src/java/de/uapcore/lightpit/DatabaseFacade.java@a94b172c3a93
src/java/de/uapcore/lightpit/DatabaseFacade.java
Sun, 31 Dec 2017 17:43:39 +0100
- author
- Mike Becker <universe@uap-core.de>
- date
- Sun, 31 Dec 2017 17:43:39 +0100
- changeset 18
- a94b172c3a93
- parent 16
- 4e0998805276
- child 19
- 1a0ac419f714
- permissions
- -rw-r--r--
user friendly error pages for codes 404, 403 and 500
1 /*
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
3 *
4 * Copyright 2017 Mike Becker. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26 * POSSIBILITY OF SUCH DAMAGE.
27 *
28 */
29 package de.uapcore.lightpit;
31 import java.sql.Connection;
32 import java.sql.DatabaseMetaData;
33 import java.sql.SQLException;
34 import java.util.Optional;
35 import javax.naming.Context;
36 import javax.naming.InitialContext;
37 import javax.naming.NamingException;
38 import javax.servlet.ServletContext;
39 import javax.servlet.ServletContextEvent;
40 import javax.servlet.ServletContextListener;
41 import javax.servlet.annotation.WebListener;
42 import javax.sql.DataSource;
43 import org.slf4j.Logger;
44 import org.slf4j.LoggerFactory;
46 /**
47 * Provides access to different privilege layers within the database.
48 */
49 @WebListener
50 public final class DatabaseFacade implements ServletContextListener {
52 private static final Logger LOG = LoggerFactory.getLogger(DatabaseFacade.class);
54 /**
55 * Timeout in seconds for the validation test.
56 */
57 private static final int DB_TEST_TIMEOUT = 10;
59 /**
60 * The default schema to test against when validating the connection.
61 *
62 * May be overridden by context parameter.
63 */
64 private static final String DB_DEFAULT_SCHEMA = "lightpit";
66 /**
67 * The attribute name in the servlet context under which an instance of this class can be found.
68 */
69 public static final String SC_ATTR_NAME = DatabaseFacade.class.getName();
70 private ServletContext sc;
72 private static final String PRIVILEGED_DS_JNDI_NAME = "jdbc/lightpit/dbo";
73 private Optional<DataSource> privilegedDataSource;
75 private static final String UNPRIVILEGED_DS_JNDI_NAME = "jdbc/lightpit/app";
76 private Optional<DataSource> unprivilegedDataSource;
79 /**
80 * Returns an optional privileged data source.
81 *
82 * Privileged data sources should be able to execute any kind of DDL
83 * statements to perform installation or configuration steps.
84 *
85 * This optional should always be empty in live operation. Modules which
86 * provide installation or configuration steps MUST check the presence of
87 * a privileged data source and SHOULD display an informative message if
88 * it is currently disabled.
89 *
90 * @return an optional privileged data source
91 */
92 public Optional<DataSource> getPrivilegedDataSource() {
93 return privilegedDataSource;
94 }
96 /**
97 * Returns an optional unprivileged data source.
98 *
99 * The Optional returned should never be empty. However, if something goes
100 * wrong during initialization, the data source might be absent.
101 * Hence, users of this data source are forced to check the existence.
102 *
103 * @return an optional unprivileged data source
104 */
105 public Optional<DataSource> getUnprivilegedDataSource() {
106 return unprivilegedDataSource;
107 }
109 /**
110 * Returns the JNDI resource name of the privileged data source.
111 *
112 * Modules may use this information to provide useful information to the user.
113 *
114 * @return the JNDI resource name of the privileged data source
115 */
116 public String getPrivilegedDataSourceJNDIName() {
117 return PRIVILEGED_DS_JNDI_NAME;
118 }
120 /**
121 * Returns the JNDI resource name of the unprivileged data source.
122 *
123 * Modules may use this information to provide useful information to the user.
124 *
125 * @return the JNDI resource name of the unprivileged data source
126 */
127 public String getUnprivilegedDataSourceJNDIName() {
128 return UNPRIVILEGED_DS_JNDI_NAME;
129 }
131 private static void checkConnection(DataSource ds, String testSchema, String errMsg) {
132 try (Connection conn = ds.getConnection()) {
133 if (!conn.isValid(DB_TEST_TIMEOUT)) {
134 throw new SQLException("Validation check failed.");
135 }
136 if (conn.isReadOnly()) {
137 throw new SQLException("Connection is read-only and thus unusable.");
138 }
139 if (!conn.getSchema().equals(testSchema)) {
140 throw new SQLException(String.format("Connection is not configured to use the schema %s.", testSchema));
141 }
142 DatabaseMetaData metaData = conn.getMetaData();
143 LOG.info("Connections as {} to {}/{} ready to go.", metaData.getUserName(), metaData.getURL(), conn.getSchema());
144 } catch (SQLException ex) {
145 LOG.error(errMsg, ex);
146 }
147 }
149 private static Optional<DataSource> retrievePrivilegedDataSource(Context ctx) {
150 DataSource ret = null;
151 try {
152 ret = (DataSource)ctx.lookup(PRIVILEGED_DS_JNDI_NAME);
153 LOG.info("Privileged data source {} retrieved from context.", PRIVILEGED_DS_JNDI_NAME);
154 LOG.warn("Your application may be vulnerable due to privileged database access. Make sure that privileged data sources are only available during installation or configuration.");
155 } catch (NamingException ex) {
156 LOG.info("Privileged data source not available. This is perfectly OK. Activate only, if you need to do installation or configuration.");
157 /* in case the absence of the DataSource is not intended, log something more useful on debug level */
158 LOG.debug("Reason for the missing data source: ", ex);
159 }
160 return Optional.ofNullable(ret);
161 }
163 private static Optional<DataSource> retrieveUnprivilegedDataSource(Context ctx) {
164 DataSource ret = null;
165 try {
166 ret = (DataSource)ctx.lookup(UNPRIVILEGED_DS_JNDI_NAME);
167 LOG.info("Unprivileged data source retrieved.");
168 } catch (NamingException ex) {
169 LOG.error("Unprivileged data source {} not available.", UNPRIVILEGED_DS_JNDI_NAME);
170 /* for the unprivileged DataSource log the exception on error level (ordinary admins could find this useful) */
171 LOG.error("Reason for the missing data source: ", ex);
172 }
173 return Optional.ofNullable(ret);
174 }
176 @Override
177 public void contextInitialized(ServletContextEvent sce) {
178 sc = sce.getServletContext();
180 privilegedDataSource = unprivilegedDataSource = null;
182 final String contextName = Optional
183 .ofNullable(sc.getInitParameter(Constants.CTX_ATTR_JNDI_CONTEXT))
184 .orElse("java:comp/env");
185 final String dbSchema = Optional
186 .ofNullable(sc.getInitParameter(Constants.CTX_ATTR_DB_SCHEMA))
187 .orElse(DB_DEFAULT_SCHEMA);
189 try {
190 LOG.debug("Trying to access JNDI context {}...", contextName);
191 Context initialCtx = new InitialContext();
192 Context ctx = (Context) initialCtx.lookup(contextName);
194 privilegedDataSource = retrievePrivilegedDataSource(ctx);
195 unprivilegedDataSource = retrieveUnprivilegedDataSource(ctx);
197 privilegedDataSource.ifPresent((ds) -> checkConnection(ds, dbSchema, "Checking privileged connection failed"));
198 unprivilegedDataSource.ifPresent((ds) -> checkConnection(ds, dbSchema, "Checking unprivileged connection failed"));
199 } catch (NamingException | ClassCastException ex) {
200 LOG.error("Cannot access JNDI resources.", ex);
201 }
203 sc.setAttribute(SC_ATTR_NAME, this);
204 LOG.info("Database facade injected into ServletContext.");
205 }
207 @Override
208 public void contextDestroyed(ServletContextEvent sce) {
209 privilegedDataSource = unprivilegedDataSource = null;
210 }
211 }
