Use JPA for storing the user accounts in a database

14 files changed, 246 insertions, 0 deletions

diff --git a/.classpath b/.classpath
index f40cb19..ae0d260 100644
--- a/.classpath
+++ b/.classpath
@@ -13,5 +13,7 @@
 	</classpathentry>
 	<classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.web.container"/>
 	<classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.module.container"/>
+	<classpathentry kind="lib" path="WebContent/WEB-INF/lib/mysql-connector-java-5.1.37-bin.jar"/>
+	<classpathentry kind="lib" path="WebContent/WEB-INF/classes/lib/eclipselink-2.6.1.zip"/>
 	<classpathentry kind="output" path="build/classes"/>
 </classpath>
diff --git a/.settings/org.eclipse.jpt.core.prefs b/.settings/org.eclipse.jpt.core.prefs
new file mode 100644
index 0000000..c8ebfa4
--- /dev/null
+++ b/.settings/org.eclipse.jpt.core.prefs
@@ -0,0 +1,4 @@
+eclipse.preferences.version=1
+org.eclipse.jpt.core.platform=generic2_1
+org.eclipse.jpt.jpa.core.discoverAnnotatedClasses=false
+org.eclipse.jpt.jpa.core.metamodelSourceFolderName=src
diff --git a/.settings/org.eclipse.jpt.entitygen.new-mysql.fit b/.settings/org.eclipse.jpt.entitygen.new-mysql.fit
new file mode 100644
index 0000000..7277b64
--- /dev/null
+++ b/.settings/org.eclipse.jpt.entitygen.new-mysql.fit
diff --git a/.settings/org.eclipse.wst.common.project.facet.core.prefs.xml b/.settings/org.eclipse.wst.common.project.facet.core.prefs.xml
new file mode 100644
index 0000000..5f9ba3e
--- /dev/null
+++ b/.settings/org.eclipse.wst.common.project.facet.core.prefs.xml
@@ -0,0 +1,7 @@
+<root>
+  <facet id="jpt.jpa">
+    <node name="libprov">
+      <attribute name="provider-id" value="GlassFish-4-SystemLibrary-JPA"/>
+    </node>
+  </facet>
+</root>
diff --git a/.settings/org.eclipse.wst.common.project.facet.core.xml b/.settings/org.eclipse.wst.common.project.facet.core.xml
index e7b9e36..5ac1630 100644
--- a/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/.settings/org.eclipse.wst.common.project.facet.core.xml
@@ -8,4 +8,5 @@
   <installed facet="jst.web" version="3.1"/>
   <installed facet="glassfish.web" version="4.0"/>
   <installed facet="wst.jsdt.web" version="1.0"/>
+  <installed facet="jpt.jpa" version="2.1"/>
 </faceted-project>
diff --git a/WebContent/LoginFormWithJpa.jsp b/WebContent/LoginFormWithJpa.jsp
new file mode 100644
index 0000000..cf0cd3b
--- /dev/null
+++ b/WebContent/LoginFormWithJpa.jsp
@@ -0,0 +1,16 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8"
+    pageEncoding="UTF-8"%>
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="utf-8" />
+<title>Login</title>
+</head>
+<body>
+	<form action="LoginServletWithJpa" method="post">
+		<label for="username">Username:</label><input type="text" name="username" id="username"><br>
+		<label for="password">Password:</label><input type="password" name="password" id="password"><br>
+		<input type="submit"><input type="reset">
+	</form>
+</body>
+</html>
\ No newline at end of file
diff --git a/WebContent/WEB-INF/classes/lib/eclipselink-2.6.1.zip b/WebContent/WEB-INF/classes/lib/eclipselink-2.6.1.zip
new file mode 100644
index 0000000..32a7a38
--- /dev/null
+++ b/WebContent/WEB-INF/classes/lib/eclipselink-2.6.1.zip
diff --git a/WebContent/WEB-INF/lib/.gitignore b/WebContent/WEB-INF/lib/.gitignore
new file mode 100644
index 0000000..f9be8df
--- /dev/null
+++ b/WebContent/WEB-INF/lib/.gitignore
@@ -0,0 +1 @@
+!*
diff --git a/WebContent/WEB-INF/lib/mysql-connector-java-5.1.37-bin.jar b/WebContent/WEB-INF/lib/mysql-connector-java-5.1.37-bin.jar
new file mode 100644
index 0000000..465af67
--- /dev/null
+++ b/WebContent/WEB-INF/lib/mysql-connector-java-5.1.37-bin.jar
diff --git a/WebContent/WEB-INF/web.xml b/WebContent/WEB-INF/web.xml
index 84f418f..beedbd4 100644
--- a/WebContent/WEB-INF/web.xml
+++ b/WebContent/WEB-INF/web.xml
@@ -21,4 +21,8 @@
     <param-name>salt</param-name>
     <param-value>aabbcc112233</param-value>
   </context-param>
+  <context-param>
+  	<param-name>persistenceUnit</param-name>
+  	<param-value>FIT</param-value>
