LoginAction


1   /* 
2    * Copyright (C) 2006 Methodhead Software LLC.  All rights reserved.
3    * 
4    * This file is part of TransferCM.
5    * 
6    * TransferCM is free software; you can redistribute it and/or modify it under the
7    * terms of the GNU General Public License as published by the Free Software
8    * Foundation; either version 2 of the License, or (at your option) any later
9    * version.
10   * 
11   * TransferCM is distributed in the hope that it will be useful, but WITHOUT ANY
12   * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
13   * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
14   * details.
15   * 
16   * You should have received a copy of the GNU General Public License along with
17   * TransferCM; if not, write to the Free Software Foundation, Inc., 51 Franklin St,
18   * Fifth Floor, Boston, MA  02110-1301  USA
19   */
20  
21  package com.methodhead.transfer;
22  
23  import org.apache.struts.action.Action;
24  import org.apache.struts.action.ActionMapping;
25  import org.apache.struts.action.ActionForm;
26  import org.apache.struts.action.ActionForward;
27  
28  import javax.servlet.http.HttpServletRequest  ;
29  import javax.servlet.http.HttpServletResponse  ;
30  import javax.servlet.http.Cookie  ;
31  
32  import com.methodhead.aikp.IntKey;
33  import com.methodhead.auth.AuthPolicy;
34  import com.methodhead.util.OperationContext;
35  import com.methodhead.sitecontext.SiteContext;
36  import com.methodhead.auth.AuthUtil;
37  import com.methodhead.shim.Link;
38  import com.methodhead.shim.SiteMap;
39  import org.apache.commons.lang.StringUtils;
40  import org.apache.log4j.Logger;
41  
42  import com.methodhead.reg.User;
43  import com.methodhead.reg.User;
44  import com.methodhead.shim.ShimUtils;
45  import com.methodhead.util.StrutsUtil;
46  
47  public class LoginAction
48  extends
49    com.methodhead.auth.LoginAction {
50  
51    // constructors /////////////////////////////////////////////////////////////
52  
53    // constants ////////////////////////////////////////////////////////////////
54  
55    // classes //////////////////////////////////////////////////////////////////
56  
57    // methods //////////////////////////////////////////////////////////////////
58  
59    /**
60     * Overrides default behavior to initialize form.site based on current host
61     * name.
62     */
63    protected ActionForward doLoginForm(
64      OperationContext op,
65      AuthPolicy policy )
66    throws
67      Exception   {
68  
69      ActionForward forward = super.doLoginForm( op, policy );
70      op.form.set( "site", op.request.getServerName() );
71      return forward;
72    }
73  
74    /**
75     * Extends default implementation to set up site context if site has been
76     * specified (assuming user is authorized to access that site) (not unit
77     * tested).
78     */
79    protected ActionForward doLogin(
80      OperationContext op,
81      AuthPolicy policy )
82    throws
83      Exception   {
84  
85      //
86      // log in as normal
87      //
88      ActionForward forward = super.doLogin( op, policy );
89  
90      //
91      // successful login?
92      //
93      User user = ( User )AuthUtil.getUser( op.request );
94  
95      if ( user != null ) {
96  
97        //
98        // has a site been specified?
