From f771494f3b799790fbdcdd8ffc08272801a6704f Mon Sep 17 00:00:00 2001 From: Artem Kostenko Date: Wed, 5 Jul 2023 19:57:47 +0300 Subject: [PATCH] first commit web security solution --- pom.xml | 2 +- .../java/taxi/controller/LoginController.java | 40 +++++++++++++++++++ .../taxi/controller/LogoutController.java | 16 ++++++++ .../car/GetMyCurrentCarsController.java | 25 ++++++++++++ .../driver/AddDriverController.java | 4 +- src/main/java/taxi/dao/DriverDao.java | 2 + src/main/java/taxi/dao/DriverDaoImpl.java | 35 ++++++++++++++-- .../exception/AuthenticationException.java | 7 ++++ .../taxi/filter/AuthenticationFilter.java | 36 +++++++++++++++++ src/main/java/taxi/model/Driver.java | 28 +++++++++++-- .../taxi/service/AuthenticationService.java | 9 +++++ .../service/AuthenticationServiceImpl.java | 22 ++++++++++ src/main/java/taxi/service/DriverService.java | 2 + .../java/taxi/service/DriverServiceImpl.java | 6 +++ src/main/java/taxi/util/ConnectionUtil.java | 8 ++-- src/main/resources/init_db.sql | 2 + src/main/webapp/WEB-INF/views/cars/add.jsp | 1 + src/main/webapp/WEB-INF/views/cars/all.jsp | 1 + .../webapp/WEB-INF/views/cars/drivers/add.jsp | 1 + src/main/webapp/WEB-INF/views/drivers/add.jsp | 9 +++++ src/main/webapp/WEB-INF/views/drivers/all.jsp | 1 + src/main/webapp/WEB-INF/views/header.jsp | 9 +++++ src/main/webapp/WEB-INF/views/index.jsp | 2 + src/main/webapp/WEB-INF/views/login.jsp | 22 ++++++++++ .../WEB-INF/views/manufacturers/add.jsp | 1 + .../WEB-INF/views/manufacturers/all.jsp | 1 + src/main/webapp/web.xml | 36 +++++++++++++++++ 27 files changed, 315 insertions(+), 13 deletions(-) create mode 100644 src/main/java/taxi/controller/LoginController.java create mode 100644 src/main/java/taxi/controller/LogoutController.java create mode 100644 src/main/java/taxi/controller/car/GetMyCurrentCarsController.java create mode 100644 src/main/java/taxi/exception/AuthenticationException.java create mode 100644 src/main/java/taxi/filter/AuthenticationFilter.java create mode 100644 src/main/java/taxi/service/AuthenticationService.java create mode 100644 src/main/java/taxi/service/AuthenticationServiceImpl.java create mode 100644 src/main/webapp/WEB-INF/views/header.jsp create mode 100644 src/main/webapp/WEB-INF/views/login.jsp diff --git a/pom.xml b/pom.xml index a043c369c..02df8cbab 100644 --- a/pom.xml +++ b/pom.xml @@ -23,7 +23,7 @@ mysql mysql-connector-java - 8.0.22 + 8.0.28 javax.servlet diff --git a/src/main/java/taxi/controller/LoginController.java b/src/main/java/taxi/controller/LoginController.java new file mode 100644 index 000000000..2500be5b3 --- /dev/null +++ b/src/main/java/taxi/controller/LoginController.java @@ -0,0 +1,40 @@ +package taxi.controller; + +import java.io.IOException; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import taxi.exception.AuthenticationException; +import taxi.lib.Injector; +import taxi.model.Driver; +import taxi.service.AuthenticationService; + +public class LoginController extends HttpServlet { + private static final Injector injector = Injector.getInstance("taxi"); + private final AuthenticationService authenticationService + = (AuthenticationService) injector.getInstance(AuthenticationService.class); + + @Override + public void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + req.getRequestDispatcher("/WEB-INF/views/login.jsp").forward(req, resp); + } + + @Override + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + String login = req.getParameter("login"); + String password = req.getParameter("password"); + try { + Driver driver = authenticationService.login(login, password); + HttpSession session = req.getSession(); + session.setAttribute("driver_id", driver.getId()); + resp.sendRedirect(req.getContextPath() + "/index"); + } catch (AuthenticationException e) { + req.setAttribute("errorMessage", e.getMessage()); + req.getRequestDispatcher("/WEB-INF/views/login.jsp").forward(req, resp); + } + } +} diff --git a/src/main/java/taxi/controller/LogoutController.java b/src/main/java/taxi/controller/LogoutController.java new file mode 100644 index 000000000..db34f6309 --- /dev/null +++ b/src/main/java/taxi/controller/LogoutController.java @@ -0,0 +1,16 @@ +package taxi.controller; + +import java.io.IOException; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +public class LogoutController extends HttpServlet { + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + req.getSession().invalidate(); + resp.sendRedirect(req.getContextPath() + "/login"); + } +} diff --git a/src/main/java/taxi/controller/car/GetMyCurrentCarsController.java b/src/main/java/taxi/controller/car/GetMyCurrentCarsController.java new file mode 100644 index 000000000..11f0699b9 --- /dev/null +++ b/src/main/java/taxi/controller/car/GetMyCurrentCarsController.java @@ -0,0 +1,25 @@ +package taxi.controller.car; + +import java.io.IOException; +import java.util.List; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import taxi.lib.Injector; +import taxi.model.Car; +import taxi.service.CarService; + +public class GetMyCurrentCarsController extends HttpServlet { + private static final Injector injector = Injector.getInstance("taxi"); + private final CarService carService = (CarService) injector.getInstance(CarService.class); + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + List cars = carService.getAllByDriver( + (Long) req.getSession().getAttribute("driver_id")); + req.setAttribute("cars", cars); + req.getRequestDispatcher("/WEB-INF/views/cars/all.jsp").forward(req, resp); + } +} diff --git a/src/main/java/taxi/controller/driver/AddDriverController.java b/src/main/java/taxi/controller/driver/AddDriverController.java index 1db67730b..e6da4dd22 100644 --- a/src/main/java/taxi/controller/driver/AddDriverController.java +++ b/src/main/java/taxi/controller/driver/AddDriverController.java @@ -24,7 +24,9 @@ public void doGet(HttpServletRequest req, HttpServletResponse resp) public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { String name = req.getParameter("name"); String licenseNumber = req.getParameter("license_number"); - Driver driver = new Driver(name, licenseNumber); + String login = req.getParameter("login"); + String password = req.getParameter("password"); + Driver driver = new Driver(name, licenseNumber, login, password); driverService.create(driver); resp.sendRedirect(req.getContextPath() + "/drivers/add"); } diff --git a/src/main/java/taxi/dao/DriverDao.java b/src/main/java/taxi/dao/DriverDao.java index 83440d530..e9c38d2a5 100644 --- a/src/main/java/taxi/dao/DriverDao.java +++ b/src/main/java/taxi/dao/DriverDao.java @@ -1,6 +1,8 @@ package taxi.dao; +import java.util.Optional; import taxi.model.Driver; public interface DriverDao extends GenericDao { + Optional findByLogin(String login); } diff --git a/src/main/java/taxi/dao/DriverDaoImpl.java b/src/main/java/taxi/dao/DriverDaoImpl.java index f5e18f2a2..234c38f76 100644 --- a/src/main/java/taxi/dao/DriverDaoImpl.java +++ b/src/main/java/taxi/dao/DriverDaoImpl.java @@ -17,13 +17,16 @@ public class DriverDaoImpl implements DriverDao { @Override public Driver create(Driver driver) { - String query = "INSERT INTO drivers (name, license_number) " - + "VALUES (?, ?)"; + String query = "INSERT INTO drivers " + + "(name, license_number, login, password) " + + "VALUES (?, ?, ?, ?)"; try (Connection connection = ConnectionUtil.getConnection(); PreparedStatement statement = connection.prepareStatement(query, Statement.RETURN_GENERATED_KEYS)) { statement.setString(1, driver.getName()); statement.setString(2, driver.getLicenseNumber()); + statement.setString(3, driver.getLogin()); + statement.setString(4, driver.getPassword()); statement.executeUpdate(); ResultSet resultSet = statement.getGeneratedKeys(); if (resultSet.next()) { @@ -52,6 +55,23 @@ public Optional get(Long id) { } } + @Override + public Optional findByLogin(String login) { + String query = "SELECT * FROM drivers WHERE login = ?"; + try (Connection connection = ConnectionUtil.getConnection(); + PreparedStatement statement = connection.prepareStatement(query)) { + statement.setString(1, login); + ResultSet resultSet = statement.executeQuery(); + Driver driver = null; + if (resultSet.next()) { + driver = parseDriverFromResultSet(resultSet); + } + return Optional.ofNullable(driver); + } catch (SQLException e) { + throw new DataProcessingException("Can't get driver by login and password", e); + } + } + @Override public List getAll() { String query = "SELECT * FROM drivers WHERE is_deleted = FALSE"; @@ -71,14 +91,17 @@ public List getAll() { @Override public Driver update(Driver driver) { String query = "UPDATE drivers " - + "SET name = ?, license_number = ? " + + "SET name = ?, license_number = ?, " + + "login = ?, password = ?" + "WHERE id = ? AND is_deleted = FALSE"; try (Connection connection = ConnectionUtil.getConnection(); PreparedStatement statement = connection.prepareStatement(query)) { statement.setString(1, driver.getName()); statement.setString(2, driver.getLicenseNumber()); - statement.setLong(3, driver.getId()); + statement.setString(3, driver.getLogin()); + statement.setString(4, driver.getPassword()); + statement.setLong(5, driver.getId()); statement.executeUpdate(); return driver; } catch (SQLException e) { @@ -102,10 +125,14 @@ private Driver parseDriverFromResultSet(ResultSet resultSet) throws SQLException Long id = resultSet.getObject("id", Long.class); String name = resultSet.getString("name"); String licenseNumber = resultSet.getString("license_number"); + String login = resultSet.getString("login"); + String password = resultSet.getString("password"); Driver driver = new Driver(); driver.setId(id); driver.setName(name); driver.setLicenseNumber(licenseNumber); + driver.setLogin(login); + driver.setPassword(password); return driver; } } diff --git a/src/main/java/taxi/exception/AuthenticationException.java b/src/main/java/taxi/exception/AuthenticationException.java new file mode 100644 index 000000000..52c0c5ba6 --- /dev/null +++ b/src/main/java/taxi/exception/AuthenticationException.java @@ -0,0 +1,7 @@ +package taxi.exception; + +public class AuthenticationException extends Exception { + public AuthenticationException(String massage) { + super(massage); + } +} diff --git a/src/main/java/taxi/filter/AuthenticationFilter.java b/src/main/java/taxi/filter/AuthenticationFilter.java new file mode 100644 index 000000000..bb3cb6324 --- /dev/null +++ b/src/main/java/taxi/filter/AuthenticationFilter.java @@ -0,0 +1,36 @@ +package taxi.filter; + +import java.io.IOException; +import java.util.HashSet; +import java.util.Set; +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +public class AuthenticationFilter implements Filter { + private Set allowedUrls = new HashSet<>(); + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + allowedUrls.add("/login"); + allowedUrls.add("/drivers/add"); + } + + @Override + public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, + FilterChain filterChain) throws IOException, ServletException { + HttpServletRequest req = (HttpServletRequest) servletRequest; + HttpServletResponse resp = (HttpServletResponse) servletResponse; + if (req.getSession().getAttribute("driver_id") == null + && !allowedUrls.contains(req.getServletPath())) { + resp.sendRedirect(req.getContextPath() + "/login"); + return; + } + filterChain.doFilter(req, resp); + } +} diff --git a/src/main/java/taxi/model/Driver.java b/src/main/java/taxi/model/Driver.java index 9c375f94c..a36080df9 100644 --- a/src/main/java/taxi/model/Driver.java +++ b/src/main/java/taxi/model/Driver.java @@ -6,13 +6,17 @@ public class Driver { private Long id; private String name; private String licenseNumber; + private