andy/mip
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Altered install scripts to add a base user in the seed data. Also altered install script to correctly accept a 6th parameter. Edited mip_security.authorize so that if no data is returned the system returns false.

Browse Source 
git-svn-id: http://locode01.ad.dom/svn/WEBMIP/trunk@2894 248e525c-4dfb-0310-94bc-949c084e9493
This commit is contained in:
PriestJ
2007-11-27 18:39:27 +00:00
parent 7877296419
commit 4e275aa855
7 changed files with 136 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Data/Seed/InstallSeed.cmd
View File

@@ -8,6 +8,12 @@ sqlplus %1 @disable_constraints
sqlplus %1 @delete_tables sqlplus %1 @delete_tables
sqlldr %1 control=prty
sqlldr %1 control=parl
sqlldr %1 control=apau
sqlldr %1 control=alty sqlldr %1 control=alty
sqlldr %1 control=caco sqlldr %1 control=caco
@@ -60,6 +66,8 @@ sqlldr %1 control=poco
sqlplus %1 @enable_constraints sqlplus %1 @enable_constraints
sqlplus %1 @create_passwords
goto :done goto :done
:usage :usage

18
Data/Seed/apau.ctl Normal file
View File

@@ -0,0 +1,18 @@
LOAD DATA
INFILE *
INTO TABLE apex_authorization
REPLACE
FIELDS TERMINATED BY '|'
(
rt_code
,component_name
,component_type
,privilege
)
BEGINDATA
MIPADMIN|10|P|A
MIPADMIN|32|P|A
MIPADMIN|21|P|A
MIPADMIN|20|P|A
MIPADMIN|13|P|A
MIPADMIN|11|P|A

21
Data/Seed/create_passwords.sql Normal file
View File

@@ -0,0 +1,21 @@
DECLARE
l_hash varchar2(240);
BEGIN
FOR l_pwd IN (SELECT id, username
FROM parties
WHERE username IS NOT NULL) LOOP
l_hash := mip_security.get_hash(p_username=>l_pwd.username, p_password=>'password');
INSERT INTO passwords
(prty_id
,password_hash
,created_on)
VALUES
(l_pwd.id
,l_hash
,SYSDATE);
END LOOP;
END;
/
exit

16
Data/Seed/parl.ctl Normal file
View File

@@ -0,0 +1,16 @@
LOAD DATA
INFILE *
INTO TABLE party_roles
REPLACE
FIELDS TERMINATED BY '|'
(
prty_id
,rt_code
,id
,start_date
,end_date
,description
)
BEGINDATA
100|MIPADMIN|1001|08-NOV-07|||

29
Data/Seed/prty.ctl Normal file
View File

@@ -0,0 +1,29 @@
LOAD DATA
INFILE *
INTO TABLE parties
REPLACE
FIELDS TERMINATED BY '|'
(
manu_ref
,created_by
,shortcode
,name
,description
,created_on
,updated_on
,updated_by
,mktp_ref
,lt_7b_contract_ref
,gt_7b_contract_ref
,adversarial_contract_ref
,username
,status
,first_name
,last_name
,personal_title
,comments
,id
,prty_type
)
BEGINDATA
|advantica||||08-NOV-07|||||||advantica|OPEN|Advantica|User|Mr|User|100|PERS

3
InstallMIP.cmd
View File

@@ -23,7 +23,8 @@ cd ..\..
if "%6"=="" goto :done if "%6"=="" goto :done
goto "%6" if "%6"=="demo" goto :demo
if "%6"=="test" doto :test
:demo :demo
@echo Demo @echo Demo

79
Modules/mip_security.pck
View File

@@ -6,7 +6,7 @@ CREATE OR REPLACE PACKAGE mip_security AS
/** Perform user authentication and login /** Perform user authentication and login
An authenticated login for an expired password will result in flow to the 'Change Password' An authenticated login for an expired password will result in flow to the 'Change Password'
page. page.
%param p_uname username %param p_uname username
%param p_password password %param p_password password
%param p_session_id APEX session number %param p_session_id APEX session number
%param p_flow_page the app:page to which flow should pass on successful authentication %param p_flow_page the app:page to which flow should pass on successful authentication
@@ -19,25 +19,25 @@ CREATE OR REPLACE PACKAGE mip_security AS
/** Generate a hash from the given username and password /** Generate a hash from the given username and password
The system does not record users passwords 'in the plain', instead we The system does not record users passwords 'in the plain', instead we
recordThe resultant hash is recorded as the username 'password hash' recordThe resultant hash is recorded as the username 'password hash'
*/ */
FUNCTION get_hash(p_username IN VARCHAR2 FUNCTION get_hash(p_username IN VARCHAR2
,p_password IN VARCHAR2) RETURN VARCHAR2; ,p_password IN VARCHAR2) RETURN VARCHAR2;
/** /**
%obs private function %obs private function
*/ */
PROCEDURE valid_user2(p_username IN VARCHAR2 PROCEDURE valid_user2(p_username IN VARCHAR2
,p_password IN VARCHAR2); ,p_password IN VARCHAR2);
/** /**
%obs replaced by authenticate_user %obs replaced by authenticate_user
*/ */
FUNCTION valid_user(p_username IN VARCHAR2 FUNCTION valid_user(p_username IN VARCHAR2
,p_password IN VARCHAR2) RETURN BOOLEAN; ,p_password IN VARCHAR2) RETURN BOOLEAN;
/** Authenticates the given username and password /** Authenticates the given username and password
%return TRUE for authenticated username and password combination %return TRUE for authenticated username and password combination
%rep valid_user, valid_user2 %rep valid_user, valid_user2
*/ */
@@ -88,7 +88,7 @@ END mip_security;
/ /
CREATE OR REPLACE PACKAGE BODY mip_security AS CREATE OR REPLACE PACKAGE BODY mip_security AS
/* /*
returns the current status of the user returns the current status of the user
*/ */
FUNCTION get_user_status(p_username IN VARCHAR2) RETURN VARCHAR2 AS FUNCTION get_user_status(p_username IN VARCHAR2) RETURN VARCHAR2 AS
@@ -98,7 +98,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
INTO l_status INTO l_status
FROM parties p FROM parties p
WHERE upper(p.username) = upper(p_username); WHERE upper(p.username) = upper(p_username);
RETURN l_status; RETURN l_status;
EXCEPTION EXCEPTION
WHEN no_data_found THEN WHEN no_data_found THEN
@@ -110,7 +110,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
/** /**
Logs the user into the system and registers with APEX. Logs the user into the system and registers with APEX.
if the user account is 'OPEN', log them in and flow to the requested page if the user account is 'OPEN', log them in and flow to the requested page
if the user account is 'EXPIRED', log them in and flow to the 'Change Password' page if the user account is 'EXPIRED', log them in and flow to the 'Change Password' page
if the user account is 'LOCKED', log the user out and flow to the 'Locked' page if the user account is 'LOCKED', log the user out and flow to the 'Locked' page
@@ -133,16 +133,16 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
,p_session_id => p_session_id ,p_session_id => p_session_id
,p_flow_page => v('APP_ID') || ':102'); ,p_flow_page => v('APP_ID') || ':102');
ELSE ELSE
-- user password has been locked. Log them off and tell them -- user password has been locked. Log them off and tell them
wwv_flow_custom_auth_std.logout(p_this_flow => v('APP_ID') wwv_flow_custom_auth_std.logout(p_this_flow => v('APP_ID')
,p_next_flow_page_sess => v('APP_ID') || ,p_next_flow_page_sess => v('APP_ID') ||
':501'); ':501');
END IF; END IF;
END login; END login;
/** Produce a 'password hash' from the given username and password /** Produce a 'password hash' from the given username and password
Uses the dbms_obfuscation_toolkit to produce the hash. Uses the dbms_obfuscation_toolkit to produce the hash.
*/ */
FUNCTION get_hash(p_username IN VARCHAR2 FUNCTION get_hash(p_username IN VARCHAR2
@@ -153,7 +153,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
