+ @Override
+ public boolean needsLogin() {
+ return false;
+ }
+ private void tryAuthWithUnpw(HttpServletRequest req) {
+ String un = req.getParameter("username");
+ String pw = req.getParameter("password");
+ try {
+ PreparedStatement ps = DatabaseConnection.getInstance().prepare(
+ "SELECT `password`, `id` FROM `users` WHERE `email`=?");
+ ps.setString(1, un);
+ ResultSet rs = ps.executeQuery();
+ if (rs.next()) {
+ if (PasswordHash.verifyHash(pw, rs.getString(1))) {
+ HttpSession hs = req.getSession();
+ hs.setAttribute(LOGGEDIN, true);
+ hs.setAttribute(USER, new User(rs.getInt(2)));
+ }
+ }
+ rs.close();
+ } catch (SQLException e) {
+ e.printStackTrace();
+ }
+ }
+ public static User getUser(HttpServletRequest req) {
+ return (User) req.getSession().getAttribute(USER);
+ }
+ private void tryAuthWithCertificate(HttpServletRequest req,
+ X509Certificate x509Certificate) {
+ String serial = x509Certificate.getSerialNumber().toString(16)
+ .toUpperCase();
+ try {
+ PreparedStatement ps = DatabaseConnection
+ .getInstance()
+ .prepare(
+ "SELECT `memid` FROM `emailcerts` WHERE `serial`=? AND `disablelogin`='0' AND `revoked` = "
+ + "'0000-00-00 00:00:00'");
+ ps.setString(1, serial);
+ ResultSet rs = ps.executeQuery();
+ if (rs.next()) {
+ HttpSession hs = req.getSession();
+ hs.setAttribute(LOGGEDIN, true);
+ hs.setAttribute(USER, new User(rs.getInt(1)));
+ }
+ rs.close();
+ } catch (SQLException e) {
+ e.printStackTrace();
+ }
+ }