src/java/de/uapcore/lightpit/DatabaseFacade.java

Sat, 30 Dec 2017 20:41:55 +0100

author
Mike Becker <universe@uap-core.de>
date
Sat, 30 Dec 2017 20:41:55 +0100
changeset 17
d1036b776eee
parent 16
4e0998805276
child 19
1a0ac419f714
permissions
-rw-r--r--

adds getter for the database facade to the abstract servlet

/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 * 
 * Copyright 2017 Mike Becker. All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 *   1. Redistributions of source code must retain the above copyright
 *      notice, this list of conditions and the following disclaimer.
 *
 *   2. Redistributions in binary form must reproduce the above copyright
 *      notice, this list of conditions and the following disclaimer in the
 *      documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 * 
 */
package de.uapcore.lightpit;

import java.sql.Connection;
import java.sql.DatabaseMetaData;
import java.sql.SQLException;
import java.util.Optional;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.servlet.ServletContext;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import javax.servlet.annotation.WebListener;
import javax.sql.DataSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Provides access to different privilege layers within the database.
 */
@WebListener
public final class DatabaseFacade implements ServletContextListener {
    
    private static final Logger LOG = LoggerFactory.getLogger(DatabaseFacade.class);
    
    /**
     * Timeout in seconds for the validation test.
     */
    private static final int DB_TEST_TIMEOUT = 10;
    
    /**
     * The default schema to test against when validating the connection.
     * 
     * May be overridden by context parameter.
     */
    private static final String DB_DEFAULT_SCHEMA = "lightpit";
    
    /**
     * The attribute name in the servlet context under which an instance of this class can be found.
     */
    public static final String SC_ATTR_NAME = DatabaseFacade.class.getName();
    private ServletContext sc;
    
    private static final String PRIVILEGED_DS_JNDI_NAME = "jdbc/lightpit/dbo";
    private Optional<DataSource> privilegedDataSource;
    
    private static final String UNPRIVILEGED_DS_JNDI_NAME = "jdbc/lightpit/app";
    private Optional<DataSource> unprivilegedDataSource;
    

    /**
     * Returns an optional privileged data source.
     * 
     * Privileged data sources should be able to execute any kind of DDL
     * statements to perform installation or configuration steps.
     * 
     * This optional should always be empty in live operation. Modules which
     * provide installation or configuration steps MUST check the presence of
     * a privileged data source and SHOULD display an informative message if
     * it is currently disabled.
     * 
     * @return an optional privileged data source
     */
    public Optional<DataSource> getPrivilegedDataSource() {
        return privilegedDataSource;
    }

    /**
     * Returns an optional unprivileged data source.
     * 
     * The Optional returned should never be empty. However, if something goes
     * wrong during initialization, the data source might be absent.
     * Hence, users of this data source are forced to check the existence.
     * 
     * @return an optional unprivileged data source
     */
    public Optional<DataSource> getUnprivilegedDataSource() {
        return unprivilegedDataSource;
    }

    /**
     * Returns the JNDI resource name of the privileged data source.
     * 
     * Modules may use this information to provide useful information to the user.
     * 
     * @return the JNDI resource name of the privileged data source
     */
    public String getPrivilegedDataSourceJNDIName() {
        return PRIVILEGED_DS_JNDI_NAME;
    }

    /**
     * Returns the JNDI resource name of the unprivileged data source.
     * 
     * Modules may use this information to provide useful information to the user.
     * 
     * @return the JNDI resource name of the unprivileged data source
     */
    public String getUnprivilegedDataSourceJNDIName() {
        return UNPRIVILEGED_DS_JNDI_NAME;
    }
    
    private static void checkConnection(DataSource ds, String testSchema, String errMsg) {
        try (Connection conn = ds.getConnection()) {
            if (!conn.isValid(DB_TEST_TIMEOUT)) {
                throw new SQLException("Validation check failed.");
            }
            if (conn.isReadOnly()) {
                throw new SQLException("Connection is read-only and thus unusable.");
            }
            if (!conn.getSchema().equals(testSchema)) {
                throw new SQLException(String.format("Connection is not configured to use the schema %s.", testSchema));
            }
            DatabaseMetaData metaData = conn.getMetaData();
            LOG.info("Connections as {} to {}/{} ready to go.", metaData.getUserName(), metaData.getURL(), conn.getSchema());
        } catch (SQLException ex) {
            LOG.error(errMsg, ex);
        }
    }
    
    private static Optional<DataSource> retrievePrivilegedDataSource(Context ctx) {
        DataSource ret = null;
        try {
            ret = (DataSource)ctx.lookup(PRIVILEGED_DS_JNDI_NAME);
            LOG.info("Privileged data source {} retrieved from context.", PRIVILEGED_DS_JNDI_NAME);
            LOG.warn("Your application may be vulnerable due to privileged database access. Make sure that privileged data sources are only available during installation or configuration.");
        } catch (NamingException ex) {
            LOG.info("Privileged data source not available. This is perfectly OK. Activate only, if you need to do installation or configuration.");
            /* in case the absence of the DataSource is not intended, log something more useful on debug level */
            LOG.debug("Reason for the missing data source: ", ex);
        }
        return Optional.ofNullable(ret);
    }
    
    private static Optional<DataSource> retrieveUnprivilegedDataSource(Context ctx) {
        DataSource ret = null;
        try {
            ret = (DataSource)ctx.lookup(UNPRIVILEGED_DS_JNDI_NAME);
            LOG.info("Unprivileged data source retrieved.");
        } catch (NamingException ex) {
            LOG.error("Unprivileged data source {} not available.", UNPRIVILEGED_DS_JNDI_NAME);
            /* for the unprivileged DataSource log the exception on error level (ordinary admins could find this useful) */
            LOG.error("Reason for the missing data source: ", ex);
        }
        return Optional.ofNullable(ret);
    }

    @Override
    public void contextInitialized(ServletContextEvent sce) {
        sc = sce.getServletContext();
        
        privilegedDataSource = unprivilegedDataSource = null;
        
        final String contextName = Optional
                .ofNullable(sc.getInitParameter(Constants.CTX_ATTR_JNDI_CONTEXT))
                .orElse("java:comp/env");
        final String dbSchema = Optional
                .ofNullable(sc.getInitParameter(Constants.CTX_ATTR_DB_SCHEMA))
                .orElse(DB_DEFAULT_SCHEMA);

        try {
            LOG.debug("Trying to access JNDI context {}...", contextName);
            Context initialCtx = new InitialContext();
            Context ctx = (Context) initialCtx.lookup(contextName);
            
            privilegedDataSource = retrievePrivilegedDataSource(ctx);
            unprivilegedDataSource = retrieveUnprivilegedDataSource(ctx);
            
            privilegedDataSource.ifPresent((ds) -> checkConnection(ds, dbSchema, "Checking privileged connection failed"));
            unprivilegedDataSource.ifPresent((ds) -> checkConnection(ds, dbSchema, "Checking unprivileged connection failed"));
        } catch (NamingException | ClassCastException ex) {
            LOG.error("Cannot access JNDI resources.", ex);
        }
        
        sc.setAttribute(SC_ATTR_NAME, this);
        LOG.info("Database facade injected into ServletContext.");
    }

    @Override
    public void contextDestroyed(ServletContextEvent sce) {
        privilegedDataSource = unprivilegedDataSource = null;
    }    
}

mercurial