1 16 package com.blandware.atleap.webapp.action.core.user; 17 18 import com.blandware.atleap.common.Constants; 19 import com.blandware.atleap.common.util.StringUtil; 20 import com.blandware.atleap.model.core.User; 21 import com.blandware.atleap.service.core.UserManager; 22 import com.blandware.atleap.webapp.acegi.UserManagerDaoImpl; 23 import com.blandware.atleap.webapp.action.core.BaseAction; 24 import com.blandware.atleap.webapp.form.UserForm; 25 import com.blandware.atleap.webapp.util.core.RequestUtil; 26 import com.blandware.atleap.webapp.util.core.WebappUtil; 27 import org.apache.commons.validator.GenericValidator; 28 import org.apache.struts.action.*; 29 import org.springframework.orm.ObjectOptimisticLockingFailureException; 30 31 import javax.servlet.http.HttpServletRequest ; 32 import javax.servlet.http.HttpServletResponse ; 33 import javax.servlet.http.HttpSession ; 34 35 60 public final class UpdateUserAction extends BaseAction { 61 70 public ActionForward execute(ActionMapping mapping, ActionForm form, 71 HttpServletRequest request, HttpServletResponse response) throws Exception { 72 73 HttpSession session = request.getSession(); 74 75 if ( !isCancelled(request) ) { 76 UserForm userForm = (UserForm) form; 77 78 String userName = userForm.getName(); 79 if ( GenericValidator.isBlankOrNull(userName) ) { 80 if ( log.isWarnEnabled() ) { 81 log.warn("Missing user name. Returning to list..."); 82 } 83 return mapping.findForward("listUsers"); 84 } 85 86 87 if ( !userName.equals(request.getRemoteUser()) && !request.isUserInRole("core-user-update") ) { 88 response.sendError(HttpServletResponse.SC_FORBIDDEN); 89 return null; 90 } 91 92 UserManager userManager = (UserManager) getBean(Constants.USER_MANAGER_BEAN); 93 94 User user = userManager.retrieveUser(userName); 95 96 if ( user == null ) { 97 ActionMessages errors = new ActionMessages(); 99 errors.add("userNotFound", new ActionMessage("core.user.errors.notFound")); 100 saveErrors(request, errors); 101 return mapping.findForward("listUsers"); 102 } 103 104 String oldPassword = user.getPassword(); 105 106 WebappUtil.copyProperties(user, userForm, request); 107 108 boolean encryptPassword = ((Boolean ) getConfiguration().get(Constants.ENCRYPT_PASSWORD)).booleanValue(); 109 boolean changePassword = false; 110 String newPassword = userForm.getUpdatePassword(); 111 112 if ( GenericValidator.isBlankOrNull(newPassword) ) { 113 user.setPassword(oldPassword); 114 } else { 115 116 if ( (RequestUtil.getCookie(request, Constants.LOGIN_COOKIE) != null) 118 && (session.getAttribute("cookieLogin") != null) 119 && (request.getRemoteUser().equalsIgnoreCase(userForm.getName())) ) { 120 ActionMessages errors = new ActionMessages(); 122 errors.add("passwordCannotBeChanged", new ActionMessage("core.user.errors.passwordCannotBeChanged")); 123 saveErrors(request, errors); 124 saveToken(request); 125 return mapping.getInputForward(); 126 } 127 128 if ( encryptPassword ) { 129 String encAlgorithm = (String ) getConfiguration().get(Constants.ENC_ALGORITHM); 130 newPassword = StringUtil.encodePassword(newPassword, encAlgorithm); 131 } 132 user.setPassword(newPassword); 133 changePassword = true; 134 } 135 136 try { 137 userManager.updateUser(user); 138 139 if (changePassword) { 140 refreshPassword(request, user); 141 } 142 } catch ( ObjectOptimisticLockingFailureException e ) { 143 ActionMessages errors = new ActionMessages(); 145 errors.add("updateFailed", new ActionMessage("core.user.errors.updateFailed")); 146 saveErrors(request, errors); 147 return mapping.findForward("callUpdateUser"); 148 } 149 150 } 151 152 if ( !request.isUserInRole("core-user-list") ) { 153 return mapping.findForward("admin"); 154 } 155 156 return mapping.findForward("listUsers"); 157 } 158 159 164 private void refreshPassword(HttpServletRequest request, User user) { 165 if (user.getName().equals(request.getRemoteUser())) { 166 UserManagerDaoImpl userManagerDaoImpl = (UserManagerDaoImpl) getBean(Constants.USER_DETAILS_SERVICE_BEAN); 167 userManagerDaoImpl.updateUser(user); 168 } 169 } 170 171 } | Popular Tags |