From e5840bbab705da9fb7f44553365291d08f39e57b Mon Sep 17 00:00:00 2001
From: Falucho <german.faller@pcunix71.fing.edu.uy>
Date: Sun, 23 Jun 2019 05:40:38 -0300
Subject: [PATCH] Quedo la Password
---
.../uy/edu/fing/tse/jsf/UserLoginBean.java | 35 ++++++------
backoffice/src/main/webapp/jsf/login.xhtml | 6 +-
backoffice/src/main/webapp/jsf/register.xhtml | 6 +-
.../tse/central/db/dao/user/UserDAOBean.java | 51 +++++++++++++++++
.../tse/central/db/dao/user/UserDaoLocal.java | 16 ++++++
.../fing/tse/central/db/entity/Usuario.java | 5 ++
.../fing/tse/central/db/entity/UsuarioBO.java | 7 ++-
central-ejb/pom.xml | 6 ++
.../tse/central/business/common/Secure.java | 56 +++++++++++++++++++
.../tse/central/business/mq/RabbitConfig.java | 1 +
.../central/business/security/Security.java | 14 +++++
.../business/security/SecurityBean.java | 52 +++++++++++++++++
.../business/security/SecurityLocal.java | 7 +++
.../business/security/SecurityRemote.java | 5 ++
14 files changed, 241 insertions(+), 26 deletions(-)
create mode 100644 central-db/src/main/java/uy/edu/fing/tse/central/db/dao/user/UserDAOBean.java
create mode 100644 central-db/src/main/java/uy/edu/fing/tse/central/db/dao/user/UserDaoLocal.java
create mode 100644 central-ejb/src/main/java/uy/edu/fing/tse/central/business/common/Secure.java
create mode 100644 central-ejb/src/main/java/uy/edu/fing/tse/central/business/security/Security.java
create mode 100644 central-ejb/src/main/java/uy/edu/fing/tse/central/business/security/SecurityBean.java
create mode 100644 central-ejb/src/main/java/uy/edu/fing/tse/central/business/security/SecurityLocal.java
create mode 100644 central-ejb/src/main/java/uy/edu/fing/tse/central/business/security/SecurityRemote.java
diff --git a/backoffice/src/main/java/uy/edu/fing/tse/jsf/UserLoginBean.java b/backoffice/src/main/java/uy/edu/fing/tse/jsf/UserLoginBean.java
index 6ffbd0f..92d6fe2 100644
--- a/backoffice/src/main/java/uy/edu/fing/tse/jsf/UserLoginBean.java
+++ b/backoffice/src/main/java/uy/edu/fing/tse/jsf/UserLoginBean.java
@@ -1,5 +1,11 @@
package uy.edu.fing.tse.jsf;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import uy.edu.fing.tse.central.business.security.SecurityLocal;
+import uy.edu.fing.tse.dto.UserBO;
+
+import javax.ejb.EJB;
import javax.enterprise.context.RequestScoped;
import javax.inject.Named;
import java.io.Serializable;
@@ -10,24 +16,15 @@ public class UserLoginBean implements Serializable {
private static final long serialVersionUID = -7674319505640122631L;
- private String username;
- private String password;
- private String repassword;
+ private static final Logger LOG = LoggerFactory.getLogger(UserLoginBean.class);
+ @EJB
+ private SecurityLocal securityLocal;
- public String getUsername() {
- return username;
- }
-
- public void setUsername(String username) {
- this.username = username;
- }
-
- public String getPassword() {
- return password;
- }
+ final UserBO user = new UserBO();
+ private String repassword;
- public void setPassword(String password) {
- this.password = password;
+ public UserBO getUser() {
+ return user;
}
public String getRepassword() {
@@ -40,11 +37,13 @@ public class UserLoginBean implements Serializable {
public void login() {
- //aca va el login
+
+ final var s = securityLocal.login(user);
+ LOG.info(s);
}
public void register() {
- //aca va el register
+ final var s = securityLocal.register(user);
}
}
diff --git a/backoffice/src/main/webapp/jsf/login.xhtml b/backoffice/src/main/webapp/jsf/login.xhtml
index 13dd09f..02c8eb5 100644
--- a/backoffice/src/main/webapp/jsf/login.xhtml
+++ b/backoffice/src/main/webapp/jsf/login.xhtml
@@ -14,14 +14,14 @@
<h:panelGrid columns="2" cellpadding="5" id="form">
<h:outputLabel for="username" value="Username:"/>
- <p:inputText id="username" value="#{userLoginView.username}" required="true" label="username"/>
