1 64 65 package com.jcorporate.expresso.core.servlet; 66 67 import com.jcorporate.expresso.core.controller.NonHandleableException; 68 import com.jcorporate.expresso.core.db.DBException; 69 import com.jcorporate.expresso.core.i18n.Messages; 70 import com.jcorporate.expresso.core.jsdkapi.GenericSession; 71 import com.jcorporate.expresso.core.logging.LogException; 72 import com.jcorporate.expresso.core.misc.ConfigManager; 73 import com.jcorporate.expresso.core.misc.CookieUtil; 74 import com.jcorporate.expresso.core.misc.CurrentLogin; 75 import com.jcorporate.expresso.core.misc.StringUtil; 76 import com.jcorporate.expresso.core.misc.SystemMacros; 77 import com.jcorporate.expresso.core.registry.MutableRequestRegistry; 78 import com.jcorporate.expresso.core.security.User; 79 import org.apache.log4j.Logger; 80 81 import javax.servlet.ServletConfig ; 82 import javax.servlet.ServletException ; 83 import javax.servlet.http.Cookie ; 84 import javax.servlet.http.HttpServletRequest ; 85 import javax.servlet.http.HttpServletResponse ; 86 import java.util.Enumeration ; 87 88 89 103 final public class CheckLogin { 104 private static Logger log = Logger.getLogger(CheckLogin.class); 105 static CheckLogin theInstance = new CheckLogin(); 106 107 111 protected CheckLogin() { 112 } 113 114 public static CheckLogin getInstance() { 115 return theInstance; 116 } 117 118 129 public void checkLogin(HttpServletRequest request, 130 HttpServletResponse response, ServletConfig c, 131 String forceDB) 132 throws ServletException , NonHandleableException { 133 if (request == null) { 134 throw new ServletException ("No request - cannot log in"); 135 } 136 137 check(request, forceDB); 138 } 139 140 141 149 public void checkLogin(HttpServletRequest request, String forceDB) 150 throws ServletException , NonHandleableException { 151 if (request == null) { 152 throw new ServletException ("No request, response or ServletConfig " + 153 "- cannot log in"); 154 } 155 156 check(request, forceDB); 157 } 158 159 166 public void checkLogin(HttpServletRequest request) 167 throws ServletException , NonHandleableException { 168 if (request == null) { 169 throw new ServletException ("No request, response or ServletConfig " + 170 "- cannot log in"); 171 } 172 173 check(request, null); 174 } 175 176 177 187 public void checkLogin(HttpServletRequest request, 188 HttpServletResponse response, ServletConfig c) 189 throws ServletException , NonHandleableException { 190 if (request == null) { 191 throw new ServletException ("No request, response or ServletConfig " + 192 "- cannot log in"); 193 } 194 195 check(request, null); 196 } 197 198 199 207 public void checkLogin(HttpServletRequest request, 208 HttpServletResponse response) 209 throws NonHandleableException { 210 if (request == null) { 211 if (log.isDebugEnabled()) { 212 log.debug("No request - cannot checklogin"); 213 } 214 215 return; 216 } 217 218 check(request, null); 219 } 220 221 222 229 private void check(HttpServletRequest request, 230 String forceDB) 231 throws NonHandleableException { 232 try { 233 234 if (SystemMacros.getInstance().getServerPrefix() == null) { 235 SystemMacros.getInstance().setServerPrefix(request.getServerName() 236 + ":" + request.getServerPort()); 237 } 238 239 ConfigManager.setRequest(request); 240 Object o = GenericSession.getAttribute(request, "CurrentLogin"); 241 String currentUserName = User.UNKNOWN_USER; 242 String currentDB = ""; 243 CurrentLogin cl = null; 244 245 if (o != null) { 246 cl = (CurrentLogin) o; 247 currentUserName = cl.getUserName(); 248 currentDB = cl.getDBName(); 249 250 if (cl.getUid() == 0) { 253 if (log.isDebugEnabled()) { 254 log.debug("Got uid 0 for current login: " + cl.toString()); 255 } 256 logInAsNone(request, forceDB); 257 } 258 259 if (log.isDebugEnabled()) { 260 log.debug("UserName '" + currentUserName + "', db '" + 261 currentDB + "' in session"); 262 } 263 264 boolean isInSesson = false; 265 if (forceDB == null) { 266 isInSesson = true; 267 } else if (forceDB.equals(currentDB)) { 268 isInSesson = true; 269 } 270 271 if (isInSesson) { 272 User user = new User(); 273 user.setDBName(currentDB); 274 user.setUid(cl.getUid()); 275 if (user.find()) { 276 new MutableRequestRegistry(currentDB, user); 279 return; 280 } 281 } 282 } 283 284 if (log.isDebugEnabled()) { 285 log.debug("No login in current session (or in wrong db)"); 286 } 287 288 if (loginViaContainer(request, forceDB)) { 289 return; 290 } 291 292 if (loginViaCookie(request, forceDB)) { 293 return; 294 } 295 296 if (log.isDebugEnabled()) { 297 log.debug("No other login methods completed logging in as NONE"); 298 } 299 logInAsNone(request, forceDB); 300 } catch (Exception de) { 301 de.printStackTrace(); 302 log.error(de); 303 throw new NonHandleableException(de); 304 } 305 } 306 307 308 315 public void logInAsNone(HttpServletRequest request, String forceDB) 316 throws ServletException { 317 318 319 String dbToLogin = "default"; 320 321 if (forceDB != null) { 322 dbToLogin = forceDB; 323 } 324 325 int uid = 0; 326 327 User userNone = null; 328 try { 329 userNone = new User(); 330 userNone.setDataContext(dbToLogin); 331 userNone.setLoginName(User.UNKNOWN_USER); 332 333 if (userNone.find()) { 334 uid = userNone.getUid(); 335 } 336 } catch (DBException de) { 337 log.error(de); 338 } 339 340 ConfigManager.removeSession(GenericSession.getId(request)); 341 342 CurrentLogin myLogin = CurrentLogin.newInstance(User.UNKNOWN_USER, 343 request.getRemoteAddr(), 344 dbToLogin, 345 uid); 346 GenericSession.setAttribute(request, "CurrentLogin", myLogin); 347 348 new MutableRequestRegistry(dbToLogin, userNone); 351 352 353 Messages.establishLocale(request); 354 } 355 356 357 372 public boolean loginViaContainer(HttpServletRequest request, String forceDB) 373 throws Exception { 374 375 376 String userName = request.getRemoteUser(); 377 if (userName == null) { 378 return false; 379 } 380 381 382 String dbToLogin = "default"; 383 384 if (forceDB != null) { 385 dbToLogin = forceDB; 386 } 387 388 User thisUser = new User(); 389 thisUser.setDataContext(dbToLogin); 390 thisUser.setLoginName(userName); 391 392 if (!thisUser.find()) { 393 return false; 394 } 395 396 if (!thisUser.getAccountStatus().equals("A")) { 397 throw new ServletException ("Access denied: Expresso account '" + userName 398 + "' is not active."); 399 } 400 401 if (log.isInfoEnabled()) { 402 log.info("User " + thisUser.getDisplayName() + " logged in via the container"); 403 } 404 405 doSuccessfulAuth(request, userName, dbToLogin, thisUser); 406 return true; 407 } 408 409 410 419 public boolean loginViaCookie(HttpServletRequest request, String forceDB) 420 throws Exception { 421 422 423 String userName = null; 424 String password = null; 425 String db = (""); 426 Cookie [] cookies = request.getCookies(); 427 428 if (cookies == null) { 429 if (log.isDebugEnabled()) { 430 log.debug("No cookies present"); 431 } 432 433 return false; 434 } 435 for (int i = 0; i < cookies.length; i++) { 436 String name = StringUtil.notNull(cookies[i].getName()); 437 String value = StringUtil.notNull(cookies[i].getValue()); 438 439 if (name.equalsIgnoreCase("UserName")) { 440 userName = CookieUtil.cookieDecode(value); 441 } else if (name.equalsIgnoreCase("Password")) { 442 password = CookieUtil.cookieDecode(value); 443 } else if (name.equalsIgnoreCase("db")) { 444 db = CookieUtil.cookieDecode(value); 445 } 446 } 447 448 if (forceDB != null) { 449 db = forceDB; 450 } 451 452 453 String oneKey = null; 454 boolean keyOk = false; 455 456 if (db != null && db.length() > 0) { 457 for (Enumeration eck = ConfigManager.getAllConfigKeys(); 458 eck.hasMoreElements();) { 459 oneKey = (String ) eck.nextElement(); 460 461 if (oneKey.equals(db)) { 462 keyOk = true; 463 break; 464 } 465 } 466 if (!keyOk) { 467 log.warn("'db' in cookie with value '" + db + 468 "' was not a valid config key."); 469 470 return false; 471 } 472 if (log.isDebugEnabled()) { 473 log.debug("db cookie '" + db + "'"); 474 } 475 } 476 477 if (((userName == null) || (password == null) || (db == null)) || 478 ((userName.length() == 0) || (db.length() == 0))) { 479 if (log.isDebugEnabled()) { 480 log.debug("Didn't get all 3 cookies"); 481 } 482 483 return false; 484 } 485 486 if (userName.equalsIgnoreCase("NONE")) { 487 logInAsNone(request, db); 488 } 489 490 User myUser = new User(); 491 myUser.setDataContext(db); 492 myUser.setLoginName(userName); 493 494 if (!myUser.find()) { 495 if (log.isDebugEnabled()) { 496 log.debug("Cookie username '" + userName + 497 "' not found in db '" + db + 498 "'. User logged in as 'NONE'"); 499 } 500 501 return false; 502 } 503 504 if (!myUser.getAccountStatus().equals(User.ACTIVE_ACCOUNT_STATUS)) { 505 log.warn("Attempted login to an inactive account. Client i.p. " 506 + request.getRemoteAddr() + " Account status: " + myUser.getAccountStatus() 507 + " Login Name: " + userName + " passwd: " + password + " DB" + db); 508 return false; } 510 511 if (!myUser.passwordEquals(StringUtil.notNull(password))) { 512 if (log.isDebugEnabled()) { 513 log.debug("Cookie password didn't match, User logged in as 'NONE'"); 514 } 515 516 return false; 517 } 518 519 if (log.isInfoEnabled()) { 520 log.info("User " + myUser.getDisplayName() + " (" + userName + 521 ") logged in via cookie as '" + userName + "'"); 522 } 523 524 doSuccessfulAuth(request, userName, db, myUser); 525 return true; 526 } 527 528 private void doSuccessfulAuth(HttpServletRequest request, String userName, String db, User myUser) throws ServletException , 529 DBException, LogException { 530 531 GenericSession.removeAttribute(request, CurrentLogin.LOGIN_KEY); 532 533 ConfigManager.removeSession(GenericSession.getId(request)); 535 536 CurrentLogin myLogin = CurrentLogin.newInstance(userName, 537 request.getRemoteAddr(), 538 db, 539 myUser.getUid()); 540 GenericSession.setAttribute(request, CurrentLogin.LOGIN_KEY, myLogin); 541 542 new MutableRequestRegistry(db, myUser); 545 546 try { 547 myUser.postLogin(); 548 Messages.establishLocale(request); 549 } catch (DBException de) { 550 log.warn("Post-login processing did not complete successfully", de); 551 } 552 } 553 } 554 | Popular Tags |