UpdateUserAction


1   /*
2    *  Copyright 2004 Blandware (http://www.blandware.com)
3    *
4    *  Licensed under the Apache License, Version 2.0 (the "License");
5    *  you may not use this file except in compliance with the License.
6    *  You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   *  Unless required by applicable law or agreed to in writing, software
11   *  distributed under the License is distributed on an "AS IS" BASIS,
12   *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   *  See the License for the specific language governing permissions and
14   *  limitations under the License.
15   */
16  package com.blandware.atleap.webapp.action.core.user;
17  
18  import com.blandware.atleap.common.Constants;
19  import com.blandware.atleap.common.util.StringUtil;
20  import com.blandware.atleap.model.core.User;
21  import com.blandware.atleap.service.core.UserManager;
22  import com.blandware.atleap.webapp.acegi.UserManagerDaoImpl;
23  import com.blandware.atleap.webapp.action.core.BaseAction;
24  import com.blandware.atleap.webapp.form.UserForm;
25  import com.blandware.atleap.webapp.util.core.RequestUtil;
26  import com.blandware.atleap.webapp.util.core.WebappUtil;
27  import org.apache.commons.validator.GenericValidator;
28  import org.apache.struts.action.*;
29  import org.springframework.orm.ObjectOptimisticLockingFailureException;
30  
31  import javax.servlet.http.HttpServletRequest  ;
32  import javax.servlet.http.HttpServletResponse  ;
33  import javax.servlet.http.HttpSession  ;
34  
35  /**
36   * <p>Updates user
37   * </p>
38   * <p><a HREF="UpdateUserAction.java.htm"><i>View Source</i></a></p>
39   * <p/>
40   *
41   * @author Sergey Zubtcovskii <a HREF="mailto:sergey.zubtcovskii@blandware.com">&lt;sergey.zubtcovskii@blandware.com&gt;</a>
42   * @version $Revision: 1.28 $ $Date: 2006/03/16 11:09:41 $
43   * @struts.action path="/core/user/update"
44   * name="userForm"
45   * scope="request"
46   * input="inputForward"
47   * validate="true"
48   * roles="core-user-update, core-user-updateOneself"
49   * @struts.action-forward name="inputForward"
50   * path=".core.user.update"
51   * @struts.action-forward name="callUpdateUser"
52   * path="/core/user/callUpdate.do"
53   * redirect="false"
54   * @struts.action-forward name="listUsers"
55   * path="/core/user/list.do"
56   * redirect="true"
57   * @struts.action-forward name="unsatisfiable"
58   * path="/core/user/list.do"
59   */
60  public final class UpdateUserAction extends BaseAction {
61      /**
62       * @param mapping  The ActionMapping used to select this instance
63       * @param form     The optional ActionForm bean for this request (if any)
64       * @param request  The HTTP request we are proceeding
65       * @param response The HTTP response we are creating
66       * @return an ActionForward instance describing where and how
67       *         control should be forwarded, or null if response
68       *         has already been completed
69       */
70      public ActionForward execute(ActionMapping mapping, ActionForm form,
71                                   HttpServletRequest   request, HttpServletResponse   response) throws Exception   {
72  
73          HttpSession   session = request.getSession();
74  
75          if ( !isCancelled(request) ) {
76              UserForm userForm = (UserForm) form;
77  
78              String   userName = userForm.getName();
79              if ( GenericValidator.isBlankOrNull(userName) ) {
80                  if ( log.isWarnEnabled() ) {
81                      log.warn("Missing user name. Returning to list...");
82                  }
83                  return mapping.findForward("listUsers");
84              }
85  
86  
87              if ( !userName.equals(request.getRemoteUser()) && !request.isUserInRole("core-user-update") ) {
88                  response.sendError(HttpServletResponse.SC_FORBIDDEN);
89                  return null;
90              }
91  
92              UserManager userManager = (UserManager) getBean(Constants.USER_MANAGER_BEAN);
93  
94              User user = userManager.retrieveUser(userName);
95  
96              if ( user == null ) {
97                  // user not found. it might be deleted by someone else
98                  ActionMessages errors = new ActionMessages();
99                  errors.add("userNotFound", new ActionMessage("core.user.errors.notFound"));
100                 saveErrors(request, errors);
101                 return mapping.findForward("listUsers");
102             }
103 
104             String   oldPassword = user.getPassword();
105 
106             WebappUtil.copyProperties(user, userForm, request);
107 
108             boolean encryptPassword = ((Boolean  ) getConfiguration().get(Constants.ENCRYPT_PASSWORD)).booleanValue();
109             boolean changePassword = false;
110             String   newPassword = userForm.getUpdatePassword();
111 
112             if ( GenericValidator.isBlankOrNull(newPassword) ) {
113                 user.setPassword(oldPassword);
114             } else {
115 
116                 // check if user is authenticated using Remember Me feature. If it is so, password cannot be changed
117                 if ( (RequestUtil.getCookie(request, Constants.LOGIN_COOKIE) != null)
118                         && (session.getAttribute("cookieLogin") != null)
119                         && (request.getRemoteUser().equalsIgnoreCase(userForm.getName())) ) {
120                     // password cannot be changed
121                     ActionMessages errors = new ActionMessages();
122                     errors.add("passwordCannotBeChanged", new ActionMessage("core.user.errors.passwordCannotBeChanged"));
123                     saveErrors(request, errors);
124                     saveToken(request);
125                     return mapping.getInputForward();
126                 }
127 
128                 if ( encryptPassword ) {
129                     String   encAlgorithm = (String  ) getConfiguration().get(Constants.ENC_ALGORITHM);
130                     newPassword = StringUtil.encodePassword(newPassword, encAlgorithm);
131                 }
132                 user.setPassword(newPassword);
133                 changePassword = true;
134             }
135 
136             try {
137                 userManager.updateUser(user);
138 
139                 if (changePassword) {
140                     refreshPassword(request, user);
141                 }
142             } catch ( ObjectOptimisticLockingFailureException e ) {
143                 // user was updated or deleted by another transaction
144                 ActionMessages errors = new ActionMessages();
145                 errors.add("updateFailed", new ActionMessage("core.user.errors.updateFailed"));
146                 saveErrors(request, errors);
147                 return mapping.findForward("callUpdateUser");
148             }
149 
150         }
151 
152         if ( !request.isUserInRole("core-user-list") ) {
153             return mapping.findForward("admin");
154         }
155 
156         return mapping.findForward("listUsers");
157     }
158 
159     /**
160      * Refresh password in Acegi if we change password for current user
161      * @param request request
162      * @param user user for which we change password
163      */
164     private void refreshPassword(HttpServletRequest   request, User user) {
165         if (user.getName().equals(request.getRemoteUser())) {
166             UserManagerDaoImpl userManagerDaoImpl = (UserManagerDaoImpl) getBean(Constants.USER_DETAILS_SERVICE_BEAN);
167             userManagerDaoImpl.updateUser(user);
168         }
169     }
170 
171 }
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags