diff options
| -rw-r--r-- | .classpath | 2 | ||||
| -rw-r--r-- | .settings/org.eclipse.jpt.core.prefs | 4 | ||||
| -rw-r--r-- | .settings/org.eclipse.jpt.entitygen.new-mysql.fit | bin | 0 -> 734 bytes | |||
| -rw-r--r-- | .settings/org.eclipse.wst.common.project.facet.core.prefs.xml | 7 | ||||
| -rw-r--r-- | .settings/org.eclipse.wst.common.project.facet.core.xml | 1 | ||||
| -rw-r--r-- | WebContent/LoginFormWithJpa.jsp | 16 | ||||
| -rw-r--r-- | WebContent/WEB-INF/classes/lib/eclipselink-2.6.1.zip | bin | 0 -> 32587504 bytes | |||
| -rw-r--r-- | WebContent/WEB-INF/lib/.gitignore | 1 | ||||
| -rw-r--r-- | WebContent/WEB-INF/lib/mysql-connector-java-5.1.37-bin.jar | bin | 0 -> 985603 bytes | |||
| -rw-r--r-- | WebContent/WEB-INF/web.xml | 4 | ||||
| -rw-r--r-- | src/META-INF/persistence.xml | 12 | ||||
| -rw-r--r-- | src/de/fhswf/in/inf/fit/aufgabe5/LoginServletWithJpa.java | 132 | ||||
| -rw-r--r-- | src/de/fhswf/in/inf/fit/aufgabe5/model/Account.java | 54 | ||||
| -rw-r--r-- | src/de/fhswf/in/inf/fit/aufgabe5/model/Account_.java | 13 |
14 files changed, 246 insertions, 0 deletions
@@ -13,5 +13,7 @@ </classpathentry> <classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.web.container"/> <classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.module.container"/> + <classpathentry kind="lib" path="WebContent/WEB-INF/lib/mysql-connector-java-5.1.37-bin.jar"/> + <classpathentry kind="lib" path="WebContent/WEB-INF/classes/lib/eclipselink-2.6.1.zip"/> <classpathentry kind="output" path="build/classes"/> </classpath> diff --git a/.settings/org.eclipse.jpt.core.prefs b/.settings/org.eclipse.jpt.core.prefs new file mode 100644 index 0000000..c8ebfa4 --- /dev/null +++ b/.settings/org.eclipse.jpt.core.prefs @@ -0,0 +1,4 @@ +eclipse.preferences.version=1 +org.eclipse.jpt.core.platform=generic2_1 +org.eclipse.jpt.jpa.core.discoverAnnotatedClasses=false +org.eclipse.jpt.jpa.core.metamodelSourceFolderName=src diff --git a/.settings/org.eclipse.jpt.entitygen.new-mysql.fit b/.settings/org.eclipse.jpt.entitygen.new-mysql.fit Binary files differnew file mode 100644 index 0000000..7277b64 --- /dev/null +++ b/.settings/org.eclipse.jpt.entitygen.new-mysql.fit diff --git a/.settings/org.eclipse.wst.common.project.facet.core.prefs.xml b/.settings/org.eclipse.wst.common.project.facet.core.prefs.xml new file mode 100644 index 0000000..5f9ba3e --- /dev/null +++ b/.settings/org.eclipse.wst.common.project.facet.core.prefs.xml @@ -0,0 +1,7 @@ +<root> + <facet id="jpt.jpa"> + <node name="libprov"> + <attribute name="provider-id" value="GlassFish-4-SystemLibrary-JPA"/> + </node> + </facet> +</root> diff --git a/.settings/org.eclipse.wst.common.project.facet.core.xml b/.settings/org.eclipse.wst.common.project.facet.core.xml index e7b9e36..5ac1630 100644 --- a/.settings/org.eclipse.wst.common.project.facet.core.xml +++ b/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -8,4 +8,5 @@ <installed facet="jst.web" version="3.1"/> <installed facet="glassfish.web" version="4.0"/> <installed facet="wst.jsdt.web" version="1.0"/> + <installed facet="jpt.jpa" version="2.1"/> </faceted-project> diff --git a/WebContent/LoginFormWithJpa.jsp b/WebContent/LoginFormWithJpa.jsp new file mode 100644 index 0000000..cf0cd3b --- /dev/null +++ b/WebContent/LoginFormWithJpa.jsp @@ -0,0 +1,16 @@ +<%@ page language="java" contentType="text/html; charset=UTF-8" + pageEncoding="UTF-8"%> +<!DOCTYPE html> +<html> +<head> +<meta charset="utf-8" /> +<title>Login</title> +</head> +<body> + <form action="LoginServletWithJpa" method="post"> + <label for="username">Username:</label><input type="text" name="username" id="username"><br> + <label for="password">Password:</label><input type="password" name="password" id="password"><br> + <input type="submit"><input type="reset"> + </form> +</body> +</html>
\ No newline at end of file diff --git a/WebContent/WEB-INF/classes/lib/eclipselink-2.6.1.zip b/WebContent/WEB-INF/classes/lib/eclipselink-2.6.1.zip Binary files differnew file mode 100644 index 0000000..32a7a38 --- /dev/null +++ b/WebContent/WEB-INF/classes/lib/eclipselink-2.6.1.zip diff --git a/WebContent/WEB-INF/lib/.gitignore b/WebContent/WEB-INF/lib/.gitignore new file mode 100644 index 0000000..f9be8df --- /dev/null +++ b/WebContent/WEB-INF/lib/.gitignore @@ -0,0 +1 @@ +!* diff --git a/WebContent/WEB-INF/lib/mysql-connector-java-5.1.37-bin.jar b/WebContent/WEB-INF/lib/mysql-connector-java-5.1.37-bin.jar Binary files differnew file mode 100644 index 0000000..465af67 --- /dev/null +++ b/WebContent/WEB-INF/lib/mysql-connector-java-5.1.37-bin.jar diff --git a/WebContent/WEB-INF/web.xml b/WebContent/WEB-INF/web.xml index 84f418f..beedbd4 100644 --- a/WebContent/WEB-INF/web.xml +++ b/WebContent/WEB-INF/web.xml @@ -21,4 +21,8 @@ <param-name>salt</param-name> <param-value>aabbcc112233</param-value> </context-param> + <context-param> + <param-name>persistenceUnit</param-name> + <param-value>FIT</param-value> + </context-param> </web-app>
\ No newline at end of file diff --git a/src/META-INF/persistence.xml b/src/META-INF/persistence.xml new file mode 100644 index 0000000..78642f4 --- /dev/null +++ b/src/META-INF/persistence.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<persistence version="2.1" xmlns="http://xmlns.jcp.org/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/persistence http://xmlns.jcp.org/xml/ns/persistence/persistence_2_1.xsd"> + <persistence-unit name="FIT" transaction-type="RESOURCE_LOCAL"> + <provider>org.eclipse.persistence.jpa.PersistenceProvider</provider> + <class>de.fhswf.in.inf.fit.aufgabe5.model.Account</class> + <properties> + <property name="javax.persistence.jdbc.driver" value="com.mysql.jdbc.Driver"/> + <property name="javax.persistence.jdbc.url" value="jdbc:mysql://localhost:3306/FIT"/> + <property name="javax.persistence.jdbc.user" value="root"/> + </properties> + </persistence-unit> +</persistence> diff --git a/src/de/fhswf/in/inf/fit/aufgabe5/LoginServletWithJpa.java b/src/de/fhswf/in/inf/fit/aufgabe5/LoginServletWithJpa.java new file mode 100644 index 0000000..d80e5c5 --- /dev/null +++ b/src/de/fhswf/in/inf/fit/aufgabe5/LoginServletWithJpa.java @@ -0,0 +1,132 @@ +package de.fhswf.in.inf.fit.aufgabe5; + +import java.io.IOException; +import java.io.PrintWriter; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.Base64; + +import javax.persistence.EntityManager; +import javax.persistence.EntityManagerFactory; +import javax.persistence.Persistence; +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import de.fhswf.in.inf.fit.aufgabe5.model.Account; + +/** + * Servlet implementation class LoginServlet + */ +@WebServlet("/LoginServletWithJpa") +public class LoginServletWithJpa extends HttpServlet +{ + private static final long serialVersionUID = 1L; + + /** + * @see HttpServlet#HttpServlet() + */ + public LoginServletWithJpa() + { + super(); + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException + { + response.sendRedirect("LoginFormWithJpa.jsp"); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException + { + String requestUsername = request.getParameter("username"); + String requestPassword = request.getParameter("password"); + + if (requestUsername == null || requestPassword == null) + { + doGet(request, response); + } + + EntityManagerFactory emf = Persistence.createEntityManagerFactory( + getServletContext().getInitParameter("persistenceUnit")); + EntityManager em = emf.createEntityManager(); + + Account account = em.find(Account.class, requestUsername); + + PrintWriter pw = response.getWriter(); + + pw.println("<!DOCTYPE html>"); + pw.println("<html>"); + pw.println("<head>"); + pw.println("<meta charset=\"utf-8\" />"); + pw.println("<title>Login Answer</title>"); + pw.println("</head>"); + pw.println("<body>"); + + System.out.println(account.getPassword() + " == " + + (createSaltedPasswordHash(requestPassword, account.getSalt()))); + + // This is very insecure and can be exploited via timing attacks + if (account != null && account.getPassword().equals( + createSaltedPasswordHash(requestPassword, account.getSalt()))) + { + pw.println("<h1>Success</h1>"); + request.getSession().setAttribute("loggedin", true); + } + else + { + pw.println("<h1>Failed</h1>"); + pw.println("<a href=\"LoginFormWithJpa.jsp\">Retry</a>"); + } + + pw.println("</body>"); + pw.println("</html>"); + + emf.close(); + } + + /** + * Generate a Base64 encoded SHA-1 hashed password that is salted. + * + * @param password + * The password to encode. + * @param salt + * The salt for salting the password. + * @return The salted and encoded password hash. + */ + public static String createSaltedPasswordHash(String password, String salt) + { + if (password == null) + { + throw new IllegalArgumentException("Password can't be null"); + } + + if (salt == null) + { + throw new IllegalArgumentException("Salt can't be null"); + } + + try + { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + md.update((password + salt).getBytes()); + return Base64.getEncoder().encodeToString(md.digest()); + } + catch (NoSuchAlgorithmException e) + { + throw new IllegalStateException( + "SHA-1 for some reason is not supported.", e); + } + } +} diff --git a/src/de/fhswf/in/inf/fit/aufgabe5/model/Account.java b/src/de/fhswf/in/inf/fit/aufgabe5/model/Account.java new file mode 100644 index 0000000..539353c --- /dev/null +++ b/src/de/fhswf/in/inf/fit/aufgabe5/model/Account.java @@ -0,0 +1,54 @@ +package de.fhswf.in.inf.fit.aufgabe5.model; + +import java.io.Serializable; +import javax.persistence.*; + + +/** + * The persistent class for the account database table. + * + */ +@Entity +@Table(name="account") +@NamedQuery(name="Account.findAll", query="SELECT a FROM Account a") +public class Account implements Serializable { + private static final long serialVersionUID = 1L; + + @Id + @Column(name="Username") + private String username; + + @Column(name="Password") + private String password; + + @Column(name="Salt") + private String salt; + + public Account() { + } + + public String getUsername() { + return this.username; + } + + public void setUsername(String username) { + this.username = username; + } + + public String getPassword() { + return this.password; + } + + public void setPassword(String password) { + this.password = password; + } + + public String getSalt() { + return this.salt; + } + + public void setSalt(String salt) { + this.salt = salt; + } + +}
\ No newline at end of file diff --git a/src/de/fhswf/in/inf/fit/aufgabe5/model/Account_.java b/src/de/fhswf/in/inf/fit/aufgabe5/model/Account_.java new file mode 100644 index 0000000..e7da7b9 --- /dev/null +++ b/src/de/fhswf/in/inf/fit/aufgabe5/model/Account_.java @@ -0,0 +1,13 @@ +package de.fhswf.in.inf.fit.aufgabe5.model; + +import javax.annotation.Generated; +import javax.persistence.metamodel.SingularAttribute; +import javax.persistence.metamodel.StaticMetamodel; + +@Generated(value="Dali", date="2015-11-09T01:25:51.914+0100") +@StaticMetamodel(Account.class) +public class Account_ { + public static volatile SingularAttribute<Account, String> username; + public static volatile SingularAttribute<Account, String> password; + public static volatile SingularAttribute<Account, String> salt; +} |