
final var s = securityLocal.register(user);
}
}
......@@ -14,14 +14,14 @@
<h:panelGrid columns="2" cellpadding="5" id="form">
<h:outputLabel for="username" value="Username:"/>
<p:inputText id="username" value="#{userLoginView.username}" required="true" label="username"/>
<p:inputText id="username" value="#{userLoginView.user.mail}" required="true" label="username"/>
<h:outputLabel for="password" value="Password:"/>
<p:password id="password" value="#{userLoginView.password}" required="true" label="password"/>
<p:password id="password" value="#{userLoginView.user.password}" required="true" label="password"/>
<f:facet name="footer">
<p:commandButton value="Register" action="register.xhmtl?faces-redirect=true" update="form"/>
<p:commandButton value="Login" action="#{userLoginView.login}"/>
<p:commandButton value="Login" action="#{userLoginView.login()}"/>
</f:facet>
</h:panelGrid>
</h:form>
......
......@@ -14,16 +14,16 @@
<h:panelGrid columns="2" cellpadding="5" id="form">
<h:outputLabel for="username" value="Username:"/>
<p:inputText id="username" value="#{userLoginView.username}" required="true" label="username"/>
<p:inputText id="username" value="#{userLoginView.user.mail}" required="true" label="username"/>
<h:outputLabel for="password" value="Password:"/>
<p:password id="password" value="#{userLoginView.password}" required="true" label="password"/>
<p:password id="password" value="#{userLoginView.user.password}" required="true" label="password"/>
<h:outputLabel for="repassword" value="RePassword:"/>
<p:password id="repassword" value="#{userLoginView.repassword}" required="true" label="repassword"/>
<f:facet name="footer">
<p:commandButton value="Register" action="#{userLoginView.register}"/>
<p:commandButton value="Register" action="#{userLoginView.register()}"/>
</f:facet>
</h:panelGrid>
</h:form>
......
package uy.edu.fing.tse.central.db.dao.user;
import uy.edu.fing.tse.central.db.entity.Usuario;
import uy.edu.fing.tse.central.db.mapper.MyMapper;
import uy.edu.fing.tse.dto.User;
import javax.annotation.PostConstruct;
import javax.ejb.Stateless;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import java.util.List;
import java.util.stream.Collectors;
@Stateless
public class UserDAOBean implements UserDaoLocal {
@PersistenceContext(unitName = "central")
private EntityManager em;
@PostConstruct
void init() {
//Despues del constructor hace esto
}
@Override
public void register(User user) {
final var newUser = MyMapper.INSTANCE.convert(user);
em.persist(newUser);
em.flush();
}
@Override
public User find(String mail) {
final var query = em.createNamedQuery("Usuario.findByMail", Usuario.class);
query.setParameter("mail", mail);
final Usuario usuario = query.getSingleResult();
return MyMapper.INSTANCE.convert(usuario);
}
@Override
public List<User> findAll() {
final var query = em.createNamedQuery("Usuario.findAll", Usuario.class);
final List<Usuario> usuarios = query.getResultList();
return usuarios.stream().map(MyMapper.INSTANCE::convert).collect(Collectors.toList());
}
}
package uy.edu.fing.tse.central.db.dao.user;
import uy.edu.fing.tse.dto.User;
import javax.ejb.Local;
import java.util.List;
@Local
public interface UserDaoLocal {
void register(User user);
User find(String mail);
List<User> findAll();
}
......@@ -4,7 +4,12 @@ import javax.persistence.*;
@Entity
@Inheritance(strategy = InheritanceType.TABLE_PER_CLASS)
@NamedQueries({
@NamedQuery(name = "Usuario.findByMail", query = "SELECT u FROM Usuario u WHERE u.mail = :mail"),
@NamedQuery(name = "Usuario.findAll", query = "SELECT u FROM Usuario u")
})
public abstract class Usuario {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private Long id;
......
......@@ -3,13 +3,12 @@ package uy.edu.fing.tse.central.db.entity;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.ManyToOne;
import java.util.UUID;
@Entity
public class UsuarioBO extends Usuario {
@Column(nullable = false)
private String salt = UUID.randomUUID().toString();
private String salt;
@Column(nullable = false)
private String password;
......@@ -21,6 +20,10 @@ public class UsuarioBO extends Usuario {
return salt;
}
public void setSalt(String salt) {
this.salt = salt;
}
public String getPassword() {
return password;
}
......
......@@ -54,6 +54,12 @@
<artifactId>javax.annotation-api</artifactId>
</dependency>
<dependency>
<groupId>at.favre.lib</groupId>
<artifactId>bcrypt</artifactId>
<version>0.8.0</version>
</dependency>
<!-- Test scope dependencies -->
<dependency>
<groupId>junit</groupId>
......
package uy.edu.fing.tse.central.business.common;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Base64;
public final class Secure {
private static final Charset CHARSET = StandardCharsets.UTF_8;
private Secure() {
}
public static String generateSalt() {
final SecureRandom random = new SecureRandom();
final byte[] salt = new byte[16];
random.nextBytes(salt);
return new String(Base64.getEncoder().encode(salt), CHARSET);
}
public static String encriptSHA(final String pass, final String salt) {
try {
MessageDigest md = MessageDigest.getInstance("SHA-512");
md.update(salt.getBytes(CHARSET));
byte[] hashedPassword = md.digest(pass.getBytes(CHARSET));
return new String(Base64.getEncoder().encode(hashedPassword), CHARSET);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return null;
}
public static String encriptPBKDF(final String pass, final String salt) {
try {
KeySpec spec = new PBEKeySpec(pass.toCharArray(), salt.getBytes(CHARSET), 65536, 128);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
byte[] hashedPassword = factory.generateSecret(spec).getEncoded();
return new String(Base64.getEncoder().encode(hashedPassword), CHARSET);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
e.printStackTrace();
}
return null;
}
}
......@@ -39,4 +39,5 @@ final class RabbitConfig {
return factory;
}
}
package uy.edu.fing.tse.central.business.security;
import uy.edu.fing.tse.dto.User;
import uy.edu.fing.tse.dto.UserBO;
public interface Security {
User register(UserBO p);
String login(UserBO p);
}
package uy.edu.fing.tse.central.business.security;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import uy.edu.fing.tse.central.business.common.Secure;
import uy.edu.fing.tse.central.db.dao.user.UserDaoLocal;
import uy.edu.fing.tse.dto.User;
import uy.edu.fing.tse.dto.UserBO;
import javax.annotation.PostConstruct;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import java.util.Objects;
@Stateless
public class SecurityBean implements SecurityLocal, SecurityRemote {
private static final Logger LOG = LoggerFactory.getLogger(Security.class);
@EJB
private UserDaoLocal dao;
@PostConstruct
void init() {
//Despues Hace esto
}
@Override
public User register(UserBO p) {
final var salt = Secure.generateSalt();
p.setSalt(salt);
final var newPassword = Secure.encriptPBKDF(p.getPassword(), salt);
p.setPassword(newPassword);
dao.register(p);
return dao.find(p.getMail());
}
@Override
public String login(UserBO p) {
//Valido la password
final var user = (UserBO) dao.find(p.getMail());
final var salt = user.getSalt();
final var thisPassword = Secure.encriptPBKDF(p.getPassword(), salt);
if (Objects.equals(thisPassword, user.getPassword())) {
return thisPassword;
}
return null;
}
}
package uy.edu.fing.tse.central.business.security;
import javax.ejb.Local;
@Local
public interface SecurityLocal extends Security {
}
package uy.edu.fing.tse.central.business.security;
//@Remote
public interface SecurityRemote extends Security {
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment