1 18 19 package cowsultants.itracker.web.actions; 20 21 import java.io.*; 22 import java.rmi.*; 23 import java.util.*; 24 import javax.ejb.*; 25 import javax.rmi.*; 26 import javax.naming.*; 27 import javax.servlet.*; 28 import javax.servlet.http.*; 29 30 import org.apache.commons.beanutils.*; 31 import org.apache.struts.action.*; 32 import org.apache.struts.util.*; 33 34 import cowsultants.itracker.ejb.client.exceptions.*; 35 import cowsultants.itracker.ejb.client.interfaces.*; 36 import cowsultants.itracker.ejb.client.models.*; 37 import cowsultants.itracker.ejb.client.resources.*; 38 import cowsultants.itracker.ejb.client.util.*; 39 import cowsultants.itracker.web.util.*; 40 41 42 public class LoginAction extends ITrackerAction { 43 private static int SESSION_TIMEOUT = 30; 44 45 static { 46 try { 47 InitialContext ic = new InitialContext(); 48 Object scRef = ic.lookup("java:comp/env/" + SystemConfiguration.JNDI_NAME); 49 SystemConfigurationHome scHome = (SystemConfigurationHome) PortableRemoteObject.narrow(scRef, SystemConfigurationHome.class); 50 SystemConfiguration sc = scHome.create(); 51 52 SESSION_TIMEOUT = sc.getIntegerProperty("web_session_timeout", SESSION_TIMEOUT); 53 } catch(Exception e) { 54 } 55 } 56 57 public LoginAction() { 58 } 59 60 public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 61 ActionErrors errors = new ActionErrors(); 62 ActionForward errorMapping = null; 63 String login = null; 64 65 try { 66 InitialContext ic = new InitialContext(); 67 68 Object uhRef = ic.lookup("java:comp/env/" + UserHandler.JNDI_NAME); 69 UserHandlerHome uhHome = (UserHandlerHome) PortableRemoteObject.narrow(uhRef, UserHandlerHome.class); 70 UserHandler uh = uhHome.create(); 71 72 73 try { 74 UserModel user = null; 75 String encPassword = null; 76 77 int authType = LoginUtilities.getRequestAuthType(request); 78 79 if(authType == AuthenticationConstants.AUTH_TYPE_PASSWORD_PLAIN) { 80 login = (String ) request.getAttribute(Constants.AUTH_LOGIN_KEY); 81 String authenticator = (String ) request.getAttribute(Constants.AUTH_VALUE_KEY); 82 if(login == null || login.equals("")) { 83 login = (String ) PropertyUtils.getSimpleProperty(form, "login"); 84 } 85 if(authenticator == null || authenticator.equals("")) { 86 authenticator = (String ) PropertyUtils.getSimpleProperty(form, "password"); 87 } 88 encPassword = UserUtilities.encryptPassword(authenticator); 89 90 Logger.logDebug("Attempting login with plaintext password for user " + login); 91 user = uh.checkLogin(login, authenticator, AuthenticationConstants.AUTH_TYPE_PASSWORD_PLAIN, AuthenticationConstants.REQ_SOURCE_WEB); 92 } else if(authType == AuthenticationConstants.AUTH_TYPE_PASSWORD_ENC) { 93 login = (String ) request.getAttribute(Constants.AUTH_LOGIN_KEY); 94 String authenticator = (String ) request.getAttribute(Constants.AUTH_VALUE_KEY); 95 if(login == null || login.equals("")) { 96 login = (String ) PropertyUtils.getSimpleProperty(form, "login"); 97 } 98 if(authenticator == null || authenticator.equals("")) { 99 authenticator = (String ) PropertyUtils.getSimpleProperty(form, "encpassword"); 100 } 101 encPassword = authenticator; 102 103 Logger.logDebug("Attempting login with encrypted password for user " + login); 104 user = uh.checkLogin(login, authenticator, AuthenticationConstants.AUTH_TYPE_PASSWORD_ENC, AuthenticationConstants.REQ_SOURCE_WEB); 105 } else if(authType == AuthenticationConstants.AUTH_TYPE_REQUEST) { 106 Logger.logDebug("Attempting login with request object"); 107 user = uh.checkLogin(login, request, AuthenticationConstants.AUTH_TYPE_REQUEST, AuthenticationConstants.REQ_SOURCE_WEB); 108 } else { 109 Logger.logDebug("Attempting login with with unknown auth type"); 110 user = uh.checkLogin(login, request, AuthenticationConstants.AUTH_TYPE_UNKNOWN, AuthenticationConstants.REQ_SOURCE_WEB); 111 } 112 113 if(user == null) { 114 throw new AuthenticatorException(AuthenticatorException.UNKNOWN_USER); 115 } 116 login = user.getLogin(); 117 118 setupSession(user, encPassword, request, response); 119 120 String redirect = request.getParameter(Constants.AUTH_REDIRECT_KEY); 121 Logger.logDebug("Redirect URL from request param = " + redirect); 122 if(redirect == null || "".equals(redirect)) { 123 redirect = (String ) request.getAttribute(Constants.AUTH_REDIRECT_KEY); 124 Logger.logDebug("Redirect URL from request attribute = " + redirect); 125 } 126 int redirectIndex = (redirect == null ? -1 : redirect.indexOf("?" + Constants.AUTH_REDIRECT_KEY + "=")); 127 if(redirectIndex > -1) { 128 int extraParamIndex = redirect.indexOf("&", redirectIndex); 129 int lastParamIndex = redirect.lastIndexOf("&", redirectIndex); 130 if(Logger.isLoggingDebug()) { 131 Logger.logDebug("Original redirect URL = " + redirect); 132 Logger.logDebug("Redirect Index: " + redirectIndex + " ExtraParamIndex: " + extraParamIndex + " LastParamIndex: " + lastParamIndex); 133 } 134 if(extraParamIndex > -1 && lastParamIndex > -1) { 135 redirect = redirect.substring(0, redirectIndex) + "?" + redirect.substring(extraParamIndex + 1, lastParamIndex); 136 } else if(extraParamIndex > -1) { 137 redirect = redirect.substring(0, redirectIndex) + "?" + redirect.substring(extraParamIndex + 1); 138 } else { 139 redirect = redirect.substring(0, redirectIndex); 140 } 141 } 142 SessionManager.createSession(user.getLogin()); 143 Logger.logInfo("User " + (user != null ? user.getLogin() : "UNKNOWN") + " logged in successfully."); 144 if(redirect == null || "".equals(redirect)) { 145 return mapping.findForward("index"); 146 } else { 147 if(Logger.isLoggingDebug()) { 148 Logger.logDebug("Redirecting to " + redirect); 149 } 150 return new ActionForward(redirect, true); 151 } 152 } catch(IllegalStateException ise) { 153 if(Logger.isLoggingDebug()) { 154 Logger.logDebug("IllegalStateException caught during login.", ise); 155 } 156 errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("itracker.web.error.login.system")); 157 } catch(AuthenticatorException le) { 158 if(Logger.isLoggingDebug()) { 159 Logger.logDebug("Login Exception for user " + (login != null ? login : "UNKNOWN") + ". Type = " + le.getType(), le); 160 } 161 if(le.getType() == AuthenticatorException.INVALID_PASSWORD) { 162 errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("itracker.web.error.login.badpass")); 163 } else if(le.getType() == AuthenticatorException.INACTIVE_ACCOUNT) { 164 errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("itracker.web.error.login.inactive")); 165 } else if(le.getType() == AuthenticatorException.UNKNOWN_USER) { 166 errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("itracker.web.error.login.unknown")); 167 } else if(le.getType() == AuthenticatorException.INVALID_AUTHENTICATION_TYPE) { 168 errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("itracker.web.error.login.system")); 169 } else if(le.getType() == AuthenticatorException.CUSTOM_ERROR) { 170 errors.add(ActionErrors.GLOBAL_ERROR, new ActionError(le.getMessageKey())); 171 } else { 172 errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("itracker.web.error.login.system")); 173 } 174 175 if(le.getErrorPageType() == AuthenticatorException.ERRORPAGE_TYPE_FORWARD) { 176 errorMapping = mapping.findForward(le.getErrorPageValue()); 177 } else if(le.getErrorPageType() == AuthenticatorException.ERRORPAGE_TYPE_URL) { 178 errorMapping = new ActionForward(le.getErrorPageValue()); 179 } 180 } 181 Logger.logInfo("User " + (login != null ? login : "UNKNOWN") + " login unsucessful."); 182 } catch(NamingException ne) { 183 errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("itracker.web.error.login.system")); 184 Logger.logError("Could not locate session EJB for login.", ne); 185 } catch(CreateException ce) { 186 errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("itracker.web.error.login.system")); 187 Logger.logError("Could not create session EJB for login.", ce); 188 } catch(Exception e) { 189 errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("itracker.web.error.login.system")); 190 Logger.logError("System Error.", e); 191 } 192 if(! errors.isEmpty()) { 193 LogoffAction logoff = new LogoffAction(); 194 logoff.clearSession(login, request, response); 195 saveErrors(request, errors); 196 } 197 return (errorMapping == null ? mapping.findForward("login") : errorMapping); 198 } 199 200 public UserModel setupSession(String login, HttpServletRequest request, HttpServletResponse response) { 201 