KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > ivata > groupware > admin > security > struts > PasswordAction


1 /*
2  * Copyright (c) 2001 - 2005 ivata limited.
3  * All rights reserved.
4  * -----------------------------------------------------------------------------
5  * ivata groupware may be redistributed under the GNU General Public
6  * License as published by the Free Software Foundation;
7  * version 2 of the License.
8  *
9  * These programs are free software; you can redistribute them and/or
10  * modify them under the terms of the GNU General Public License
11  * as published by the Free Software Foundation; version 2 of the License.
12  *
13  * These programs are distributed in the hope that they will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
16  *
17  * See the GNU General Public License in the file LICENSE.txt for more
18  * details.
19  *
20  * If you would like a copy of the GNU General Public License write to
21  *
22  * Free Software Foundation, Inc.
23  * 59 Temple Place - Suite 330
24  * Boston, MA 02111-1307, USA.
25  *
26  *
27  * To arrange commercial support and licensing, contact ivata at
28  * http://www.ivata.com/contact.jsp
29  * -----------------------------------------------------------------------------
30  * $Log: PasswordAction.java,v $
31  * Revision 1.4 2005/04/27 15:07:11 colinmacleod
32  * Fixed error handling when there is a script
33  * error.
34  *
35  * Revision 1.3 2005/04/10 18:47:18 colinmacleod
36  * Changed i tag to em and b tag to strong.
37  *
38  * Revision 1.2 2005/04/09 17:19:04 colinmacleod
39  * Changed copyright text to GPL v2 explicitly.
40  *
41  * Revision 1.1.1.1 2005/03/10 17:50:44 colinmacleod
42  * Restructured ivata op around Hibernate/PicoContainer.
43  * Renamed ivata groupware.
44  *
45  * Revision 1.6 2004/12/31 18:27:41 colinmacleod
46  * Added MaskFactory to constructor of MaskAction.
47  *
48  * Revision 1.5 2004/12/23 21:01:19 colinmacleod
49  * Updated Struts to v1.2.4.
50  * Changed base classes to use ivata masks.
51  *
52  * Revision 1.4 2004/11/12 18:19:12 colinmacleod
53  * Change action and form classes to extend MaskAction, MaskForm respectively.
54  *
55  * Revision 1.3 2004/11/12 15:56:45 colinmacleod
56  * Removed dependencies on SSLEXT.
57  * Moved Persistence classes to ivata masks.
58  *
59  * Revision 1.2 2004/11/03 15:28:43 colinmacleod
60  * Added logging.
61  * Removed some justClose flags on warnings - now user can change input and
62  * retry.
63  *
64  * Revision 1.1 2004/07/13 19:14:03 colinmacleod
65  * First version in CVS.
66  * -----------------------------------------------------------------------------
67  */
68 package com.ivata.groupware.admin.security.struts;
69
70 import java.lang.reflect.InvocationTargetException JavaDoc;
71 import java.util.Iterator JavaDoc;
72 import java.util.Locale JavaDoc;
73
74 import javax.servlet.http.HttpServletRequest JavaDoc;
75 import javax.servlet.http.HttpServletResponse JavaDoc;
76 import javax.servlet.http.HttpSession JavaDoc;
77
78 import org.apache.commons.beanutils.PropertyUtils;
79 import org.apache.log4j.Logger;
80 import org.apache.struts.Globals;
81 import org.apache.struts.action.ActionErrors;
82 import org.apache.struts.action.ActionForm;
83 import org.apache.struts.action.ActionMapping;
84 import org.apache.struts.action.ActionMessage;
85 import org.apache.struts.action.ActionMessages;
86
87 import com.ivata.groupware.admin.security.Security;
88 import com.ivata.groupware.admin.security.server.SecuritySession;
89 import com.ivata.groupware.business.addressbook.struts.PersonForm;
90 import com.ivata.mask.MaskFactory;
91 import com.ivata.mask.util.StringHandling;
92 import com.ivata.mask.util.SystemException;
93 import com.ivata.mask.util.ThrowableHandling;
94 import com.ivata.mask.validation.ValidationException;
95 import com.ivata.mask.web.struts.MaskAction;
96 import com.ivata.mask.web.struts.MaskAuthenticator;
97 import com.ivata.mask.web.struts.ValidationErrorsConvertor;
98
99
100 /**
101  * <p>Invoked when the user changes a password for
102  * him/herself or any other user.</p>
103  *
104  * @since 2003-01-26
105  * @author Colin MacLeod
106  * <a HREF='mailto:colin.macleod@ivata.com'>colin.macleod@ivata.com</a>
107  * @version $Revision: 1.4 $
108  */
109 public class PasswordAction extends MaskAction {
110     /**
111      * Refer to {@link Logger}.
112      */
113     private static Logger log = Logger.getLogger(PasswordAction.class);
114     /**
115      * Refer to {@link Security}.
116      */
117     private Security security;
118
119     /**
120      * <p>
121      * Constructor - invoked by <strong>PicoContainer</strong>.
122      * </p>
123      *
124      * @param security valid security implementation.
125      * @param maskFactory This factory is needed to access the masks and groups
126      * of masks.
127      * @param authenticator used to confirm whether or not the
128      * user should be allowed to continue, in the <code>execute</code> method.
129      */
130     public PasswordAction(Security security, MaskFactory maskFactory,
131             MaskAuthenticator authenticator) {
132         super(maskFactory, authenticator);
133         this.security = security;
134     }
135
136     /**
137      * <p>Overridden from the default intranet implementation to
138      * initialize the dialog.</p>
139      *
140      * @param mapping current action mapping from <em>Struts</em> config.
141      * @param log valid logging object to write messages to.
142      * @param errors valid errors object to append errors to. If there
143      * are any errors, the action will return to the input.
144      * @param form optional ActionForm bean for this request (if any)
145      * @param request non-HTTP request we are processing
146      * @param response The non-HTTP response we are creating
147      * @param session returned from the <code>request</code> parameter.
148      * @param userName current user name from session. .
149      * @param settings valid, non-null settings from session.
150      * @exception SystemException if there is any problem which
151      * prevents processing. It will result in the webapp being forwarded
152      * to
153      * the standard error page.
154      * @return this method returns the string used to identify the correct
155      * <em>Struts</em> <code>ActionForward</code> which should follow this
156      * page, or <code>null</code> if it should return to the input.
157      *
158      */
159     public String JavaDoc execute(final ActionMapping mapping,
160             final ActionErrors errors,
161             final ActionForm form,
162             final HttpServletRequest JavaDoc request,
163             final HttpServletResponse JavaDoc response,
164             final HttpSession JavaDoc session) throws SystemException {
165         SecuritySession securitySession = (SecuritySession)
166                 session.getAttribute("securitySession");
167         // by default, we don't want to just close the window!
168 boolean justClose = false;
169         // first look out for null or empty people or user names!!
170 PersonForm personForm = (PersonForm)
171                 session.getAttribute("addressBookPersonForm");
172         if ((personForm == null)
173                 || StringHandling.isNullOrEmpty(personForm.getUserName())) {
174             errors.add(Globals.ERROR_KEY,
175                     new ActionMessage(
176                             "errors.addressBook.password.noUserName"));
177             justClose = true;
178         } else if (!personForm.getUserName().equals(
179                 personForm.getPerson().getUser().getName())) {
180             // you can't change the password for a new user until that user is
181 // added first
182 errors.add(Globals.ERROR_KEY,
183                     new ActionMessage(
184                             "errors.addressBook.password.userNameApply"));
185             justClose = true;
186         } else if (!security.isUserEnabled(securitySession,
187                 personForm.getPerson().getUser().getName())) {
188             // if user is disabled
189 errors.add(Globals.ERROR_KEY,
190                     new ActionMessage(
191                             "errors.addressBook.password.userIsDisable"));
192             justClose = true;
193         }
194
195
196         // save justClose in the form
197 try {
198             PropertyUtils.setSimpleProperty(form, "justClose",
199                     new Boolean JavaDoc(justClose));
200         } catch (NoSuchMethodException JavaDoc e) {
201             throw new SystemException(e);
202         } catch (InvocationTargetException JavaDoc e) {
203             throw new SystemException(e);
204         } catch (IllegalAccessException JavaDoc e) {
205             throw new SystemException(e);
206         }
207         return null;
208     }
209
210     /**
211      * <p>This method is called if the ok or apply buttons are pressed.</p>
212      *
213      * @param mapping current action mapping from <em>Struts</em> config.