+ <p:inputText id="username" value="#{userLoginView.user.mail}" required="true" label="username"/>
<h:outputLabel for="password" value="Password:"/>
- <p:password id="password" value="#{userLoginView.password}" required="true" label="password"/>
+ <p:password id="password" value="#{userLoginView.user.password}" required="true" label="password"/>
<f:facet name="footer">
<p:commandButton value="Register" action="register.xhmtl?faces-redirect=true" update="form"/>
- <p:commandButton value="Login" action="#{userLoginView.login}"/>
+ <p:commandButton value="Login" action="#{userLoginView.login()}"/>
</f:facet>
</h:panelGrid>
</h:form>
diff --git a/backoffice/src/main/webapp/jsf/register.xhtml b/backoffice/src/main/webapp/jsf/register.xhtml
index 55964be..67596c6 100644
--- a/backoffice/src/main/webapp/jsf/register.xhtml
+++ b/backoffice/src/main/webapp/jsf/register.xhtml
@@ -14,16 +14,16 @@
<h:panelGrid columns="2" cellpadding="5" id="form">
<h:outputLabel for="username" value="Username:"/>
- <p:inputText id="username" value="#{userLoginView.username}" required="true" label="username"/>
+ <p:inputText id="username" value="#{userLoginView.user.mail}" required="true" label="username"/>
<h:outputLabel for="password" value="Password:"/>
- <p:password id="password" value="#{userLoginView.password}" required="true" label="password"/>
+ <p:password id="password" value="#{userLoginView.user.password}" required="true" label="password"/>
<h:outputLabel for="repassword" value="RePassword:"/>
<p:password id="repassword" value="#{userLoginView.repassword}" required="true" label="repassword"/>
<f:facet name="footer">
- <p:commandButton value="Register" action="#{userLoginView.register}"/>
+ <p:commandButton value="Register" action="#{userLoginView.register()}"/>
</f:facet>
</h:panelGrid>
</h:form>
diff --git a/central-db/src/main/java/uy/edu/fing/tse/central/db/dao/user/UserDAOBean.java b/central-db/src/main/java/uy/edu/fing/tse/central/db/dao/user/UserDAOBean.java
new file mode 100644
index 0000000..fb1b5e1
--- /dev/null
+++ b/central-db/src/main/java/uy/edu/fing/tse/central/db/dao/user/UserDAOBean.java
@@ -0,0 +1,51 @@
+package uy.edu.fing.tse.central.db.dao.user;
+
+import uy.edu.fing.tse.central.db.entity.Usuario;
+import uy.edu.fing.tse.central.db.mapper.MyMapper;
+import uy.edu.fing.tse.dto.User;
+
+import javax.annotation.PostConstruct;
+import javax.ejb.Stateless;
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
+import java.util.List;
+import java.util.stream.Collectors;
+
+@Stateless
+public class UserDAOBean implements UserDaoLocal {
+
+ @PersistenceContext(unitName = "central")
+ private EntityManager em;
+
+ @PostConstruct
+ void init() {
+ //Despues del constructor hace esto
+ }
+
+
+ @Override
+ public void register(User user) {
+
+ final var newUser = MyMapper.INSTANCE.convert(user);
+ em.persist(newUser);
+ em.flush();
+
+ }
+
+ @Override
+ public User find(String mail) {
+ final var query = em.createNamedQuery("Usuario.findByMail", Usuario.class);
+ query.setParameter("mail", mail);
+ final Usuario usuario = query.getSingleResult();
+ return MyMapper.INSTANCE.convert(usuario);
+ }
+
+ @Override
+ public List<User> findAll() {
+ final var query = em.createNamedQuery("Usuario.findAll", Usuario.class);
+ final List<Usuario> usuarios = query.getResultList();
+
+ return usuarios.stream().map(MyMapper.INSTANCE::convert).collect(Collectors.toList());
+ }
+
+}
diff --git a/central-db/src/main/java/uy/edu/fing/tse/central/db/dao/user/UserDaoLocal.java b/central-db/src/main/java/uy/edu/fing/tse/central/db/dao/user/UserDaoLocal.java
new file mode 100644
index 0000000..0849cb6
--- /dev/null
+++ b/central-db/src/main/java/uy/edu/fing/tse/central/db/dao/user/UserDaoLocal.java
@@ -0,0 +1,16 @@