String login; + private String password; public Driver() { } - public Driver(String name, String licenseNumber) { + public Driver(String name, String licenseNumber, String login, String password) { this.name = name; this.licenseNumber = licenseNumber; + this.login = login; + this.password = password; } public Long getId() { @@ -39,6 +43,22 @@ public void setLicenseNumber(String licenseNumber) { this.licenseNumber = licenseNumber; } + public String getLogin() { + return login; + } + + public void setLogin(String login) { + this.login = login; + } + + public String getPassword() { + return password; + } + + public void setPassword(String password) { + this.password = password; + } + @Override public boolean equals(Object o) { if (this == o) { @@ -50,11 +70,13 @@ public boolean equals(Object o) { Driver driver = (Driver) o; return Objects.equals(id, driver.id) && Objects.equals(name, driver.name) - && Objects.equals(licenseNumber, driver.licenseNumber); + && Objects.equals(licenseNumber, driver.licenseNumber) + && Objects.equals(password, driver.password) + && Objects.equals(login, driver.login); } @Override public int hashCode() { - return Objects.hash(id, name, licenseNumber); + return Objects.hash(id, name, licenseNumber, login, password); } } diff --git a/src/main/java/taxi/service/AuthenticationService.java b/src/main/java/taxi/service/AuthenticationService.java new file mode 100644 index 000000000..c0b16d503 --- /dev/null +++ b/src/main/java/taxi/service/AuthenticationService.java @@ -0,0 +1,9 @@ +package taxi.service; + +import taxi.exception.AuthenticationException; +import taxi.model.Driver; + +public interface AuthenticationService { + Driver login(String login, String password) + throws AuthenticationException; +} diff --git a/src/main/java/taxi/service/AuthenticationServiceImpl.java b/src/main/java/taxi/service/AuthenticationServiceImpl.java new file mode 100644 index 000000000..dfb42af40 --- /dev/null +++ b/src/main/java/taxi/service/AuthenticationServiceImpl.java @@ -0,0 +1,22 @@ +package taxi.service; + +import java.util.Optional; +import taxi.exception.AuthenticationException; +import taxi.lib.Inject; +import taxi.lib.Service; +import taxi.model.Driver; + +@Service +public class AuthenticationServiceImpl implements AuthenticationService { + @Inject + private DriverService driverService; + + @Override + public Driver login(String login, String password) throws AuthenticationException { + Optional driver = driverService.findByLogin(login); + if (driver.isPresent() && driver.get().getPassword().equals(password)) { + return driver.get(); + } + throw new AuthenticationException("Login or password is wrong"); + } +} diff --git a/src/main/java/taxi/service/DriverService.java b/src/main/java/taxi/service/DriverService.java index faddf81b3..3dbdfe2f3 100644 --- a/src/main/java/taxi/service/DriverService.java +++ b/src/main/java/taxi/service/DriverService.java @@ -1,6 +1,8 @@ package taxi.service; +import java.util.Optional; import taxi.model.Driver; public interface DriverService extends GenericService { + Optional findByLogin(String login); } diff --git a/src/main/java/taxi/service/DriverServiceImpl.java b/src/main/java/taxi/service/DriverServiceImpl.java index e2f554b3f..cf14b8e39 100644 --- a/src/main/java/taxi/service/DriverServiceImpl.java +++ b/src/main/java/taxi/service/DriverServiceImpl.java @@ -2,6 +2,7 @@ import java.util.List; import java.util.NoSuchElementException; +import java.util.Optional; import taxi.dao.DriverDao; import taxi.lib.Inject; import taxi.lib.Service; @@ -38,4 +39,9 @@ public Driver update(Driver driver) { public boolean delete(Long id) { return driverDao.delete(id); } + + @Override + public Optional findByLogin(String login) { + return driverDao.findByLogin(login); + } } diff --git a/src/main/java/taxi/util/ConnectionUtil.java b/src/main/java/taxi/util/ConnectionUtil.java index 9a94e69a2..3112b3377 100644 --- a/src/main/java/taxi/util/ConnectionUtil.java +++ b/src/main/java/taxi/util/ConnectionUtil.java @@ -6,10 +6,10 @@ import java.util.Properties; public class ConnectionUtil { - private static final String URL = "YOUR DATABASE URL"; - private static final String USERNAME = "YOUR USERNAME"; - private static final String PASSWORD = "YOUR PASSWORD"; - private static final String JDBC_DRIVER = "YOUR DRIVER"; + private static final String URL = "jdbc:mysql://localhost:3306/taxi"; + private static final String USERNAME = "root"; + private static final String PASSWORD = "012345678"; + private static final String JDBC_DRIVER = "com.mysql.cj.jdbc.Driver"; static { try { diff --git a/src/main/resources/init_db.sql b/src/main/resources/init_db.sql index 2acabb883..27c50b0a2 100644 --- a/src/main/resources/init_db.sql +++ b/src/main/resources/init_db.sql @@ -12,6 +12,8 @@ CREATE TABLE `drivers` ( `name` VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, `license_number` VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, `is_deleted` BIT(1) NOT NULL DEFAULT b'0', + `login` VARCHAR(50) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL, + `password` VARCHAR(30) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL, PRIMARY KEY (`id`) USING BTREE ) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic; diff --git a/src/main/webapp/WEB-INF/views/cars/add.jsp b/src/main/webapp/WEB-INF/views/cars/add.jsp index c23ba0b4f..f28ebd818 100644 --- a/src/main/webapp/WEB-INF/views/cars/add.jsp +++ b/src/main/webapp/WEB-INF/views/cars/add.jsp @@ -6,6 +6,7 @@ Add car + <%@ include file ="../header.jsp" %>
diff --git a/src/main/webapp/WEB-INF/views/cars/all.jsp b/src/main/webapp/WEB-INF/views/cars/all.jsp index 84f046299..7c10913aa 100644 --- a/src/main/webapp/WEB-INF/views/cars/all.jsp +++ b/src/main/webapp/WEB-INF/views/cars/all.jsp @@ -6,6 +6,7 @@ All cars + <%@ include file ="../header.jsp" %>

