comparison: src/java/de/uapcore/lightpit/DatabaseFacade.java
src/java/de/uapcore/lightpit/DatabaseFacade.java
- changeset 16
- 4e0998805276
- child 19
- 1a0ac419f714
equal
deleted
inserted
replaced
| 15:bb594abac796 | 16:4e0998805276 |
|---|---|
| 1 /* | |
| 2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. | |
| 3 * | |
| 4 * Copyright 2017 Mike Becker. All rights reserved. | |
| 5 * | |
| 6 * Redistribution and use in source and binary forms, with or without | |
| 7 * modification, are permitted provided that the following conditions are met: | |
| 8 * | |
| 9 * 1. Redistributions of source code must retain the above copyright | |
| 10 * notice, this list of conditions and the following disclaimer. | |
| 11 * | |
| 12 * 2. Redistributions in binary form must reproduce the above copyright | |
| 13 * notice, this list of conditions and the following disclaimer in the | |
| 14 * documentation and/or other materials provided with the distribution. | |
| 15 * | |
| 16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | |
| 17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
| 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
| 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE | |
| 20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
| 21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
| 22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
| 23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
| 24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
| 25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
| 26 * POSSIBILITY OF SUCH DAMAGE. | |
| 27 * | |
| 28 */ | |
| 29 package de.uapcore.lightpit; | |
| 30 | |
| 31 import java.sql.Connection; | |
| 32 import java.sql.DatabaseMetaData; | |
| 33 import java.sql.SQLException; | |
| 34 import java.util.Optional; | |
| 35 import javax.naming.Context; | |
| 36 import javax.naming.InitialContext; | |
| 37 import javax.naming.NamingException; | |
| 38 import javax.servlet.ServletContext; | |
| 39 import javax.servlet.ServletContextEvent; | |
| 40 import javax.servlet.ServletContextListener; | |
| 41 import javax.servlet.annotation.WebListener; | |
| 42 import javax.sql.DataSource; | |
| 43 import org.slf4j.Logger; | |
| 44 import org.slf4j.LoggerFactory; | |
| 45 | |
| 46 /** | |
| 47 * Provides access to different privilege layers within the database. | |
| 48 */ | |
| 49 @WebListener | |
| 50 public final class DatabaseFacade implements ServletContextListener { | |
| 51 | |
| 52 private static final Logger LOG = LoggerFactory.getLogger(DatabaseFacade.class); | |
| 53 | |
| 54 /** | |
| 55 * Timeout in seconds for the validation test. | |
| 56 */ | |
| 57 private static final int DB_TEST_TIMEOUT = 10; | |
| 58 | |
| 59 /** | |
| 60 * The default schema to test against when validating the connection. | |
| 61 * | |
| 62 * May be overridden by context parameter. | |
| 63 */ | |
| 64 private static final String DB_DEFAULT_SCHEMA = "lightpit"; | |
| 65 | |
| 66 /** | |
| 67 * The attribute name in the servlet context under which an instance of this class can be found. | |
| 68 */ | |
| 69 public static final String SC_ATTR_NAME = DatabaseFacade.class.getName(); | |
| 70 private ServletContext sc; | |
| 71 | |
| 72 private static final String PRIVILEGED_DS_JNDI_NAME = "jdbc/lightpit/dbo"; | |
| 73 private Optional<DataSource> privilegedDataSource; | |
| 74 | |
| 75 private static final String UNPRIVILEGED_DS_JNDI_NAME = "jdbc/lightpit/app"; | |
| 76 private Optional<DataSource> unprivilegedDataSource; | |
| 77 | |
| 78 | |
| 79 /** | |
| 80 * Returns an optional privileged data source. | |
| 81 * | |
| 82 * Privileged data sources should be able to execute any kind of DDL | |
| 83 * statements to perform installation or configuration steps. | |
| 84 * | |
| 85 * This optional should always be empty in live operation. Modules which | |
| 86 * provide installation or configuration steps MUST check the presence of | |
| 87 * a privileged data source and SHOULD display an informative message if | |
| 88 * it is currently disabled. | |
| 89 * | |
| 90 * @return an optional privileged data source | |
| 91 */ | |
| 92 public Optional<DataSource> getPrivilegedDataSource() { | |
| 93 return privilegedDataSource; | |
| 94 } | |
| 95 | |
| 96 /** | |
| 97 * Returns an optional unprivileged data source. | |
| 98 * | |
| 99 * The Optional returned should never be empty. However, if something goes | |
| 100 * wrong during initialization, the data source might be absent. | |
| 101 * Hence, users of this data source are forced to check the existence. | |
| 102 * | |
| 103 * @return an optional unprivileged data source | |
| 104 */ | |
| 105 public Optional<DataSource> getUnprivilegedDataSource() { | |
| 106 return unprivilegedDataSource; | |
| 107 } | |
| 108 | |
| 109 /** | |
