in jspwiki-main/src/main/java/org/apache/wiki/auth/user/JDBCUserDatabase.java [567:670]
public void save( final UserProfile profile ) throws WikiSecurityException {
final String initialRole = "Authenticated";
// Figure out which prepared statement to use & execute it
final String loginName = profile.getLoginName();
UserProfile existingProfile = null;
try {
existingProfile = findByLoginName( loginName );
} catch( final NoSuchPrincipalException e ) {
// Existing profile will be null
}
// Get a clean password from the passed profile.
// Blank password is the same as null, which means we re-use the existing one.
String password = profile.getPassword();
final String existingPassword = (existingProfile == null) ? null : existingProfile.getPassword();
if( NOTHING.equals( password ) ) {
password = null;
}
if( password == null ) {
password = existingPassword;
}
// If password changed, hash it before we save
if( !StringUtils.equals( password, existingPassword ) ) {
password = getHash( password );
}
try( final Connection conn = m_ds.getConnection();
final PreparedStatement ps1 = conn.prepareStatement( m_insertProfile );
final PreparedStatement ps2 = conn.prepareStatement( m_findRoles );
final PreparedStatement ps3 = conn.prepareStatement( m_insertRole );
final PreparedStatement ps4 = conn.prepareStatement( m_updateProfile ) ) {
if( m_supportsCommits ) {
conn.setAutoCommit( false );
}
final Timestamp ts = new Timestamp( System.currentTimeMillis() );
final Date modDate = new Date( ts.getTime() );
final java.sql.Date lockExpiry = profile.getLockExpiry() == null ? null : new java.sql.Date( profile.getLockExpiry().getTime() );
if( existingProfile == null ) {
// User is new: insert new user record
ps1.setString( 1, profile.getUid() );
ps1.setString( 2, profile.getEmail() );
ps1.setString( 3, profile.getFullname() );
ps1.setString( 4, password );
ps1.setString( 5, profile.getWikiName() );
ps1.setTimestamp( 6, ts );
ps1.setString( 7, profile.getLoginName() );
try {
ps1.setString( 8, Serializer.serializeToBase64( profile.getAttributes() ) );
} catch ( final IOException e ) {
throw new WikiSecurityException( "Could not save user profile attribute. Reason: " + e.getMessage(), e );
}
ps1.setTimestamp( 9, ts );
ps1.execute();
// Insert new role record
ps2.setString( 1, profile.getLoginName() );
int roles = 0;
try ( final ResultSet rs = ps2.executeQuery() ) {
while ( rs.next() ) {
roles++;
}
}
if( roles == 0 ) {
ps3.setString( 1, profile.getLoginName() );
ps3.setString( 2, initialRole );
ps3.execute();
}
// Set the profile creation time
profile.setCreated( modDate );
} else {
// User exists: modify existing record
ps4.setString( 1, profile.getUid() );
ps4.setString( 2, profile.getEmail() );
ps4.setString( 3, profile.getFullname() );
ps4.setString( 4, password );
ps4.setString( 5, profile.getWikiName() );
ps4.setTimestamp( 6, ts );
ps4.setString( 7, profile.getLoginName() );
try {
ps4.setString( 8, Serializer.serializeToBase64( profile.getAttributes() ) );
} catch ( final IOException e ) {
throw new WikiSecurityException( "Could not save user profile attribute. Reason: " + e.getMessage(), e );
}
ps4.setDate( 9, lockExpiry );
ps4.setString( 10, profile.getLoginName() );
ps4.execute();
}
// Set the profile mod time
profile.setLastModified( modDate );
// Commit and close connection
if( m_supportsCommits ) {
conn.commit();
}
} catch( final SQLException e ) {
throw new WikiSecurityException( e.getMessage(), e );
}
}