+  </context-param>
 </web-app>
\ No newline at end of file
diff --git a/src/META-INF/persistence.xml b/src/META-INF/persistence.xml
new file mode 100644
index 0000000..78642f4
--- /dev/null
+++ b/src/META-INF/persistence.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<persistence version="2.1" xmlns="http://xmlns.jcp.org/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/persistence http://xmlns.jcp.org/xml/ns/persistence/persistence_2_1.xsd">
+	<persistence-unit name="FIT" transaction-type="RESOURCE_LOCAL">
+		<provider>org.eclipse.persistence.jpa.PersistenceProvider</provider>
+		<class>de.fhswf.in.inf.fit.aufgabe5.model.Account</class>
+		<properties>
+			<property name="javax.persistence.jdbc.driver" value="com.mysql.jdbc.Driver"/>
+			<property name="javax.persistence.jdbc.url" value="jdbc:mysql://localhost:3306/FIT"/>
+			<property name="javax.persistence.jdbc.user" value="root"/>
+		</properties>
+	</persistence-unit>
+</persistence>
diff --git a/src/de/fhswf/in/inf/fit/aufgabe5/LoginServletWithJpa.java b/src/de/fhswf/in/inf/fit/aufgabe5/LoginServletWithJpa.java
new file mode 100644
index 0000000..d80e5c5
--- /dev/null
+++ b/src/de/fhswf/in/inf/fit/aufgabe5/LoginServletWithJpa.java
@@ -0,0 +1,132 @@
+package de.fhswf.in.inf.fit.aufgabe5;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Base64;
+
+import javax.persistence.EntityManager;
+import javax.persistence.EntityManagerFactory;
+import javax.persistence.Persistence;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import de.fhswf.in.inf.fit.aufgabe5.model.Account;
+
+/**
+ * Servlet implementation class LoginServlet
+ */
+@WebServlet("/LoginServletWithJpa")
+public class LoginServletWithJpa extends HttpServlet
+{
+   private static final long serialVersionUID = 1L;
+
+   /**
+    * @see HttpServlet#HttpServlet()
+    */
+   public LoginServletWithJpa()
+   {
+      super();
+   }
+
+   /**
+    * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
+    *      response)
+    */
+   protected void doGet(HttpServletRequest request,
+         HttpServletResponse response) throws ServletException, IOException
+   {
+      response.sendRedirect("LoginFormWithJpa.jsp");
+   }
+
+   /**
+    * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
+    *      response)
+    */
+   protected void doPost(HttpServletRequest request,
+         HttpServletResponse response) throws ServletException, IOException
+   {
+      String requestUsername = request.getParameter("username");
+      String requestPassword = request.getParameter("password");
+
+      if (requestUsername == null || requestPassword == null)
+      {
+         doGet(request, response);
+      }
+
+      EntityManagerFactory emf = Persistence.createEntityManagerFactory(
+            getServletContext().getInitParameter("persistenceUnit"));
+      EntityManager em = emf.createEntityManager();
+
+      Account account = em.find(Account.class, requestUsername);
+
+      PrintWriter pw = response.getWriter();
+
+      pw.println("<!DOCTYPE html>");
+      pw.println("<html>");
+      pw.println("<head>");
+      pw.println("<meta charset=\"utf-8\" />");
+      pw.println("<title>Login Answer</title>");
+      pw.println("</head>");
+      pw.println("<body>");
+
+      System.out.println(account.getPassword() + " == "
+            + (createSaltedPasswordHash(requestPassword, account.getSalt())));
+
+      // This is very insecure and can be exploited via timing attacks
+      if (account != null && account.getPassword().equals(
+            createSaltedPasswordHash(requestPassword, account.getSalt())))
+      {
+         pw.println("<h1>Success</h1>");
+         request.getSession().setAttribute("loggedin", true);
+      }
+      else
+      {
+         pw.println("<h1>Failed</h1>");
+         pw.println("<a href=\"LoginFormWithJpa.jsp\">Retry</a>");
+      }
+
+      pw.println("</body>");
+      pw.println("</html>");
+
+      emf.close();
+   }
+
+   /**
+    * Generate a Base64 encoded SHA-1 hashed password that is salted.