| 110 * Returns the JNDI resource name of the privileged data source. | |
| 111 * | |
| 112 * Modules may use this information to provide useful information to the user. | |
| 113 * | |
| 114 * @return the JNDI resource name of the privileged data source | |
| 115 */ | |
| 116 public String getPrivilegedDataSourceJNDIName() { | |
| 117 return PRIVILEGED_DS_JNDI_NAME; | |
| 118 } | |
| 119 | |
| 120 /** | |
| 121 * Returns the JNDI resource name of the unprivileged data source. | |
| 122 * | |
| 123 * Modules may use this information to provide useful information to the user. | |
| 124 * | |
| 125 * @return the JNDI resource name of the unprivileged data source | |
| 126 */ | |
| 127 public String getUnprivilegedDataSourceJNDIName() { | |
| 128 return UNPRIVILEGED_DS_JNDI_NAME; | |
| 129 } | |
| 130 | |
| 131 private static void checkConnection(DataSource ds, String testSchema, String errMsg) { | |
| 132 try (Connection conn = ds.getConnection()) { | |
| 133 if (!conn.isValid(DB_TEST_TIMEOUT)) { | |
| 134 throw new SQLException("Validation check failed."); | |
| 135 } | |
| 136 if (conn.isReadOnly()) { | |
| 137 throw new SQLException("Connection is read-only and thus unusable."); | |
| 138 } | |
| 139 if (!conn.getSchema().equals(testSchema)) { | |
| 140 throw new SQLException(String.format("Connection is not configured to use the schema %s.", testSchema)); | |
| 141 } | |
| 142 DatabaseMetaData metaData = conn.getMetaData(); | |
| 143 LOG.info("Connections as {} to {}/{} ready to go.", metaData.getUserName(), metaData.getURL(), conn.getSchema()); | |
| 144 } catch (SQLException ex) { | |
| 145 LOG.error(errMsg, ex); | |
| 146 } | |
| 147 } | |
| 148 | |
| 149 private static Optional<DataSource> retrievePrivilegedDataSource(Context ctx) { | |
| 150 DataSource ret = null; | |
| 151 try { | |
| 152 ret = (DataSource)ctx.lookup(PRIVILEGED_DS_JNDI_NAME); | |
| 153 LOG.info("Privileged data source {} retrieved from context.", PRIVILEGED_DS_JNDI_NAME); | |
| 154 LOG.warn("Your application may be vulnerable due to privileged database access. Make sure that privileged data sources are only available during installation or configuration."); | |
| 155 } catch (NamingException ex) { | |
| 156 LOG.info("Privileged data source not available. This is perfectly OK. Activate only, if you need to do installation or configuration."); | |
| 157 /* in case the absence of the DataSource is not intended, log something more useful on debug level */ | |
| 158 LOG.debug("Reason for the missing data source: ", ex); | |
| 159 } | |
| 160 return Optional.ofNullable(ret); | |
| 161 } | |
| 162 | |
| 163 private static Optional<DataSource> retrieveUnprivilegedDataSource(Context ctx) { | |
| 164 DataSource ret = null; | |
| 165 try { | |
| 166 ret = (DataSource)ctx.lookup(UNPRIVILEGED_DS_JNDI_NAME); | |
| 167 LOG.info("Unprivileged data source retrieved."); | |
| 168 } catch (NamingException ex) { | |
| 169 LOG.error("Unprivileged data source {} not available.", UNPRIVILEGED_DS_JNDI_NAME); | |
| 170 /* for the unprivileged DataSource log the exception on error level (ordinary admins could find this useful) */ | |
| 171 LOG.error("Reason for the missing data source: ", ex); | |
| 172 } | |
| 173 return Optional.ofNullable(ret); | |
| 174 } | |
| 175 | |
| 176 @Override | |
| 177 public void contextInitialized(ServletContextEvent sce) { | |
| 178 sc = sce.getServletContext(); | |
| 179 | |
| 180 privilegedDataSource = unprivilegedDataSource = null; | |
| 181 | |
| 182 final String contextName = Optional | |
| 183 .ofNullable(sc.getInitParameter(Constants.CTX_ATTR_JNDI_CONTEXT)) | |
| 184 .orElse("java:comp/env"); | |
| 185 final String dbSchema = Optional | |
| 186 .ofNullable(sc.getInitParameter(Constants.CTX_ATTR_DB_SCHEMA)) | |
| 187 .orElse(DB_DEFAULT_SCHEMA); | |
| 188 | |
| 189 try { | |
| 190 LOG.debug("Trying to access JNDI context {}...", contextName); | |
| 191 Context initialCtx = new InitialContext(); | |
| 192 Context ctx = (Context) initialCtx.lookup(contextName); | |
| 193 | |
| 194 privilegedDataSource = retrievePrivilegedDataSource(ctx); | |
| 195 unprivilegedDataSource = retrieveUnprivilegedDataSource(ctx); | |
| 196 | |
| 197 privilegedDataSource.ifPresent((ds) -> checkConnection(ds, dbSchema, "Checking privileged connection failed")); | |
| 198 unprivilegedDataSource.ifPresent((ds) -> checkConnection(ds, dbSchema, "Checking unprivileged connection failed")); | |
| 199 } catch (NamingException | ClassCastException ex) { | |
| 200 LOG.error("Cannot access JNDI resources.", ex); | |
| 201 } | |
| 202 | |
| 203 sc.setAttribute(SC_ATTR_NAME, this); | |
| 204 LOG.info("Database facade injected into ServletContext."); | |
| 205 } | |
| 206 | |
| 207 @Override | |
| 208 public void contextDestroyed(ServletContextEvent sce) { | |
| 209 privilegedDataSource = unprivilegedDataSource = null; | |
| 210 } | |
| 211 } |
