Java > Open Source Codes > org > roller > business > utils > PasswordUtility


1
2 package org.roller.business.utils;
3
4 import java.io.FileInputStream ;
5 import java.io.FileOutputStream ;
6 import java.sql.Connection ;
7 import java.sql.DriverManager ;
8 import java.sql.PreparedStatement ;
9 import java.sql.ResultSet ;
10 import java.util.Enumeration ;
11 import java.util.Properties ;
12 import org.roller.util.Utilities;
13
14 /**
15  * Roller password utility: don't run this unless you know what you are doing!</br >
16  *
17  * <p>Configuration:<br />
18  *
19  * Program looks in current directory for db.properties file with database
20  * connection properties driverClassName and connectionUrl.
21  *
22  * Program expects JDBC driver jar to be on classpath.</p>
23  *
24  * <p>Usage:<br />
25  *
26  * java -cp ./WEB-INF/lib/rollerbeans.jar;./jdbc.jar org.roller.business.utils.PasswordUtility<br />
27  *
28  * <br />Options:<br />
29  *
30  * -save &lt;file-name&gt;: Save username/passwords in property file<br />
31  * -encrypt : turn on encryption and encrypt passwords<br />
32  * -restore &lt;file-name> : turn off encryption and restore passwords from file<br />
33  * -reset &lt;username&gt; &lt;password&gt;: reset users password<br />
34  * -grant_admin &lt;username&gt;<br />
35  * -revoke_admin &lt;username&gt;</p>
36  */
37 public class PasswordUtility
38 {
39     public static void main(String [] args) throws Exception
40     {
41         Properties props = new Properties ();
42         props.load(new FileInputStream ("rollerdb.properties"));
43         
44         String algorithm = props.getProperty("algorithm");
45         
46         Connection con = ConsistencyCheck.createConnection(props,"");
47         
48         if (args.length == 2 && args[0].equals("-save"))
49         {
50             savePasswords(con, args[1]);
51         }
52         else if (args.length == 1 && args[0].equals("-encrypt"))
53         {
54             encryptionOn(con, algorithm);
55         }
56         else if (args.length == 2 && args[0].equals("-restore"))
57         {
58             encryptionOff(con, args[1]);
59         }
60         else if (args.length == 3 && args[0].equals("-reset"))
61         {
62             resetPassword(con, args[1], args[2], algorithm);
63         }
64         else if (args.length == 2 && args[0].equals("-grant_admin"))
65         {
66             grantAdmin(con, args[1]);
67         }
68         else if (args.length == 2 && args[0].equals("-revoke_admin"))
69         {
70             revokeAdmin(con, args[1]);
71         }
72         else
73         {
74             System.out.println("");
75             System.out.println("USAGE: save passwords to a properties file");
76             System.out.println(" rollerpw -save <file-name>");
77             System.out.println("");
78             System.out.println("USAGE: turn ON password encryption and encrypt existing passwords");
79             System.out.println(" rollerpw -encrypt");
80             System.out.println("");
81             System.out.println("USAGE: turn OFF password encryption and restore saved passwords");
82             System.out.println(" rollerpw -restore <file-name>");
83             System.out.println("");
84             System.out.println("USAGE: reset a user password");
85             System.out.println(" rollerpw -password <username> <new-password>");
86             System.out.println("");
87             System.out.println("USAGE: grant admin rights to user");
88             System.out.println(" rollerpw -grant_admin <username>");
89             System.out.println("");
90             System.out.println("USAGE: revoke admin right from user");
91             System.out.println(" rollerpw -revoke_admin <username>");
92             System.out.println("");
93         }
94     }
95     
96     /**
97      * Saves usernames and passwords to properties file, passwords keyed by usernames
98      */
99     private static void savePasswords(
100                     Connection con, String fileName) throws Exception
101     {
102         Properties newprops = new Properties ();
103         PreparedStatement userquery = con.prepareStatement(
104            "select username,passphrase from rolleruser");
105         ResultSet users = userquery.executeQuery();
106         while (users.next())
107         {
108             String username = users.getString(1);
109             String passphrase = users.getString(2);
110             newprops.put(username, passphrase);
111         }
112         FileOutputStream fos = new FileOutputStream (fileName);
113         newprops.save(fos, "Generated by Roller Password Utility");
114         fos.close();
115     }
116
117     /**
118      * Encrypt all passwords in rolleruser and turn ON encryption flag in rollerconfig
119      */
120     private static void encryptionOn(
121                     Connection con, String algorithm) throws Exception
122     {
123         PreparedStatement userQuery = con
124             .prepareStatement("select username,passphrase from rolleruser");
125         PreparedStatement userUpdate = con
126             .prepareStatement("update rolleruser set passphrase=? where username=?");
127         PreparedStatement configUpdate = con
128             .prepareStatement("update rollerconfig set encryptpasswords=?");
129
130         Properties props = new Properties ();
131         ResultSet users = userQuery.executeQuery();
132         while (users.next())
133         {
134             String username = users.getString(1);
135             String passphrase = users.getString(2);
136             props.put(username, passphrase);
137         }
138         Enumeration usernames = props.keys();
139         while (usernames.hasMoreElements())
140         {
141             String username = (String )usernames.nextElement();
142             String passphrase = (String )props.get(username);
143             userUpdate.clearParameters();
144             userUpdate.setString(1, Utilities.encodePassword(passphrase, algorithm));
145             userUpdate.setString(2, username);
146             userUpdate.executeUpdate();
147         }
148         
149         configUpdate.setBoolean(1, true);
150         configUpdate.executeUpdate();
151     }
152
153     /**
154      * Restore passwords in rolleruser and turn OFF encryption flag in rollerconfig
155      */
156     private static void encryptionOff(
157                     Connection con, String fileName) throws Exception
158     {
159         PreparedStatement userUpdate = con
160             .prepareStatement("update rolleruser set passphrase=? where username=?");
161         PreparedStatement configUpdate = con
162             .prepareStatement("update rollerconfig set encryptpasswords=?");
163
164         Properties props = new Properties ();
165         props.load(new FileInputStream (fileName));
166         Enumeration usernames = props.keys();
167         while (usernames.hasMoreElements())
168         {
169             String username = (String )usernames.nextElement();
170             String password = (String )props.get(username);
171             userUpdate.clearParameters();
172             userUpdate.setString(1, password);
173             userUpdate.setString(2, username);
174             userUpdate.executeUpdate();
175         }
176         
177         configUpdate.setBoolean(1, false);
178         configUpdate.executeUpdate();
179     }
180
181     /**
182      * Reset user's password to specified value using specified algorythm (if needed)
183      */
184     private static void resetPassword(
185                     Connection con, String username, String password, String algorithm)
186             throws Exception
187     {
188         PreparedStatement encryptionQuery =
189             con.prepareStatement("select encryptpasswords from rollerconfig");
190         PreparedStatement userUpdate =
191             con.prepareStatement("update rolleruser set passphrase=? where username=?");
192         
193         ResultSet rs = encryptionQuery.executeQuery();
194         rs.next();
195         boolean encryption = rs.getBoolean(1);
196         
197         String newpassword =
198             encryption ? Utilities.encodePassword(password, algorithm) : password;
199         userUpdate.setString(1, newpassword);
200         userUpdate.setString(2, username);
201         userUpdate.executeUpdate();
202     }
203     
204     /**
205      * Grant admin role to user by adding admin role for user to userrole table
206      */
207     private static void grantAdmin(Connection con, String userName) throws Exception
208     {
209         // Find userid of specified user
210 String userid = null;
211         PreparedStatement userQuery = con.prepareStatement(
212            "select id from rolleruser where username=?");
213         userQuery.setString(1, userName);
214         ResultSet userRS = userQuery.executeQuery();
215         if (!userRS.next())
216         {
217             System.err.println("ERROR: username not found in database");
218             return;
219         }
220         else
221         {
222             userid = userRS.getString(1);
223         }
224         
225         // Is user already an admin?
226 PreparedStatement roleQuery = con.prepareStatement(
227            "select username from userrole where username=? and rolename='admin'");
228         roleQuery.setString(1, userName);
229         ResultSet roleRS = roleQuery.executeQuery();
230         if (!roleRS.next()) // then no, user is not admin
231 {
232             // Add admin role for user
233 PreparedStatement adminInsert = con.prepareStatement(
234                "insert into userrole (id,rolename,username,userid) values (?,?,?,?)");
235             adminInsert.setString(1, userName);
236             adminInsert.setString(2, "admin");
237             adminInsert.setString(3, userName);
238             adminInsert.setString(4, userid);
239             adminInsert.executeUpdate();
240             System.out.println("User granted admin role");
241         }
242         else
243         {
244             System.out.println("User was already an admin");
245         }
246     }
247
248     /**
249      * Revoke admin role from user by removing admin role from userrole table
250      */
251     private static void revokeAdmin(Connection con, String userName) throws Exception
252     {
253         // Find userid of specified user
254 String userid = null;
255         PreparedStatement userQuery = con.prepareStatement(
256            "select id from rolleruser where username=?");
257         userQuery.setString(1, userName);
258         ResultSet userRS = userQuery.executeQuery();
259         if (!userRS.next())
260         {
261             System.err.println("ERROR: username not found in database");
262             return;
263         }
264         else
265         {
266             userid = userRS.getString(1);
267         }
268         
269         // Delete user's admin entries from userrole table
270 PreparedStatement roleDelete = con.prepareStatement(
271            "delete from userrole where userid=? and rolename='admin'");
272         roleDelete.setString(1, userid);
273         roleDelete.executeUpdate();
274     }
275 }
276

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags