web-security. Pochtalon

pom.xml

@@ -23,7 +23,7 @@
         <dependency>
             <groupId>mysql</groupId>
             <artifactId>mysql-connector-java</artifactId>
-            <version>8.0.22</version>
+            <version>8.0.28</version>
         </dependency>
         <dependency>
             <groupId>javax.servlet</groupId>

src/main/java/taxi/controller/LoginController.java

@@ -0,0 +1,42 @@
+package taxi.controller;
+
+import java.io.IOException;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import taxi.exception.AuthenticationException;
+import taxi.lib.Injector;
+import taxi.model.Driver;
+import taxi.service.AuthenticationService;
+
+@WebServlet(urlPatterns = "/login")
+public class LoginController extends HttpServlet {
+    private static final Injector injector = Injector.getInstance("taxi");
+    private AuthenticationService authenticationService =
+            (AuthenticationService) injector.getInstance(AuthenticationService.class);
+
+    @Override
+    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+            throws ServletException, IOException {
+        req.getRequestDispatcher("/WEB-INF/views/login.jsp").forward(req, resp);
+    }
+
+    @Override
+    protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+            throws ServletException, IOException {
+        String login = req.getParameter("login");
+        String password = req.getParameter("password");
+        try {
+            Driver driver = authenticationService.login(login, password);
+            HttpSession session = req.getSession();
+            session.setAttribute("driver_id", driver.getId());
+            resp.sendRedirect(req.getContextPath() + "/index");
+        } catch (AuthenticationException e) {
+            req.setAttribute("errorMessage", e.getMessage());
+            req.getRequestDispatcher("/WEB-INF/views/login.jsp").forward(req, resp);
+        }
+    }
+}

src/main/java/taxi/controller/LogoutController.java

@@ -0,0 +1,18 @@
+package taxi.controller;
+
+import java.io.IOException;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@WebServlet(urlPatterns = "/logout")
+public class LogoutController extends HttpServlet {
+    @Override
+    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+            throws ServletException, IOException {
+        req.getSession().invalidate();
+        resp.sendRedirect(req.getContextPath() + "/login");
+    }
+}

src/main/java/taxi/controller/driver/AddDriverController.java

@@ -24,7 +24,9 @@ public void doGet(HttpServletRequest req, HttpServletResponse resp)
     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
         String name = req.getParameter("name");
         String licenseNumber = req.getParameter("license_number");
-        Driver driver = new Driver(name, licenseNumber);
+        String login = req.getParameter("login");
+        String password = req.getParameter("password");
+        Driver driver = new Driver(name, licenseNumber, login, password);
         driverService.create(driver);
         resp.sendRedirect(req.getContextPath() + "/drivers/add");
     }

src/main/java/taxi/controller/driver/GetMyCurrentCarsController.java

@@ -0,0 +1,33 @@
+package taxi.controller.driver;
+
+import java.io.IOException;
+import java.util.List;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import taxi.lib.Injector;
+import taxi.model.Car;
+import taxi.service.CarService;
+import taxi.service.DriverService;
+
+@WebServlet(urlPatterns = "/drivers/cars")
+public class GetMyCurrentCarsController extends HttpServlet {
+    private static final Injector injector = Injector.getInstance("taxi");
+    private final DriverService driverService = (DriverService) injector
+            .getInstance(DriverService.class);
+    private final CarService carService = (CarService) injector
+            .getInstance(CarService.class);
+
+    @Override
+    public void doGet(HttpServletRequest req, HttpServletResponse resp)
+            throws ServletException, IOException {
+        HttpSession session = req.getSession();
+        Long driverId = (Long) session.getAttribute("driver_id");
+        List<Car> cars = carService.getAllByDriver(driverId);
+        req.setAttribute("cars", cars);
+        req.getRequestDispatcher("/WEB-INF/views/cars/all.jsp").forward(req, resp);
+    }
+}

src/main/java/taxi/dao/CarDaoImpl.java

@@ -188,7 +188,7 @@ private void deleteAllDrivers(Car car) {
     }
 
     private List<Driver> getAllDriversByCarId(Long carId) {
-        String query = "SELECT id, name, license_number "
+        String query = "SELECT id, name, license_number, login, password "
                 + "FROM cars_drivers cd "
                 + "JOIN drivers d ON cd.driver_id = d.id "
                 + "WHERE car_id = ? AND is_deleted = false";
@@ -211,10 +211,14 @@ private Driver parseDriverFromResultSet(ResultSet resultSet) throws SQLException
         Long driverId = resultSet.getObject("id", Long.class);
         String name = resultSet.getString("name");
         String licenseNumber = resultSet.getString("license_number");
+        String login = resultSet.getString("login");
+        String password = resultSet.getString("password");
         Driver driver = new Driver();
         driver.setId(driverId);
         driver.setName(name);
         driver.setLicenseNumber(licenseNumber);
+        driver.setLogin(login);
+        driver.setPassword(password);
         return driver;
     }
 

src/main/java/taxi/dao/DriverDao.java

@@ -1,6 +1,8 @@
 package taxi.dao;
 