+    *
+    * @param password
+    *           The password to encode.
+    * @param salt
+    *           The salt for salting the password.
+    * @return The salted and encoded password hash.
+    */
+   public static String createSaltedPasswordHash(String password, String salt)
+   {
+      if (password == null)
+      {
+         throw new IllegalArgumentException("Password can't be null");
+      }
+
+      if (salt == null)
+      {
+         throw new IllegalArgumentException("Salt can't be null");
+      }
+
+      try
+      {
+         MessageDigest md = MessageDigest.getInstance("SHA-1");
+         md.update((password + salt).getBytes());
+         return Base64.getEncoder().encodeToString(md.digest());
+      }
+      catch (NoSuchAlgorithmException e)
+      {
+         throw new IllegalStateException(
+               "SHA-1 for some reason is not supported.", e);
+      }
+   }
+}
diff --git a/src/de/fhswf/in/inf/fit/aufgabe5/model/Account.java b/src/de/fhswf/in/inf/fit/aufgabe5/model/Account.java
new file mode 100644
index 0000000..539353c
--- /dev/null
+++ b/src/de/fhswf/in/inf/fit/aufgabe5/model/Account.java
@@ -0,0 +1,54 @@
+package de.fhswf.in.inf.fit.aufgabe5.model;
+
+import java.io.Serializable;
+import javax.persistence.*;
+
+
+/**
+ * The persistent class for the account database table.
+ * 
+ */
+@Entity
+@Table(name="account")
+@NamedQuery(name="Account.findAll", query="SELECT a FROM Account a")
+public class Account implements Serializable {
+	private static final long serialVersionUID = 1L;
+
+	@Id
+	@Column(name="Username")
+	private String username;
+
+	@Column(name="Password")
+	private String password;
+
+	@Column(name="Salt")
+	private String salt;
+
+	public Account() {
+	}
+
+	public String getUsername() {
+		return this.username;
+	}
+
+	public void setUsername(String username) {
+		this.username = username;
+	}
+
+	public String getPassword() {
+		return this.password;
+	}
+
+	public void setPassword(String password) {
+		this.password = password;
+	}
+
+	public String getSalt() {
+		return this.salt;
+	}
+
+	public void setSalt(String salt) {
+		this.salt = salt;
+	}
+
+}
\ No newline at end of file
diff --git a/src/de/fhswf/in/inf/fit/aufgabe5/model/Account_.java b/src/de/fhswf/in/inf/fit/aufgabe5/model/Account_.java
new file mode 100644
index 0000000..e7da7b9
--- /dev/null
+++ b/src/de/fhswf/in/inf/fit/aufgabe5/model/Account_.java
@@ -0,0 +1,13 @@
+package de.fhswf.in.inf.fit.aufgabe5.model;
+
+import javax.annotation.Generated;
+import javax.persistence.metamodel.SingularAttribute;
+import javax.persistence.metamodel.StaticMetamodel;
+
+@Generated(value="Dali", date="2015-11-09T01:25:51.914+0100")
+@StaticMetamodel(Account.class)
+public class Account_ {
+	public static volatile SingularAttribute<Account, String> username;
+	public static volatile SingularAttribute<Account, String> password;
+	public static volatile SingularAttribute<Account, String> salt;
+}