org.riotfamily.riot.hibernate.security
Class HibernateUserDao

java.lang.Object
  org.springframework.dao.support.DaoSupport
      org.springframework.orm.hibernate3.support.HibernateDaoSupport
          org.riotfamily.riot.hibernate.dao.AbstractHibernateRiotDao
              org.riotfamily.riot.hibernate.dao.AbstractHqlDao
                  org.riotfamily.riot.hibernate.dao.HqlDao
                      org.riotfamily.riot.hibernate.security.HibernateUserDao

All Implemented Interfaces:

RiotDao, SortableDao, SwappableItemDao, RiotUserDao, InitializingBean

public class HibernateUserDao
extends HqlDao
implements RiotUserDao

RiotUserDao that performs look-ups via Hibernate.

Since:

6.5

Author:

Felix Gnass [fgnass at neteye dot de]

Field Summary

static String	DEFAULT_PASSWORD
static String	DEFAULT_USERNAME

Fields inherited from class org.springframework.dao.support.DaoSupport

logger

Constructor Summary

HibernateUserDao(org.hibernate.SessionFactory sessionFactory)

Method Summary

protected boolean	anyUserExists() Returns whether any user exists in the database.
protected RiotUser	findInitialUser(String userId) If no user exists, the given userId is compared with the one of the initial user.
protected RiotUser	findInitialUser(String username, String password) If no user exists, the given credentials are compared with the ones of the initial user.
RiotUser	findUserByCredentials(String username, String password) Performs a database lookup with the given credentials.
RiotUser	findUserById(String userId) Performs a database lookup with the given userId.
protected String	hashPassword(String plainText) Hashes the given password.
protected void	initDao() Creates (or validates) the initial user.
void	save(Object entity, Object parent) Invokes hashNewPassword(Object) and delegates the call to the super method.
void	setEntityClass(Class<?> entityClass) Sets the user class.
void	setHashPasswords(boolean hashPasswords) Sets whether hashed passwords should be used instead of plain text.
void	setInitialUser(RiotUser initialUser) Sets the initial user object that is persisted when no other user exists.
void	setNewPasswordProperty(String newPasswordProperty) Sets the name of the (transient) property that holds the new plain text password.
void	setPasswordProperty(String passwordProperty) Sets the name of the property that holds the (possibly hashed) password.
void	setUsernameProperty(String usernameProperty) Sets the name of the property that holds the username.
void	update(Object entity) Invokes hashNewPassword(Object) and delegates the call to the super method.
void	updatePassword(RiotUser user, String newPassword)

Methods inherited from class org.riotfamily.riot.hibernate.dao.HqlDao

buildMaxPositionHql, getEntityClass, getOrderBy, getSelect, getWhere, isPolymorph, isSetPositionOnSave, setPolymorph, setPositionIfNeeded, setPositionProperty, setSelect, setSetPositionOnSave, setWhere, swapEntity

Methods inherited from class org.riotfamily.riot.hibernate.dao.AbstractHqlDao

buildCountHql, buildHql, getFilterWhereClause, getFrom, getListSize, getSearchWhereClause, getWhereClause, isPrefixSearch, isSuffixSearch, listInternal, setFilterParameters, setQueryParameters

Methods inherited from class org.riotfamily.riot.hibernate.dao.AbstractHibernateRiotDao

delete, getObjectId, list, load, merge

Methods inherited from class org.springframework.orm.hibernate3.support.HibernateDaoSupport

checkDaoConfig, convertHibernateAccessException, createHibernateTemplate, getHibernateTemplate, getSession, getSession, getSessionFactory, releaseSession, setHibernateTemplate, setSessionFactory

Methods inherited from class org.springframework.dao.support.DaoSupport

afterPropertiesSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.riotfamily.riot.dao.RiotDao

delete, getEntityClass, getListSize, getObjectId, list, load, merge

Field Detail

DEFAULT_USERNAME

public static final String DEFAULT_USERNAME

See Also:

Constant Field Values

DEFAULT_PASSWORD

public static final String DEFAULT_PASSWORD

See Also:

Constant Field Values

Constructor Detail

HibernateUserDao

public HibernateUserDao(org.hibernate.SessionFactory sessionFactory)

Method Detail

setEntityClass

public void setEntityClass(Class<?> entityClass)

Sets the user class.

Overrides:

setEntityClass in class HqlDao

Throws:

IllegalArgumentException - if the given class does not implement the RiotUser interface.

setUsernameProperty

public void setUsernameProperty(String usernameProperty)

Sets the name of the property that holds the username. This property is used by findUserByCredentials(String, String) to look up a user upon login.

setPasswordProperty

public void setPasswordProperty(String passwordProperty)

Sets the name of the property that holds the (possibly hashed) password. This property is used by findUserByCredentials(String, String) to look up a user upon login.

setHashPasswords

public void setHashPasswords(boolean hashPasswords)

Sets whether hashed passwords should be used instead of plain text. Default is true.

See Also:

hashPassword(String)

setNewPasswordProperty

public void setNewPasswordProperty(String newPasswordProperty)

Sets the name of the (transient) property that holds the new plain text password. When hashed passwords are used, this property is checked upon updates. If the property contains a non null value, this value is used to create a new password hash.

setInitialUser

public void setInitialUser(RiotUser initialUser)

Sets the initial user object that is persisted when no other user exists. If set to null (default), a new instance of the entity class is created via reflection.

initDao

protected void initDao()
                throws Exception

Creates (or validates) the initial user.

Note: The user is not saved to the database at this point, as this method is not invoked within a transaction. The user will be persisted when findUserByCredentials(String, String) or findUserById(String) is called and the database does not contain any user objects.

Overrides:

initDao in class DaoSupport

Throws:

Exception

hashPassword

protected String hashPassword(String plainText)

Hashes the given password. The default implementation creates a MD5 sum. Subclasses may overwrite this method to use a different algorithm or add a salt.

updatePassword

public void updatePassword(RiotUser user,
                           String newPassword)

Specified by:

updatePassword in interface RiotUserDao

findUserByCredentials

public RiotUser findUserByCredentials(String username,
                                      String password)

Performs a database lookup with the given credentials. If no matching user is found, findInitialUser(String, String) is called.

Specified by:

findUserByCredentials in interface RiotUserDao

findInitialUser

protected RiotUser findInitialUser(String username,
                                   String password)

If no user exists, the given credentials are compared with the ones of the initial user. If username and password match, the initial user is persisted and returned.

findUserById

public RiotUser findUserById(String userId)

Performs a database lookup with the given userId. If no matching user is found, findInitialUser(String) is called.

Specified by:

findUserById in interface RiotUserDao

findInitialUser

protected RiotUser findInitialUser(String userId)

If no user exists, the given userId is compared with the one of the initial user. If the id matches, the initial user is persisted and returned.

anyUserExists

protected boolean anyUserExists()

Returns whether any user exists in the database.

save

public void save(Object entity,
                 Object parent)

Invokes hashNewPassword(Object) and delegates the call to the super method.

Specified by:

save in interface RiotDao

Overrides:

save in class HqlDao

update

public void update(Object entity)

Invokes hashNewPassword(Object) and delegates the call to the super method.

Specified by:

update in interface RiotDao

Overrides:

update in class AbstractHibernateRiotDao