+import java.util.Optional;
 import taxi.model.Driver;
 
 public interface DriverDao extends GenericDao<Driver> {
+    Optional<Driver> findByLogin(String login);
 }

src/main/java/taxi/dao/DriverDaoImpl.java

@@ -17,13 +17,15 @@
 public class DriverDaoImpl implements DriverDao {
     @Override
     public Driver create(Driver driver) {
-        String query = "INSERT INTO drivers (name, license_number) "
-                + "VALUES (?, ?)";
+        String query = "INSERT INTO drivers (name, license_number, login, password) "
+                + "VALUES (?, ?, ?, ?)";
         try (Connection connection = ConnectionUtil.getConnection();
                 PreparedStatement statement = connection.prepareStatement(query,
                         Statement.RETURN_GENERATED_KEYS)) {
             statement.setString(1, driver.getName());
             statement.setString(2, driver.getLicenseNumber());
+            statement.setString(3, driver.getLogin());
+            statement.setString(4, driver.getPassword());
             statement.executeUpdate();
             ResultSet resultSet = statement.getGeneratedKeys();
             if (resultSet.next()) {
@@ -52,6 +54,23 @@ public Optional<Driver> get(Long id) {
         }
     }
 
+    @Override
+    public Optional<Driver> findByLogin(String login) {
+        String query = "SELECT * FROM drivers WHERE login = ? AND is_deleted = FALSE";
+        try (Connection connection = ConnectionUtil.getConnection();
+                PreparedStatement statement = connection.prepareStatement(query)) {
+            statement.setString(1, login);
+            ResultSet resultSet = statement.executeQuery();
+            Driver driver = null;
+            if (resultSet.next()) {
+                driver = parseDriverFromResultSet(resultSet);
+            }
+            return Optional.ofNullable(driver);
+        } catch (SQLException e) {
+            throw new DataProcessingException("Can't get driver by login " + login, e);
+        }
+    }
+
     @Override
     public List<Driver> getAll() {
         String query = "SELECT * FROM drivers WHERE is_deleted = FALSE";

src/main/java/taxi/exception/AuthenticationException.java

@@ -0,0 +1,7 @@
+package taxi.exception;
+
+public class AuthenticationException extends Exception {
+    public AuthenticationException(String message) {
+        super(message);
+    }
+}

src/main/java/taxi/model/Driver.java

@@ -6,6 +6,8 @@ public class Driver {
     private Long id;
     private String name;
     private String licenseNumber;
+    private String login;
+    private String password;
 
     public Driver() {
     }
@@ -15,6 +17,28 @@ public Driver(String name, String licenseNumber) {
         this.licenseNumber = licenseNumber;
     }
 
+    public Driver(String name, String licenseNumber, String login, String password) {
+        this(name, licenseNumber);
+        this.login = login;
+        this.password = password;
+    }
+
+    public String getLogin() {
+        return login;
+    }
+
+    public void setLogin(String login) {
+        this.login = login;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
     public Long getId() {
         return id;
     }

src/main/java/taxi/service/AuthenticationService.java

@@ -0,0 +1,8 @@
+package taxi.service;
+
+import taxi.exception.AuthenticationException;
+import taxi.model.Driver;
+
+public interface AuthenticationService {
+    Driver login(String driverName, String licenseNumber) throws AuthenticationException;
+}

src/main/java/taxi/service/AuthenticationServiceImpl.java

@@ -0,0 +1,25 @@
+package taxi.service;
+
+import java.util.Optional;
+import taxi.exception.AuthenticationException;
+import taxi.lib.Inject;
+import taxi.lib.Service;
+import taxi.model.Driver;
+
+@Service
+public class AuthenticationServiceImpl implements AuthenticationService {
+    @Inject
+    private DriverService driverService;
+
+    @Override
+    public Driver login(String login, String password) throws AuthenticationException {
+        Optional<Driver> driver = driverService.findByLogin(login);
+        if (driver.isEmpty()) {
+            throw new AuthenticationException("Login or password was incorrect");
+        }
+        if (driver.get().getLicenseNumber().equals(password)) {
+            return driver.get();
+        }
+        throw new AuthenticationException("Login or password was incorrect");
+    }
+}

src/main/java/taxi/service/DriverService.java

@@ -1,6 +1,8 @@
 package taxi.service;
 