214      * @param log valid logging object to write messages to.
215      * @param errors valid errors object to append errors to. If there are
216      * any errors, the action will return to the input.
217      * @param form optional ActionForm bean for this request (if any)
218      * @param request non-HTTP request we are processing
219      * @param response The non-HTTP response we are creating
220      * @param session returned from the <code>request</code> parameter.
221      * @param userName valid, non-null user name from session.
222      * @param settings valid, non-null settings from session.
223      * @param defaultForward &quot;ok&quot; if the <code>Ok</code> button
224      * was pressed, otherwise &quot;apply&quot; if the <code>Apply</code> button
225      * was pressed.
226      * @exception SystemException if there is any problem which
227      * prevents processing. It will result in the webapp being forwarded
228      * to
229      * the standard error page.
230      * @return this method returns the string used to identify the correct
231      * <em>Struts</em> <code>ActionForward</code> which should follow this
232      * page, or <code>null</code> if it should return to the input.
233      */
234     public String JavaDoc onConfirm(final ActionMapping mapping,
235             final ActionErrors errors,
236             final ActionForm form,
237             final HttpServletRequest JavaDoc request,
238             final HttpServletResponse JavaDoc response,
239             final HttpSession JavaDoc session,
240             final String JavaDoc defaultForward) throws SystemException {
241         String JavaDoc oldPassword, newPassword, confirmPassword;
242         boolean justClose = false;
243
244         try {
245             oldPassword = (String JavaDoc) PropertyUtils.getSimpleProperty(form,
246                     "oldPassword");
247             newPassword = (String JavaDoc) PropertyUtils.getSimpleProperty(form,
248                     "newPassword");
249             confirmPassword = (String JavaDoc) PropertyUtils.getSimpleProperty(form,
250                     "confirmPassword");
251         } catch (NoSuchMethodException JavaDoc e) {
252             throw new SystemException(e);
253         } catch (InvocationTargetException JavaDoc e) {
254             throw new SystemException(e);
255         } catch (IllegalAccessException JavaDoc e) {
256             throw new SystemException(e);
257         }
258         // check none of the passwords is null or empty
259 if (StringHandling.isNullOrEmpty(oldPassword)
260                 || StringHandling.isNullOrEmpty(newPassword)
261                 || StringHandling.isNullOrEmpty(confirmPassword)) {
262             errors.add(Globals.ERROR_KEY,
263                     new ActionMessage(
264                             "errors.addressBook.password.notComplete"));
265         } else if (!newPassword.equals(confirmPassword)) {
266             errors.add(Globals.ERROR_KEY,
267                     new ActionMessage(
268                             "errors.addressBook.password.notMatching"));
269         } else if (errors.isEmpty()) {
270             PersonForm personForm
271                 = (PersonForm) session.getAttribute("addressBookPersonForm");
272
273             // check the old password matches this user
274 SecuritySession securitySession
275                 = (SecuritySession) session.getAttribute("securitySession");
276             try {
277                 security.checkPassword(securitySession, oldPassword);
278             } catch (SystemException e) {
279                 log.warn("security.checkPassword threw an exception.", e);
280
281                 if (personForm.getUserName().equals(
282                         securitySession.getUser().getName())) {
283                     errors.add(
284                             ActionMessages.GLOBAL_MESSAGE,
285                             new ActionMessage("password.error.badOldPassword"));
286                 } else {
287                     errors.add(
288                             ActionMessages.GLOBAL_MESSAGE,
289                             new ActionMessage("password.error."