END get_hash; END get_hash;
/** Authenticates the given username and password /** Authenticates the given username and password
%return TRUE for authenticated username and password combination %return TRUE for authenticated username and password combination
%rep valid_user, valid_user2 %rep valid_user, valid_user2
*/ */
@@ -174,7 +174,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
WHERE pwd.created_on = pwd.latest_pwd_date WHERE pwd.created_on = pwd.latest_pwd_date
AND pwd.password_hash = get_hash(p_username AND pwd.password_hash = get_hash(p_username
,p_password); ,p_password);
RETURN TRUE; RETURN TRUE;
EXCEPTION EXCEPTION
WHEN no_data_found THEN WHEN no_data_found THEN
@@ -182,10 +182,10 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
END authenticate_user; END authenticate_user;
/** Authenticates the given p_username and p_password /** Authenticates the given p_username and p_password
Checks the {%link passwords} table for a hash value matching that produced from the Checks the {%link passwords} table for a hash value matching that produced from the
given p_username and p_password. given p_username and p_password.
%raises -20000 when unable to authenticate %raises -20000 when unable to authenticate
%obs Replaced by authenticate_user %obs Replaced by authenticate_user
*/ */
@@ -206,7 +206,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
WHERE pwd.created_on = pwd.latest_pwd_date WHERE pwd.created_on = pwd.latest_pwd_date
AND pwd.password_hash = get_hash(p_username AND pwd.password_hash = get_hash(p_username
,p_password); ,p_password);
EXCEPTION EXCEPTION
WHEN no_data_found THEN WHEN no_data_found THEN
raise_application_error(-20000 raise_application_error(-20000
@@ -214,7 +214,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
END valid_user2; END valid_user2;
/** Authenticates the given username and password /** Authenticates the given username and password
%obs Replaced by authenticate_user %obs Replaced by authenticate_user
*/ */
FUNCTION valid_user(p_username IN VARCHAR2 FUNCTION valid_user(p_username IN VARCHAR2
@@ -230,16 +230,16 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
END valid_user; END valid_user;
/** Checks for authorization to access the given component /** Checks for authorization to access the given component
%param p_app_user username %param p_app_user username
%param p_component_name name of the component to be accessed %param p_component_name name of the component to be accessed
%param p_component_type the type of component to be accessed %param p_component_type the type of component to be accessed
%param p_privilege the access privilege being sought %param p_privilege the access privilege being sought
%return TRUE if the given p_app_user is authorized %return TRUE if the given p_app_user is authorized
Checks the roles assigned to the given p_app_user to see whether they are authorized Checks the roles assigned to the given p_app_user to see whether they are authorized
to access the given component. to access the given component.
If configuration item APEX_AUTHORIZATION_DEFAULT_MODE = PUBLIC, all components If configuration item APEX_AUTHORIZATION_DEFAULT_MODE = PUBLIC, all components
are considered to be accessible to all unless specifically listed in the are considered to be accessible to all unless specifically listed in the
apex_authorization table. Otherwise, the requested access must be listed in the apex_authorization table. Otherwise, the requested access must be listed in the
@@ -252,7 +252,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
RETURN BOOLEAN IS RETURN BOOLEAN IS
l_access_allowed VARCHAR2(3); l_access_allowed VARCHAR2(3);
BEGIN BEGIN
-- --
-- for development purposes, assume that all components are unprotected unless they are -- for development purposes, assume that all components are unprotected unless they are
-- specifically recorded in the authorization table -- specifically recorded in the authorization table
@@ -274,7 +274,8 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
RETURN TRUE; RETURN TRUE;
END; END;
END IF; END IF;
--JP added block here due to error when no data found
BEGIN
SELECT access_allowed SELECT access_allowed
INTO l_access_allowed INTO l_access_allowed
FROM (SELECT auth.component_name FROM (SELECT auth.component_name
@@ -302,7 +303,11 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
AND auth.component_type = p_component_type AND auth.component_type = p_component_type
