universe@16: /*
universe@16:  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
universe@16:  * 
universe@16:  * Copyright 2017 Mike Becker. All rights reserved.
universe@16:  * 
universe@16:  * Redistribution and use in source and binary forms, with or without
universe@16:  * modification, are permitted provided that the following conditions are met:
universe@16:  *
universe@16:  *   1. Redistributions of source code must retain the above copyright
universe@16:  *      notice, this list of conditions and the following disclaimer.
universe@16:  *
universe@16:  *   2. Redistributions in binary form must reproduce the above copyright
universe@16:  *      notice, this list of conditions and the following disclaimer in the
universe@16:  *      documentation and/or other materials provided with the distribution.
universe@16:  *
universe@16:  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
universe@16:  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
universe@16:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
universe@16:  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
universe@16:  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
universe@16:  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
universe@16:  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
universe@16:  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
universe@16:  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
universe@16:  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
universe@16:  * POSSIBILITY OF SUCH DAMAGE.
universe@16:  * 
universe@16:  */
universe@16: package de.uapcore.lightpit;
universe@16: 
universe@16: import java.sql.Connection;
universe@16: import java.sql.DatabaseMetaData;
universe@16: import java.sql.SQLException;
universe@16: import java.util.Optional;
universe@16: import javax.naming.Context;
universe@16: import javax.naming.InitialContext;
universe@16: import javax.naming.NamingException;
universe@16: import javax.servlet.ServletContext;
universe@16: import javax.servlet.ServletContextEvent;
universe@16: import javax.servlet.ServletContextListener;
universe@16: import javax.servlet.annotation.WebListener;
universe@16: import javax.sql.DataSource;
universe@16: import org.slf4j.Logger;
universe@16: import org.slf4j.LoggerFactory;
universe@16: 
universe@16: /**
universe@16:  * Provides access to different privilege layers within the database.
universe@16:  */
universe@16: @WebListener
universe@16: public final class DatabaseFacade implements ServletContextListener {
universe@16:     
universe@16:     private static final Logger LOG = LoggerFactory.getLogger(DatabaseFacade.class);
universe@16:     
universe@16:     /**
universe@16:      * Timeout in seconds for the validation test.
universe@16:      */
universe@16:     private static final int DB_TEST_TIMEOUT = 10;
universe@16:     
universe@16:     /**
universe@16:      * The default schema to test against when validating the connection.
universe@16:      * 
universe@16:      * May be overridden by context parameter.
universe@16:      */
universe@16:     private static final String DB_DEFAULT_SCHEMA = "lightpit";
universe@16:     
universe@16:     /**
universe@16:      * The attribute name in the servlet context under which an instance of this class can be found.
universe@16:      */
universe@16:     public static final String SC_ATTR_NAME = DatabaseFacade.class.getName();
universe@16:     private ServletContext sc;
universe@16:     
universe@16:     private static final String PRIVILEGED_DS_JNDI_NAME = "jdbc/lightpit/dbo";
universe@16:     private Optional<DataSource> privilegedDataSource;
universe@16:     
universe@16:     private static final String UNPRIVILEGED_DS_JNDI_NAME = "jdbc/lightpit/app";
universe@16:     private Optional<DataSource> unprivilegedDataSource;
universe@16:     
universe@16: 
universe@16:     /**
universe@16:      * Returns an optional privileged data source.
universe@16:      * 
universe@16:      * Privileged data sources should be able to execute any kind of DDL
universe@16:      * statements to perform installation or configuration steps.
universe@16:      * 
universe@16:      * This optional should always be empty in live operation. Modules which
universe@16:      * provide installation or configuration steps MUST check the presence of
universe@16:      * a privileged data source and SHOULD display an informative message if
universe@16:      * it is currently disabled.
universe@16:      * 
universe@16:      * @return an optional privileged data source
universe@16:      */
universe@16:     public Optional<DataSource> getPrivilegedDataSource() {
universe@16:         return privilegedDataSource;
universe@16:     }
universe@16: 
universe@16:     /**
universe@16:      * Returns an optional unprivileged data source.
universe@16:      * 
universe@16:      * The Optional returned should never be empty. However, if something goes
universe@16:      * wrong during initialization, the data source might be absent.
universe@16:      * Hence, users of this data source are forced to check the existence.
universe@16:      * 
universe@16:      * @return an optional unprivileged data source
universe@16:      */
universe@16:     public Optional<DataSource> getUnprivilegedDataSource() {
universe@16:         return unprivilegedDataSource;
universe@16:     }
universe@16: 
universe@16:     /**
universe@16:      * Returns the JNDI resource name of the privileged data source.
universe@16:      * 
universe@16:      * Modules may use this information to provide useful information to the user.
universe@16:      * 
universe@16:      * @return the JNDI resource name of the privileged data source
universe@16:      */
universe@16:     public String getPrivilegedDataSourceJNDIName() {
universe@16:         return PRIVILEGED_DS_JNDI_NAME;
universe@16:     }
universe@16: 
universe@16:     /**
universe@16:      * Returns the JNDI resource name of the unprivileged data source.
universe@16:      * 
universe@16:      * Modules may use this information to provide useful information to the user.
universe@16:      * 
universe@16:      * @return the JNDI resource name of the unprivileged data source
universe@16:      */
universe@16:     public String getUnprivilegedDataSourceJNDIName() {
universe@16:         return UNPRIVILEGED_DS_JNDI_NAME;
universe@16:     }
universe@16:     
universe@16:     private static void checkConnection(DataSource ds, String testSchema, String errMsg) {
universe@16:         try (Connection conn = ds.getConnection()) {
universe@16:             if (!conn.isValid(DB_TEST_TIMEOUT)) {
universe@16:                 throw new SQLException("Validation check failed.");
universe@16:             }
universe@16:             if (conn.isReadOnly()) {
universe@16:                 throw new SQLException("Connection is read-only and thus unusable.");
universe@16:             }
universe@16:             if (!conn.getSchema().equals(testSchema)) {
universe@16:                 throw new SQLException(String.format("Connection is not configured to use the schema %s.", testSchema));
universe@16:             }
universe@16:             DatabaseMetaData metaData = conn.getMetaData();
universe@16:             LOG.info("Connections as {} to {}/{} ready to go.", metaData.getUserName(), metaData.getURL(), conn.getSchema());
universe@16:         } catch (SQLException ex) {
universe@16:             LOG.error(errMsg, ex);
universe@16:         }
universe@16:     }
universe@16:     
universe@16:     private static Optional<DataSource> retrievePrivilegedDataSource(Context ctx) {
universe@16:         DataSource ret = null;
universe@16:         try {
universe@16:             ret = (DataSource)ctx.lookup(PRIVILEGED_DS_JNDI_NAME);
universe@16:             LOG.info("Privileged data source {} retrieved from context.", PRIVILEGED_DS_JNDI_NAME);
universe@16:             LOG.warn("Your application may be vulnerable due to privileged database access. Make sure that privileged data sources are only available during installation or configuration.");
universe@16:         } catch (NamingException ex) {
universe@16:             LOG.info("Privileged data source not available. This is perfectly OK. Activate only, if you need to do installation or configuration.");
universe@16:             /* in case the absence of the DataSource is not intended, log something more useful on debug level */
universe@16:             LOG.debug("Reason for the missing data source: ", ex);
universe@16:         }
universe@16:         return Optional.ofNullable(ret);
universe@16:     }
universe@16:     
universe@16:     private static Optional<DataSource> retrieveUnprivilegedDataSource(Context ctx) {
universe@16:         DataSource ret = null;
universe@16:         try {
universe@16:             ret = (DataSource)ctx.lookup(UNPRIVILEGED_DS_JNDI_NAME);
universe@16:             LOG.info("Unprivileged data source retrieved.");
universe@16:         } catch (NamingException ex) {
universe@16:             LOG.error("Unprivileged data source {} not available.", UNPRIVILEGED_DS_JNDI_NAME);
universe@16:             /* for the unprivileged DataSource log the exception on error level (ordinary admins could find this useful) */
universe@16:             LOG.error("Reason for the missing data source: ", ex);
universe@16:         }
universe@16:         return Optional.ofNullable(ret);
universe@16:     }
universe@16: 
universe@16:     @Override
universe@16:     public void contextInitialized(ServletContextEvent sce) {
universe@16:         sc = sce.getServletContext();
universe@16:         
universe@16:         privilegedDataSource = unprivilegedDataSource = null;
universe@16:         
universe@16:         final String contextName = Optional
universe@16:                 .ofNullable(sc.getInitParameter(Constants.CTX_ATTR_JNDI_CONTEXT))
universe@16:                 .orElse("java:comp/env");
universe@16:         final String dbSchema = Optional
universe@16:                 .ofNullable(sc.getInitParameter(Constants.CTX_ATTR_DB_SCHEMA))
universe@16:                 .orElse(DB_DEFAULT_SCHEMA);
universe@16: 
universe@16:         try {
universe@16:             LOG.debug("Trying to access JNDI context {}...", contextName);
universe@16:             Context initialCtx = new InitialContext();
universe@16:             Context ctx = (Context) initialCtx.lookup(contextName);
universe@16:             
universe@16:             privilegedDataSource = retrievePrivilegedDataSource(ctx);
universe@16:             unprivilegedDataSource = retrieveUnprivilegedDataSource(ctx);
universe@16:             
universe@16:             privilegedDataSource.ifPresent((ds) -> checkConnection(ds, dbSchema, "Checking privileged connection failed"));
universe@16:             unprivilegedDataSource.ifPresent((ds) -> checkConnection(ds, dbSchema, "Checking unprivileged connection failed"));
universe@16:         } catch (NamingException | ClassCastException ex) {
universe@16:             LOG.error("Cannot access JNDI resources.", ex);
universe@16:         }
universe@16:         
universe@16:         sc.setAttribute(SC_ATTR_NAME, this);
universe@16:         LOG.info("Database facade injected into ServletContext.");
universe@16:     }
universe@16: 
universe@16:     @Override
universe@16:     public void contextDestroyed(ServletContextEvent sce) {
universe@16:         privilegedDataSource = unprivilegedDataSource = null;
universe@16:     }    
universe@16: }