+package uy.edu.fing.tse.central.db.dao.user;
+
+import uy.edu.fing.tse.dto.User;
+
+import javax.ejb.Local;
+import java.util.List;
+
+@Local
+public interface UserDaoLocal {
+
+ void register(User user);
+
+ User find(String mail);
+
+ List<User> findAll();
+}
diff --git a/central-db/src/main/java/uy/edu/fing/tse/central/db/entity/Usuario.java b/central-db/src/main/java/uy/edu/fing/tse/central/db/entity/Usuario.java
index 59f512c..81b41ee 100644
--- a/central-db/src/main/java/uy/edu/fing/tse/central/db/entity/Usuario.java
+++ b/central-db/src/main/java/uy/edu/fing/tse/central/db/entity/Usuario.java
@@ -4,7 +4,12 @@ import javax.persistence.*;
@Entity
@Inheritance(strategy = InheritanceType.TABLE_PER_CLASS)
+@NamedQueries({
+ @NamedQuery(name = "Usuario.findByMail", query = "SELECT u FROM Usuario u WHERE u.mail = :mail"),
+ @NamedQuery(name = "Usuario.findAll", query = "SELECT u FROM Usuario u")
+})
public abstract class Usuario {
+
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private Long id;
diff --git a/central-db/src/main/java/uy/edu/fing/tse/central/db/entity/UsuarioBO.java b/central-db/src/main/java/uy/edu/fing/tse/central/db/entity/UsuarioBO.java
index 6d7cbb0..b0126c1 100644
--- a/central-db/src/main/java/uy/edu/fing/tse/central/db/entity/UsuarioBO.java
+++ b/central-db/src/main/java/uy/edu/fing/tse/central/db/entity/UsuarioBO.java
@@ -3,13 +3,12 @@ package uy.edu.fing.tse.central.db.entity;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.ManyToOne;
-import java.util.UUID;
@Entity
public class UsuarioBO extends Usuario {
@Column(nullable = false)
- private String salt = UUID.randomUUID().toString();
+ private String salt;
@Column(nullable = false)
private String password;
@@ -21,6 +20,10 @@ public class UsuarioBO extends Usuario {
return salt;
}
+ public void setSalt(String salt) {
+ this.salt = salt;
+ }
+
public String getPassword() {
return password;
}
diff --git a/central-ejb/pom.xml b/central-ejb/pom.xml
index 91f5fc6..0af5d6c 100644
--- a/central-ejb/pom.xml
+++ b/central-ejb/pom.xml
@@ -54,6 +54,12 @@
<artifactId>javax.annotation-api</artifactId>
</dependency>
+ <dependency>
+ <groupId>at.favre.lib</groupId>
+ <artifactId>bcrypt</artifactId>
+ <version>0.8.0</version>
+ </dependency>
+
<!-- Test scope dependencies -->
<dependency>
<groupId>junit</groupId>
diff --git a/central-ejb/src/main/java/uy/edu/fing/tse/central/business/common/Secure.java b/central-ejb/src/main/java/uy/edu/fing/tse/central/business/common/Secure.java
new file mode 100644
index 0000000..b003721
--- /dev/null
+++ b/central-ejb/src/main/java/uy/edu/fing/tse/central/business/common/Secure.java
@@ -0,0 +1,56 @@
+package uy.edu.fing.tse.central.business.common;
+
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.util.Base64;
+
+public final class Secure {
+ private static final Charset CHARSET = StandardCharsets.UTF_8;
+
+ private Secure() {
+ }
+
+ public static String generateSalt() {
+ final SecureRandom random = new SecureRandom();
+ final byte[] salt = new byte[16];
+ random.nextBytes(salt);
+
+ return new String(Base64.getEncoder().encode(salt), CHARSET);
+ }
+
+
+ public static String encriptSHA(final String pass, final String salt) {
+ try {
+ MessageDigest md = MessageDigest.getInstance("SHA-512");
+ md.update(salt.getBytes(CHARSET));
+
+ byte[] hashedPassword = md.digest(pass.getBytes(CHARSET));
+ return new String(Base64.getEncoder().encode(hashedPassword), CHARSET);
+ } catch (NoSuchAlgorithmException e) {
+ e.printStackTrace();
+ }
+ return null;
+ }
+
+ public static String encriptPBKDF(final String pass, final String salt) {
+ try {
+ KeySpec spec = new PBEKeySpec(pass.toCharArray(), salt.getBytes(CHARSET), 65536, 128);
+ SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
+
+ byte[] hashedPassword = factory.generateSecret(spec).getEncoded();
+ return new String(Base64.getEncoder().encode(hashedPassword), CHARSET);
+ } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
+ e.printStackTrace();
+ }
+ return null;
+ }
+
+
+}
diff --git a/central-ejb/src/main/java/uy/edu/fing/tse/central/business/mq/RabbitConfig.java b/central-ejb/src/main/java/uy/edu/fing/tse/central/business/mq/RabbitConfig.java
index 222443f..f69dc7c 100644
--- a/central-ejb/src/main/java/uy/edu/fing/tse/central/business/mq/RabbitConfig.java
+++ b/central-ejb/src/main/java/uy/edu/fing/tse/central/business/mq/RabbitConfig.java
@@ -39,4 +39,5 @@ final class RabbitConfig {
return factory;
}
+
}
diff --git a/central-ejb/src/main/java/uy/edu/fing/tse/central/business/security/Security.java b/central-ejb/src/main/java/uy/edu/fing/tse/central/business/security/Security.java
new file mode 100644
index 0000000..873570c
--- /dev/null
+++ b/central-ejb/src/main/java/uy/edu/fing/tse/central/business/security/Security.java
@@ -0,0 +1,14 @@
+package uy.edu.fing.tse.central.business.security;
+
+
+import uy.edu.fing.tse.dto.User;
+import uy.edu.fing.tse.dto.UserBO;
+
+public interface Security {
+
+ User register(UserBO p);
+
+ String login(UserBO p);
+
+}
+
diff --git a/central-ejb/src/main/java/uy/edu/fing/tse/central/business/security/SecurityBean.java b/central-ejb/src/main/java/uy/edu/fing/tse/central/business/security/SecurityBean.java
new file mode 100644
index 0000000..5d835dc
--- /dev/null
+++ b/central-ejb/src/main/java/uy/edu/fing/tse/central/business/security/SecurityBean.java
@@ -0,0 +1,52 @@
+package uy.edu.fing.tse.central.business.security;
+
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import uy.edu.fing.tse.central.business.common.Secure;
+import uy.edu.fing.tse.central.db.dao.user.UserDaoLocal;
+import uy.edu.fing.tse.dto.User;
+import uy.edu.fing.tse.dto.UserBO;
+
+import javax.annotation.PostConstruct;
+import javax.ejb.EJB;
+import javax.ejb.Stateless;
+import java.util.Objects;
+
+@Stateless
+public class SecurityBean implements SecurityLocal, SecurityRemote {
+
+ private static final Logger LOG = LoggerFactory.getLogger(Security.class);
+
+ @EJB
+ private UserDaoLocal dao;
+
+ @PostConstruct
+ void init() {
+ //Despues Hace esto
+ }
+
+ @Override
+ public User register(UserBO p) {
+ final var salt = Secure.generateSalt();
+ p.setSalt(salt);
+ final var newPassword = Secure.encriptPBKDF(p.getPassword(), salt);
+ p.setPassword(newPassword);
+ dao.register(p);
+ return dao.find(p.getMail());
+ }
+
+ @Override
+ public String login(UserBO p) {
+ //Valido la password
+ final var user = (UserBO) dao.find(p.getMail());
+ final var salt = user.getSalt();
+ final var thisPassword = Secure.encriptPBKDF(p.getPassword(), salt);
+
+ if (Objects.equals(thisPassword, user.getPassword())) {
+ return thisPassword;
+ }
+ return null;
+ }
+
+}
diff --git a/central-ejb/src/main/java/uy/edu/fing/tse/central/business/security/SecurityLocal.java b/central-ejb/src/main/java/uy/edu/fing/tse/central/business/security/SecurityLocal.java
new file mode 100644
index 0000000..fab0b6a
--- /dev/null
+++ b/central-ejb/src/main/java/uy/edu/fing/tse/central/business/security/SecurityLocal.java
@@ -0,0 +1,7 @@
+package uy.edu.fing.tse.central.business.security;
+
+import javax.ejb.Local;
+
+@Local
+public interface SecurityLocal extends Security {
+}
diff --git a/central-ejb/src/main/java/uy/edu/fing/tse/central/business/security/SecurityRemote.java b/central-ejb/src/main/java/uy/edu/fing/tse/central/business/security/SecurityRemote.java
new file mode 100644
index 0000000..b001861
--- /dev/null
+++ b/central-ejb/src/main/java/uy/edu/fing/tse/central/business/security/SecurityRemote.java
@@ -0,0 +1,5 @@
+package uy.edu.fing.tse.central.business.security;
+
+//@Remote
+public interface SecurityRemote extends Security {
+}
--
GitLab