99        //
100       String   site = ( String   )op.form.get( "site" );
101 
102       if ( StringUtils.isBlank( site ) ) {
103 
104         //
105         // only system-administrators can login without specifying a site
106         //
107         if ( !user.hasRole(
108                SiteContext.getDefaultContext(),
109                DefaultTransferPolicy.ROLE_SYSADMIN ) ) {
110 
111           if ( logger_.isDebugEnabled() ) {
112             logger_.debug( "Cancelling login; only sysadmins can login without specifying a site" );
113           }
114 
115           AuthUtil.setUser( op.request, null );
116 
117           StrutsUtil.addError(
118             op.request, null, "loginform.invalidlogin", null, null, null );
119 
120           return new ActionForward( op.mapping.getInput() );
121         }
122       }
123       else {
124 
125         //
126         // attempt to load a site context
127         //
128         SiteContext context = new SiteContext();
129 
130         String   path = "";
131         if ( site.indexOf( "/" ) != -1 ) {
132           String  [] strings = site.split( "/" );
133           if ( strings.length == 2 ) {
134             site = strings[ 0 ];
135             path = strings[ 1 ];
136           }
137         }
138 
139         //
140         // try to load the context
141         //
142         if ( context.loadForDomainAndPath( site, path ) ) {
143 
144           //
145           // make sure the user is either a sysadmin or associated with this
146           // context
147           //
148           if (
149             user.hasRole( SiteContext.getDefaultContext(), DefaultTransferPolicy.ROLE_SYSADMIN ) ||
150             user.hasRole( context, DefaultTransferPolicy.ROLE_SITEADMIN ) ||
151             user.hasRole( context, DefaultTransferPolicy.ROLE_WEBMASTER ) ) {
152 
153             if ( logger_.isDebugEnabled() ) {
154               logger_.debug( "User authorized for site \"" + context + "\"" );
155             }
156 
157             //
158             // set the site cookie; this is used in cookie-based logins
159             //
160             Cookie   cookie =
161               new Cookie  (
162                 "siteid", "" + context.getInt( "id" ) );
163 
164             cookie.setMaxAge( 365 * 24 * 60 * 60 ); // one year
165 
166             if ( logger_.isDebugEnabled() ) {
167               logger_.debug( "Setting siteid cookie with value \"" + cookie.getValue() + "\"" );
168             }
169 
170             op.response.addCookie( cookie );
171 
172             if ( logger_.isDebugEnabled() ) {
173               logger_.debug( "Setting up the shim session" );
174             }
175 
176             //
177             // set up the session
178             //
179             ShimUtils.setUpShimSession( op.request, context );
180           }
181           else {
182 
183             if ( logger_.isDebugEnabled() ) {
184               logger_.debug( "User not authorized for site \"" + context + "\"" );
185             }
186 
187             AuthUtil.setUser( op.request, null );
188 
189             StrutsUtil.addError(
190               op.request, null, "loginform.invalidlogin", null, null, null );
191 
192             return new ActionForward( op.mapping.getInput() );
193           }
194         }
195         else {
196 
197           if ( logger_.isDebugEnabled() ) {
198             logger_.debug( "Couldn't load site \"" + site + "\"" );
199           }
200 
201           AuthUtil.setUser( op.request, null );
202 
203           //
204           // forward to input
205           //
206           StrutsUtil.addError(
207             op.request,
208             "site",
209             "transfer.login.unknownSite",
210             site,
211             null,
212             null );
213 
214           return new ActionForward( op.mapping.getInput() );
215         }
216       }
217     }
218 
219     return forward;
220   }
221 
222   /**
223    * Extends default behaviour to remove Shim-related attributes from the
224    * session (not unit tested).
225    */
226   protected ActionForward doLogout(
227     OperationContext op,
228     AuthPolicy policy )
229   throws
230     Exception   {
231 
232     ActionForward forward = super.doLogout( op, policy );
233 
234     //
235     // can we redirect to the root page?
236     //
237     if ( SiteContext.getContext( op.request ) != null ) {
238       SiteMap siteMap = ShimUtils.getSiteMap( op.request );
239       Link root = ( Link )siteMap.getRoot();
240       if ( root != null ) {
241       
242         //
243         // construct a url to the home page of the site we're actually editing
244         //
245         SiteContext siteContext = SiteContext.getContext( op.request );
246 
247         String   siteContextPath = siteContext.getString( "path" );
248         if ( !siteContextPath.equals( "" ) ) {
249           siteContextPath = "/" + siteContextPath;
250         }
251         
252         if ( ( op.request.getServerPort() == 80 ) || ( op.request.getServerPort() == 443 ) ) {
253           forward = new ActionForward( "http://" + siteContext.getDomains().get( 0 ) + op.request.getContextPath() + siteContextPath + "/" + ShimUtils.getLinkUrl( root ), true );
254         }
255         else {
256           forward = new ActionForward( "http://" + siteContext.getDomains().get( 0 ) + ":" + op.request.getServerPort() + op.request.getContextPath() + siteContextPath + "/" + ShimUtils.getLinkUrl( root ), true );
257         }
258       }
259     }
260 
261     ShimUtils.tearDownShimSession( op.request );
262 
263     return forward;
264   }
265 
266   // properties ///////////////////////////////////////////////////////////////
267 
268   // attributes ///////////////////////////////////////////////////////////////
269 
270   private static Logger logger_ = Logger.getLogger( LoginAction.class );
271 }
272
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags