LightPIT: src/java/de/uapcore/lightpit/DatabaseFacade.java@a94b172c3a93 (annotated)

src/java/de/uapcore/lightpit/DatabaseFacade.java@a94b172c3a93 (annotated)

src/java/de/uapcore/lightpit/DatabaseFacade.java

Sun, 31 Dec 2017 17:43:39 +0100

author: Mike Becker <universe@uap-core.de>
date: Sun, 31 Dec 2017 17:43:39 +0100
changeset 18: a94b172c3a93
parent 16: 4e0998805276
child 19: 1a0ac419f714
permissions: -rw-r--r--

user friendly error pages for codes 404, 403 and 500

 /*
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
  *
  * Copyright 2017 Mike Becker. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
  *   1. Redistributions of source code must retain the above copyright
  *      notice, this list of conditions and the following disclaimer.
  *
  *   2. Redistributions in binary form must reproduce the above copyright
  *      notice, this list of conditions and the following disclaimer in the
  *      documentation and/or other materials provided with the distribution.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
  */
 package de.uapcore.lightpit;
 import java.sql.Connection;
 import java.sql.DatabaseMetaData;
 import java.sql.SQLException;
 import java.util.Optional;
 import javax.naming.Context;
 import javax.naming.InitialContext;
 import javax.naming.NamingException;
 import javax.servlet.ServletContext;
 import javax.servlet.ServletContextEvent;
 import javax.servlet.ServletContextListener;
 import javax.servlet.annotation.WebListener;
 import javax.sql.DataSource;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 /**
  * Provides access to different privilege layers within the database.
  */
 @WebListener
 public final class DatabaseFacade implements ServletContextListener {
     private static final Logger LOG = LoggerFactory.getLogger(DatabaseFacade.class);
     /**
      * Timeout in seconds for the validation test.
      */
     private static final int DB_TEST_TIMEOUT = 10;
     /**
      * The default schema to test against when validating the connection.
      *
      * May be overridden by context parameter.
      */
     private static final String DB_DEFAULT_SCHEMA = "lightpit";
     /**
      * The attribute name in the servlet context under which an instance of this class can be found.
      */
     public static final String SC_ATTR_NAME = DatabaseFacade.class.getName();
     private ServletContext sc;
     private static final String PRIVILEGED_DS_JNDI_NAME = "jdbc/lightpit/dbo";
     private Optional<DataSource> privilegedDataSource;
     private static final String UNPRIVILEGED_DS_JNDI_NAME = "jdbc/lightpit/app";
     private Optional<DataSource> unprivilegedDataSource;
     /**
      * Returns an optional privileged data source.
      *
      * Privileged data sources should be able to execute any kind of DDL
      * statements to perform installation or configuration steps.
      *
      * This optional should always be empty in live operation. Modules which
      * provide installation or configuration steps MUST check the presence of
      * a privileged data source and SHOULD display an informative message if
      * it is currently disabled.
      *
      * @return an optional privileged data source
      */
     public Optional<DataSource> getPrivilegedDataSource() {
         return privilegedDataSource;
     }
     /**
      * Returns an optional unprivileged data source.
      *
      * The Optional returned should never be empty. However, if something goes
      * wrong during initialization, the data source might be absent.
      * Hence, users of this data source are forced to check the existence.
      *
      * @return an optional unprivileged data source
      */
     public Optional<DataSource> getUnprivilegedDataSource() {
         return unprivilegedDataSource;
     }
     /**
      * Returns the JNDI resource name of the privileged data source.
      *
      * Modules may use this information to provide useful information to the user.
      *
      * @return the JNDI resource name of the privileged data source
      */
     public String getPrivilegedDataSourceJNDIName() {
         return PRIVILEGED_DS_JNDI_NAME;
     }
     /**
      * Returns the JNDI resource name of the unprivileged data source.
      *
      * Modules may use this information to provide useful information to the user.
      *
      * @return the JNDI resource name of the unprivileged data source
      */
     public String getUnprivilegedDataSourceJNDIName() {
         return UNPRIVILEGED_DS_JNDI_NAME;
     }
     private static void checkConnection(DataSource ds, String testSchema, String errMsg) {
         try (Connection conn = ds.getConnection()) {
             if (!conn.isValid(DB_TEST_TIMEOUT)) {
                 throw new SQLException("Validation check failed.");
             }
             if (conn.isReadOnly()) {
                 throw new SQLException("Connection is read-only and thus unusable.");
             }
             if (!conn.getSchema().equals(testSchema)) {
                 throw new SQLException(String.format("Connection is not configured to use the schema %s.", testSchema));
             }
             DatabaseMetaData metaData = conn.getMetaData();
             LOG.info("Connections as {} to {}/{} ready to go.", metaData.getUserName(), metaData.getURL(), conn.getSchema());
         } catch (SQLException ex) {
             LOG.error(errMsg, ex);
         }
     }
     private static Optional<DataSource> retrievePrivilegedDataSource(Context ctx) {
         DataSource ret = null;
         try {
             ret = (DataSource)ctx.lookup(PRIVILEGED_DS_JNDI_NAME);
             LOG.info("Privileged data source {} retrieved from context.", PRIVILEGED_DS_JNDI_NAME);
             LOG.warn("Your application may be vulnerable due to privileged database access. Make sure that privileged data sources are only available during installation or configuration.");
         } catch (NamingException ex) {
             LOG.info("Privileged data source not available. This is perfectly OK. Activate only, if you need to do installation or configuration.");
             /* in case the absence of the DataSource is not intended, log something more useful on debug level */
             LOG.debug("Reason for the missing data source: ", ex);
         }
         return Optional.ofNullable(ret);
     }
     private static Optional<DataSource> retrieveUnprivilegedDataSource(Context ctx) {
         DataSource ret = null;
         try {
             ret = (DataSource)ctx.lookup(UNPRIVILEGED_DS_JNDI_NAME);
             LOG.info("Unprivileged data source retrieved.");
         } catch (NamingException ex) {
             LOG.error("Unprivileged data source {} not available.", UNPRIVILEGED_DS_JNDI_NAME);
             /* for the unprivileged DataSource log the exception on error level (ordinary admins could find this useful) */
             LOG.error("Reason for the missing data source: ", ex);
         }
         return Optional.ofNullable(ret);
     }
     @Override
     public void contextInitialized(ServletContextEvent sce) {
         sc = sce.getServletContext();
         privilegedDataSource = unprivilegedDataSource = null;
         final String contextName = Optional
                 .ofNullable(sc.getInitParameter(Constants.CTX_ATTR_JNDI_CONTEXT))
                 .orElse("java:comp/env");
         final String dbSchema = Optional
                 .ofNullable(sc.getInitParameter(Constants.CTX_ATTR_DB_SCHEMA))
                 .orElse(DB_DEFAULT_SCHEMA);
         try {
             LOG.debug("Trying to access JNDI context {}...", contextName);
             Context initialCtx = new InitialContext();
             Context ctx = (Context) initialCtx.lookup(contextName);
             privilegedDataSource = retrievePrivilegedDataSource(ctx);
             unprivilegedDataSource = retrieveUnprivilegedDataSource(ctx);
             privilegedDataSource.ifPresent((ds) -> checkConnection(ds, dbSchema, "Checking privileged connection failed"));
             unprivilegedDataSource.ifPresent((ds) -> checkConnection(ds, dbSchema, "Checking unprivileged connection failed"));
         } catch (NamingException | ClassCastException ex) {
             LOG.error("Cannot access JNDI resources.", ex);
         }
         sc.setAttribute(SC_ATTR_NAME, this);
         LOG.info("Database facade injected into ServletContext.");
     }
     @Override
     public void contextDestroyed(ServletContextEvent sce) {
         privilegedDataSource = unprivilegedDataSource = null;
     }
 }

Mercurial > hg > LightPIT / annotate

src/java/de/uapcore/lightpit/DatabaseFacade.java@a94b172c3a93 (annotated)

src/java/de/uapcore/lightpit/DatabaseFacade.java