try { 202 InitialContext ic = new InitialContext(); 203 204 Object uhRef = ic.lookup("java:comp/env/" + UserHandler.JNDI_NAME); 205 UserHandlerHome uhHome = (UserHandlerHome) PortableRemoteObject.narrow(uhRef, UserHandlerHome.class); 206 UserHandler uh = uhHome.create(); 207 208 UserModel user = uh.getUserByLogin(login); 209 if(user != null) { 210 String encPassword = null; 211 Cookie[] cookies = request.getCookies(); 212 if(cookies != null) { 213 for(int i = 0; i < cookies.length; i++) { 214 if(Constants.COOKIE_NAME.equals(cookies[i].getName())) { 215 int seperator = cookies[i].getValue().indexOf('~'); 216 if(seperator > 0) { 217 encPassword = cookies[i].getValue().substring(seperator + 1); 218 } 219 } 220 } 221 } 222 223 return setupSession(user, encPassword, request, response); 224 } 225 } catch(NamingException ne) { 226 Logger.logError("Could not locate session EJB for login reset.", ne); 227 } catch(CreateException ce) { 228 Logger.logError("Could not create session EJB for login reset.", ce); 229 } 230 return null; 231 } 232 233 public UserModel setupSession(UserModel user, String encPassword, HttpServletRequest request, HttpServletResponse response) { 234 if(user == null) { 235 return null; 236 } 237 238 try { 239 InitialContext ic = new InitialContext(); 240 241 Object uhRef = ic.lookup("java:comp/env/" + UserHandler.JNDI_NAME); 242 UserHandlerHome uhHome = (UserHandlerHome) PortableRemoteObject.narrow(uhRef, UserHandlerHome.class); 243 UserHandler uh = uhHome.create(); 244 245 246 if(Logger.isLoggingDebug()) { 247 Logger.logDebug("Creating new session"); 248 } 249 HttpSession session = request.getSession(true); 250 251 if(Logger.isLoggingDebug()) { 252 Logger.logDebug("Setting session timeout to " + SESSION_TIMEOUT + " minutes"); 253 } 254 session.setMaxInactiveInterval(SESSION_TIMEOUT * 60); 255 256 if(Logger.isLoggingDebug()) { 257 Logger.logDebug("Setting session tracker"); 258 } 259 session.setAttribute(Constants.SESSION_TRACKER_KEY, new SessionTracker(user.getLogin(), session.getId())); 260 261 if(Logger.isLoggingDebug()) { 262 Logger.logDebug("Setting user information"); 263 } 264 session.setAttribute(Constants.USER_KEY, user); 265 266 if(Logger.isLoggingDebug()) { 267 Logger.logDebug("Setting preferences for user " + user.getLogin()); 268 } 269 UserPreferencesModel userPrefs = uh.getUserPreferencesByUserId(user.getId()); 270 session.setAttribute(Constants.PREFERENCES_KEY, userPrefs); 271 272 if(Logger.isLoggingDebug()) { 273 Logger.logDebug("Setting user locale to " + ITrackerResources.getLocale(userPrefs.getUserLocale())); 274 } 275 session.setAttribute(Constants.LOCALE_KEY, ITrackerResources.getLocale(userPrefs.getUserLocale())); 276 277 if(Logger.isLoggingDebug()) { 278 Logger.logDebug("Setting autologin cookie for user " + user.getLogin()); 279 } 280 Cookie cookie = new Cookie(Constants.COOKIE_NAME, ""); 281 cookie.setPath(request.getContextPath()); 282 if(userPrefs.getSaveLogin()) { 283 if(encPassword != null) { 284 if(Logger.isLoggingDebug()) { 285 Logger.logDebug("User allows autologin"); 286 } 287 cookie.setComment("ITracker autologin cookie"); 288 cookie.setValue(user.getLogin() + "~" + encPassword); 289 cookie.setMaxAge(30 * 24 * 60 * 60); 290 } 291 } else { 292 if(Logger.isLoggingDebug()) { 293 Logger.logDebug("User does not allow autologin"); 294 } 295 cookie.setValue(""); 296 cookie.setMaxAge(0); 297 } 298 response.addCookie(cookie); 299 300 if(Logger.isLoggingDebug()) { 301 Logger.logDebug("Setting permissions for user " + user.getLogin()); 302 } 303 HashMap permissions = uh.getUserPermissions(user, AuthenticationConstants.REQ_SOURCE_WEB); 304 session.setAttribute(Constants.PERMISSIONS_KEY, permissions); 305 306 session.setAttribute(Constants.SEARCH_QUERY_KEY, null); 308 309 SessionManager.clearSessionNeedsReset(user.getLogin()); 310 if(Logger.isLoggingDebug()) { 311 Logger.logDebug("User session data updated."); 312 } 313 return user; 314 } catch(NamingException ne) { 315 Logger.logError("Could not locate session EJB for login reset.", ne); 316 } catch(CreateException ce) { 317 Logger.logError("Could not create session EJB for login reset.", ce); 318 } 319 return null; 320 } 321 322 } 323 | Popular Tags |