org.riotfamily.riot.hibernate.security
Class HibernateUserDao

java.lang.Object
  extended by org.springframework.dao.support.DaoSupport
      extended by org.springframework.orm.hibernate3.support.HibernateDaoSupport
          extended by org.riotfamily.riot.hibernate.dao.AbstractHibernateRiotDao
              extended by org.riotfamily.riot.hibernate.dao.AbstractHqlDao
                  extended by org.riotfamily.riot.hibernate.dao.HqlDao
                      extended by org.riotfamily.riot.hibernate.security.HibernateUserDao
All Implemented Interfaces:
RiotDao, SortableDao, SwappableItemDao, RiotUserDao, InitializingBean

public class HibernateUserDao
extends HqlDao
implements RiotUserDao

RiotUserDao that performs look-ups via Hibernate.

Since:
6.5
Author:
Felix Gnass [fgnass at neteye dot de]

Field Summary
static String DEFAULT_PASSWORD
           
static String DEFAULT_USERNAME
           
 
Fields inherited from class org.springframework.dao.support.DaoSupport
logger
 
Constructor Summary
HibernateUserDao(org.hibernate.SessionFactory sessionFactory)
           
 
Method Summary
protected  boolean anyUserExists()
          Returns whether any user exists in the database.
protected  RiotUser findInitialUser(String userId)
          If no user exists, the given userId is compared with the one of the initial user.
protected  RiotUser findInitialUser(String username, String password)
          If no user exists, the given credentials are compared with the ones of the initial user.
 RiotUser findUserByCredentials(String username, String password)
          Performs a database lookup with the given credentials.
 RiotUser findUserById(String userId)
          Performs a database lookup with the given userId.
protected  String hashPassword(String plainText)
          Hashes the given password.
protected  void initDao()
          Creates (or validates) the initial user.
 void save(Object entity, Object parent)
          Invokes hashNewPassword(Object) and delegates the call to the super method.
 void setEntityClass(Class<?> entityClass)
          Sets the user class.
 void setHashPasswords(boolean hashPasswords)
          Sets whether hashed passwords should be used instead of plain text.
 void setInitialUser(RiotUser initialUser)
          Sets the initial user object that is persisted when no other user exists.
 void setNewPasswordProperty(String newPasswordProperty)
          Sets the name of the (transient) property that holds the new plain text password.
 void setPasswordProperty(String passwordProperty)
          Sets the name of the property that holds the (possibly hashed) password.
 void setUsernameProperty(String usernameProperty)
          Sets the name of the property that holds the username.
 void update(Object entity)
          Invokes hashNewPassword(Object) and delegates the call to the super method.
 void updatePassword(RiotUser user, String newPassword)
           
 
Methods inherited from class org.riotfamily.riot.hibernate.dao.HqlDao
buildMaxPositionHql, getEntityClass, getOrderBy, getSelect, getWhere, isPolymorph, isSetPositionOnSave, setPolymorph, setPositionIfNeeded, setPositionProperty, setSelect, setSetPositionOnSave, setWhere, swapEntity
 
Methods inherited from class org.riotfamily.riot.hibernate.dao.AbstractHqlDao
buildCountHql, buildHql, getFilterWhereClause, getFrom, getListSize, getSearchWhereClause, getWhereClause, isPrefixSearch, isSuffixSearch, listInternal, setFilterParameters, setQueryParameters
 
Methods inherited from class org.riotfamily.riot.hibernate.dao.AbstractHibernateRiotDao
delete, getObjectId, list, load, merge
 
Methods inherited from class org.springframework.orm.hibernate3.support.HibernateDaoSupport
checkDaoConfig, convertHibernateAccessException, createHibernateTemplate, getHibernateTemplate, getSession, getSession, getSessionFactory, releaseSession, setHibernateTemplate, setSessionFactory
 
Methods inherited from class org.springframework.dao.support.DaoSupport
afterPropertiesSet
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.riotfamily.riot.dao.RiotDao
delete, getEntityClass, getListSize, getObjectId, list, load, merge
 

Field Detail

DEFAULT_USERNAME

public static final String DEFAULT_USERNAME
See Also:
Constant Field Values

DEFAULT_PASSWORD

public static final String DEFAULT_PASSWORD
See Also:
Constant Field Values
Constructor Detail

HibernateUserDao

public HibernateUserDao(org.hibernate.SessionFactory sessionFactory)
Method Detail

setEntityClass

public void setEntityClass(Class<?> entityClass)
Sets the user class.

Overrides:
setEntityClass in class HqlDao
Throws:
IllegalArgumentException - if the given class does not implement the RiotUser interface.

setUsernameProperty

public void setUsernameProperty(String usernameProperty)
Sets the name of the property that holds the username. This property is used by findUserByCredentials(String, String) to look up a user upon login.


setPasswordProperty

public void setPasswordProperty(String passwordProperty)
Sets the name of the property that holds the (possibly hashed) password. This property is used by findUserByCredentials(String, String) to look up a user upon login.


setHashPasswords

public void setHashPasswords(boolean hashPasswords)
Sets whether hashed passwords should be used instead of plain text. Default is true.

See Also:
hashPassword(String)

setNewPasswordProperty

public void setNewPasswordProperty(String newPasswordProperty)
Sets the name of the (transient) property that holds the new plain text password. When hashed passwords are used, this property is checked upon updates. If the property contains a non null value, this value is used to create a new password hash.


setInitialUser

public void setInitialUser(RiotUser initialUser)
Sets the initial user object that is persisted when no other user exists. If set to null (default), a new instance of the entity class is created via reflection.


initDao

protected void initDao()
                throws Exception
Creates (or validates) the initial user.

Note: The user is not saved to the database at this point, as this method is not invoked within a transaction. The user will be persisted when findUserByCredentials(String, String) or findUserById(String) is called and the database does not contain any user objects.

Overrides:
initDao in class DaoSupport
Throws:
Exception

hashPassword

protected String hashPassword(String plainText)
Hashes the given password. The default implementation creates a MD5 sum. Subclasses may overwrite this method to use a different algorithm or add a salt.


updatePassword

public void updatePassword(RiotUser user,
                           String newPassword)
Specified by:
updatePassword in interface RiotUserDao

findUserByCredentials

public RiotUser findUserByCredentials(String username,
                                      String password)
Performs a database lookup with the given credentials. If no matching user is found, findInitialUser(String, String) is called.

Specified by:
findUserByCredentials in interface RiotUserDao

findInitialUser

protected RiotUser findInitialUser(String username,
                                   String password)
If no user exists, the given credentials are compared with the ones of the initial user. If username and password match, the initial user is persisted and returned.


findUserById

public RiotUser findUserById(String userId)
Performs a database lookup with the given userId. If no matching user is found, findInitialUser(String) is called.

Specified by:
findUserById in interface RiotUserDao

findInitialUser

protected RiotUser findInitialUser(String userId)
If no user exists, the given userId is compared with the one of the initial user. If the id matches, the initial user is persisted and returned.


anyUserExists

protected boolean anyUserExists()
Returns whether any user exists in the database.


save

public void save(Object entity,
                 Object parent)
Invokes hashNewPassword(Object) and delegates the call to the super method.

Specified by:
save in interface RiotDao
Overrides:
save in class HqlDao

update

public void update(Object entity)
Invokes hashNewPassword(Object) and delegates the call to the super method.

Specified by:
update in interface RiotDao
Overrides:
update in class AbstractHibernateRiotDao