+import java.util.Optional;
 import taxi.model.Driver;
 
 public interface DriverService extends GenericService<Driver> {
+    Optional<Driver> findByLogin(String login);
 }

src/main/java/taxi/service/DriverServiceImpl.java

@@ -2,6 +2,7 @@
 
 import java.util.List;
 import java.util.NoSuchElementException;
+import java.util.Optional;
 import taxi.dao.DriverDao;
 import taxi.lib.Inject;
 import taxi.lib.Service;
@@ -38,4 +39,9 @@ public Driver update(Driver driver) {
     public boolean delete(Long id) {
         return driverDao.delete(id);
     }
+
+    @Override
+    public Optional<Driver> findByLogin(String login) {
+        return driverDao.findByLogin(login);
+    }
 }

src/main/java/taxi/util/ConnectionUtil.java

@@ -6,10 +6,12 @@
 import java.util.Properties;
 
 public class ConnectionUtil {
-    private static final String URL = "YOUR DATABASE URL";
-    private static final String USERNAME = "YOUR USERNAME";
-    private static final String PASSWORD = "YOUR PASSWORD";
-    private static final String JDBC_DRIVER = "YOUR DRIVER";
+    // I had a problem "The server time zone value is unrecognized" so found this decision
+    private static final String URL =
+            "jdbc:mysql://localhost:3306/taxi?useUnicode=true&serverTimezone=UTC";
+    private static final String USERNAME = "root";
+    private static final String PASSWORD = "00000";
+    private static final String JDBC_DRIVER = "com.mysql.cj.jdbc.Driver";
 
     static {
         try {

src/main/java/taxi/web/filter/AuthenticationFilter.java

@@ -0,0 +1,42 @@
+package taxi.web.filter;
+
+import java.io.IOException;
+import java.util.HashSet;
+import java.util.Set;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+public class AuthenticationFilter implements Filter {
+    private Set<String> allowedUrls = new HashSet<>();
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        allowedUrls.add("/login");
+        allowedUrls.add("/drivers/add");
+    }
+
+    @Override
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
+                         FilterChain filterChain) throws IOException, ServletException {
+        HttpServletRequest request = (HttpServletRequest) servletRequest;
+        HttpServletResponse response = (HttpServletResponse) servletResponse;
+        HttpSession session = request.getSession();
+        Long driverId = (Long) session.getAttribute("driver_id");
+        if (driverId == null && allowedUrls.contains(request.getServletPath())) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+        if (driverId == null) {
+            response.sendRedirect(request.getContextPath() + "/login");
+            return;
+        }
+        filterChain.doFilter(request, response);
+    }
+}

src/main/resources/init_db.sql

@@ -11,6 +11,8 @@ CREATE TABLE `drivers`  (
                             `id` BIGINT(0) UNSIGNED NOT NULL AUTO_INCREMENT,
                             `name` VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
                             `license_number` VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
+                            `login` VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
+                            `password` VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
                             `is_deleted` BIT(1) NOT NULL DEFAULT b'0',
                             PRIMARY KEY (`id`) USING BTREE
 ) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;

src/main/webapp/WEB-INF/views/cars/add.jsp

@@ -8,6 +8,7 @@
     <title>Add car</title>
 </head>
 <body>
+<h1 align="right" ><%@include file="/WEB-INF/views/header.jsp"%></h1>
 <form method="post" id="car" action="${pageContext.request.contextPath}/cars/add"></form>
 <h1 class="table_dark">Add car:</h1>
 <table border="1" class="table_dark">

src/main/webapp/WEB-INF/views/cars/all.jsp

@@ -8,6 +8,7 @@
     <title>All cars</title>
 </head>
 <body>
+<h1 align="right" ><%@include file="/WEB-INF/views/header.jsp"%></h1>
 <h1 class="table_dark">All cars:</h1>
 <table border="1" class="table_dark">
     <tr>

src/main/webapp/WEB-INF/views/cars/drivers/add.jsp

@@ -8,6 +8,7 @@
     <title>Add driver to car</title>
 </head>
 <body>
+<h1 align="right" ><%@include file="/WEB-INF/views/header.jsp"%></h1>
 <form method="post" id="car" action="${pageContext.request.contextPath}/cars/drivers/add"></form>
 <h1 class="table_dark">Add driver to car:</h1>
 <table border="1" class="table_dark">