ORDER BY parl.rt_code) ORDER BY parl.rt_code)
WHERE rownum < 2; WHERE rownum < 2;
EXCEPTION
WHEN no_data_found THEN
-- no access if we can't find any data
RETURN FALSE;
END;
IF nvl(l_access_allowed IF nvl(l_access_allowed
,'NO') = 'YES' THEN ,'NO') = 'YES' THEN
RETURN TRUE; RETURN TRUE;
@@ -312,9 +317,9 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
END authorization; END authorization;
/** Checks for authorization to access the given page /** Checks for authorization to access the given page
Calls the authorization function to perform the check Calls the authorization function to perform the check
%param p_app_user username %param p_app_user username
%param p_page_id page number to be accessed %param p_page_id page number to be accessed
%param p_privilege the access privilege being sought %param p_privilege the access privilege being sought
@@ -333,9 +338,9 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
END page_authorization; END page_authorization;
/** Checks for authorization to access the given component /** Checks for authorization to access the given component
Calls the authorization function to perform the check Calls the authorization function to perform the check
%param p_app_user username %param p_app_user username
%param p_component_name name of the component to be accessed %param p_component_name name of the component to be accessed
%param p_privilege the access privilege being sought %param p_privilege the access privilege being sought
@@ -346,7 +351,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
,p_privilege IN apex_authorization.privilege%TYPE DEFAULT 'A') ,p_privilege IN apex_authorization.privilege%TYPE DEFAULT 'A')
RETURN BOOLEAN IS RETURN BOOLEAN IS
BEGIN BEGIN
RETURN authorization(p_app_user => p_app_user RETURN authorization(p_app_user => p_app_user
,p_component_name => p_component_name ,p_component_name => p_component_name
,p_component_type => 'C' ,p_component_type => 'C'
@@ -354,9 +359,9 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
END component_authorization; END component_authorization;
/** Checks for authorization to access the given page /** Checks for authorization to access the given page
Calls the authorization function to perform the check Calls the authorization function to perform the check
%param p_app_user username %param p_app_user username
%param p_component_name name of the region to be accessed %param p_component_name name of the region to be accessed
%param p_privilege the access privilege being sought %param p_privilege the access privilege being sought
@@ -367,7 +372,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
,p_privilege IN apex_authorization.privilege%TYPE DEFAULT 'A') ,p_privilege IN apex_authorization.privilege%TYPE DEFAULT 'A')
RETURN BOOLEAN IS RETURN BOOLEAN IS
BEGIN BEGIN
RETURN authorization(p_app_user => p_app_user RETURN authorization(p_app_user => p_app_user
,p_component_name => p_component_name ,p_component_name => p_component_name
,p_component_type => 'R' ,p_component_type => 'R'
@@ -382,7 +387,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
FROM parties au FROM parties au
WHERE upper(username) = upper(p_username); WHERE upper(username) = upper(p_username);
--AND upper(au.role) IN ('ADMIN', 'USER'); --AND upper(au.role) IN ('ADMIN', 'USER');
RETURN TRUE; RETURN TRUE;
EXCEPTION EXCEPTION
WHEN OTHERS THEN WHEN OTHERS THEN
@@ -397,7 +402,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
FROM parties au FROM parties au
WHERE upper(username) = upper(p_username); WHERE upper(username) = upper(p_username);
--AND upper(au.role) = 'ADMIN'; --AND upper(au.role) = 'ADMIN';
RETURN TRUE; RETURN TRUE;
EXCEPTION EXCEPTION
WHEN OTHERS THEN WHEN OTHERS THEN
@@ -417,7 +422,7 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
INTO l_prty_id INTO l_prty_id
FROM parties FROM parties
WHERE upper(username) = upper(p_username); WHERE upper(username) = upper(p_username);
INSERT INTO passwords INSERT INTO passwords
(prty_id (prty_id
,password_hash ,password_hash
@@ -429,12 +434,12 @@ CREATE OR REPLACE PACKAGE BODY mip_security AS
,p_password) ,p_password)
,SYSDATE ,SYSDATE
,NULL); ,NULL);
-- now we ned to update the user's status to OPEN -- now we ned to update the user's status to OPEN
UPDATE parties UPDATE parties
SET status = 'OPEN' SET status = 'OPEN'
WHERE id = l_prty_id; WHERE id = l_prty_id;
EXCEPTION EXCEPTION
WHEN OTHERS THEN WHEN OTHERS THEN
raise_application_error(-20002 raise_application_error(-20002