290                                     + "badYoursPassword"));
291                 }
292             }
293             if (errors.isEmpty()) {
294                 // now change the password
295 if ((personForm == null)
296                         || StringHandling.isNullOrEmpty(
297                                 personForm.getUserName())) {
298                     errors.add(Globals.ERROR_KEY,
299                             new ActionMessage(
300                                     "errors.addressBook.password.noUserName"));
301                 } else {
302                     try {
303                         security.setPassword(securitySession,
304                                 personForm.getUserName(), newPassword);
305                         // if it is successful, just close the dialog with a
306 // happy message
307 justClose = true;
308                         // confirm this back to the user - ok, I've cheated
309 // - this is not _really_ an error
310 errors.add(Globals.ERROR_KEY,
311                                 new ActionMessage(
312                                         "errors.addressBook.password."
313                                         + "passwordUpdated"));
314                     } catch (Exception JavaDoc e) {
315                         Throwable JavaDoc cause = ThrowableHandling.getCause(e);
316                         // if this is caused by a validation exception, try to
317 // get the real cause of the error out (if it is
318 // password-related)
319 if (cause instanceof ValidationException) {
320                             ValidationException validationException =
321                                 (ValidationException) cause;
322                             Locale JavaDoc locale =
323                                 (Locale JavaDoc) session.getAttribute(
324                                         Globals.LOCALE_KEY);
325                             ActionMessages allErrors = ValidationErrorsConvertor
326                                 .toActionErrors(validationException.getErrors(),
327                                         locale);
328                             Iterator JavaDoc allErrorsIterator = allErrors.get();
329                             while (allErrorsIterator.hasNext()) {
330                                 ActionMessage actionError = (ActionMessage)
331                                     allErrorsIterator.next();
332                                 String JavaDoc key = actionError.getKey();
333                                 if (key.startsWith("password.error")) {
334                                     log.debug("Adding action error: "
335                                             + actionError.getKey());
336                                     errors.add(ActionMessages.GLOBAL_MESSAGE,
337                                             actionError);
338                                 } else if ("errors.admin.script".equals(key)) {
339                                     log.debug("Adding script error: "
340                                             + actionError.getKey());
341                                     errors.add(ActionMessages.GLOBAL_MESSAGE,
342                                             actionError);
343                                 } else {
344                                     log.error(
345                                             "Invalid password action error "
346                                             + "key: "
347                                             + key);
348                                     errors.add(ActionMessages.GLOBAL_MESSAGE,
349                                             new ActionMessage(
350                                                     "password.error."
351                                                     + "passwordCouldNotBe"
352                                                     + "Changed"));
353                                 }
354                             }
355                         } else {
356                             log.warn("security.setPassword threw an exception.",
357                                     e);
358                             errors.add(ActionMessages.GLOBAL_MESSAGE,
359                                     new ActionMessage("password.error."
360                                             + "passwordCouldNotBeChanged"));
361                         }
362                     }
363                 }
364             }
365         }
366         // save justClose in the form
367 try {
368             PropertyUtils.setSimpleProperty(form, "justClose",
369                     new Boolean JavaDoc(justClose));
370         } catch (NoSuchMethodException JavaDoc e) {
371             throw new SystemException(e);
372         } catch (InvocationTargetException JavaDoc e) {
373             throw new SystemException(e);
374         } catch (IllegalAccessException JavaDoc e) {
375             throw new SystemException(e);
376         }
377         return "addressBookPassword";
378     }
379 }
Popular Tags