All cars:

diff --git a/src/main/webapp/WEB-INF/views/cars/drivers/add.jsp b/src/main/webapp/WEB-INF/views/cars/drivers/add.jsp index d281d5d72..ff576c896 100644 --- a/src/main/webapp/WEB-INF/views/cars/drivers/add.jsp +++ b/src/main/webapp/WEB-INF/views/cars/drivers/add.jsp @@ -6,6 +6,7 @@ Add driver to car + <%@ include file ="../../header.jsp" %>
diff --git a/src/main/webapp/WEB-INF/views/drivers/add.jsp b/src/main/webapp/WEB-INF/views/drivers/add.jsp index 4ad7cee44..532aa2785 100644 --- a/src/main/webapp/WEB-INF/views/drivers/add.jsp +++ b/src/main/webapp/WEB-INF/views/drivers/add.jsp @@ -6,6 +6,7 @@ All drivers + <%@ include file ="../header.jsp" %>
@@ -14,6 +15,8 @@ Name License number + Login + Password Add @@ -23,6 +26,12 @@ + + + + + + diff --git a/src/main/webapp/WEB-INF/views/drivers/all.jsp b/src/main/webapp/WEB-INF/views/drivers/all.jsp index 776101f73..a14f6d535 100644 --- a/src/main/webapp/WEB-INF/views/drivers/all.jsp +++ b/src/main/webapp/WEB-INF/views/drivers/all.jsp @@ -6,6 +6,7 @@ All drivers + <%@ include file ="../header.jsp" %>

All drivers:

diff --git a/src/main/webapp/WEB-INF/views/header.jsp b/src/main/webapp/WEB-INF/views/header.jsp new file mode 100644 index 000000000..13f32c874 --- /dev/null +++ b/src/main/webapp/WEB-INF/views/header.jsp @@ -0,0 +1,9 @@ +<%@ page contentType="text/html;charset=UTF-8" language="java" %> + + + + + +Logout + + \ No newline at end of file diff --git a/src/main/webapp/WEB-INF/views/index.jsp b/src/main/webapp/WEB-INF/views/index.jsp index b9b5e9d2b..44c81108d 100644 --- a/src/main/webapp/WEB-INF/views/index.jsp +++ b/src/main/webapp/WEB-INF/views/index.jsp @@ -5,6 +5,7 @@ My team + <%@ include file ="header.jsp" %>
@@ -20,6 +21,7 @@ Create new Car Create new Manufacturer Add Driver to Car + My cars diff --git a/src/main/webapp/WEB-INF/views/login.jsp b/src/main/webapp/WEB-INF/views/login.jsp new file mode 100644 index 000000000..cd0937966 --- /dev/null +++ b/src/main/webapp/WEB-INF/views/login.jsp @@ -0,0 +1,22 @@ +<%@ page contentType="text/html;charset=UTF-8" language="java" %> + + + + Login + + +

Login page

+

${errorMsg}

+
+ + + + + +
Enter your login: Enter your password:
+
+

Register

+ + diff --git a/src/main/webapp/WEB-INF/views/manufacturers/add.jsp b/src/main/webapp/WEB-INF/views/manufacturers/add.jsp index 108d3541c..798e17aab 100644 --- a/src/main/webapp/WEB-INF/views/manufacturers/add.jsp +++ b/src/main/webapp/WEB-INF/views/manufacturers/add.jsp @@ -6,6 +6,7 @@ Manufacturers + <%@ include file ="../header.jsp" %>
diff --git a/src/main/webapp/WEB-INF/views/manufacturers/all.jsp b/src/main/webapp/WEB-INF/views/manufacturers/all.jsp index fd3eafdbf..e24970319 100644 --- a/src/main/webapp/WEB-INF/views/manufacturers/all.jsp +++ b/src/main/webapp/WEB-INF/views/manufacturers/all.jsp @@ -6,6 +6,7 @@ All manufacturers + <%@ include file ="../header.jsp" %>

All manufacturers:

diff --git a/src/main/webapp/web.xml b/src/main/webapp/web.xml index 284381048..59e80176a 100644 --- a/src/main/webapp/web.xml +++ b/src/main/webapp/web.xml @@ -105,4 +105,40 @@ deleteManufacturer /manufacturers/delete + + + login + taxi.controller.LoginController + + + login + /login + + + + logout + taxi.controller.LogoutController + + + logout + /logout + + + + allMyCars + taxi.controller.car.GetMyCurrentCarsController + + + allMyCars + /drivers/cars + + + + authenticationFilter + taxi.filter.AuthenticationFilter + + + authenticationFilter + /* +