Java > Open Source Codes > cowsultants > itracker > web > actions > LoginAction


1 /*
2  * This software was designed and created by Jason Carroll.
3  * Copyright (c) 2002, 2003, 2004 Jason Carroll.
4  * The author can be reached at jcarroll@cowsultants.com
5  * ITracker website: http://www.cowsultants.com
6  * ITracker forums: http://www.cowsultants.com/phpBB/index.php
7  *
8  * This program is free software; you can redistribute it and/or modify
9  * it only under the terms of the GNU General Public License as published by
10  * the Free Software Foundation; either version 2 of the License, or
11  * (at your option) any later version.
12  *
13  * This program is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16  * GNU General Public License for more details.
17  */
18
19 package cowsultants.itracker.web.actions;
20
21 import java.io.*;
22 import java.rmi.*;
23 import java.util.*;
24 import javax.ejb.*;
25 import javax.rmi.*;
26 import javax.naming.*;
27 import javax.servlet.*;
28 import javax.servlet.http.*;
29
30 import org.apache.commons.beanutils.*;
31 import org.apache.struts.action.*;
32 import org.apache.struts.util.*;
33
34 import cowsultants.itracker.ejb.client.exceptions.*;
35 import cowsultants.itracker.ejb.client.interfaces.*;
36 import cowsultants.itracker.ejb.client.models.*;
37 import cowsultants.itracker.ejb.client.resources.*;
38 import cowsultants.itracker.ejb.client.util.*;
39 import cowsultants.itracker.web.util.*;
40
41
42 public class LoginAction extends ITrackerAction {
43     private static int SESSION_TIMEOUT = 30;
44
45     static {
46         try {
47             InitialContext ic = new InitialContext();
48             Object scRef = ic.lookup("java:comp/env/" + SystemConfiguration.JNDI_NAME);
49             SystemConfigurationHome scHome = (SystemConfigurationHome) PortableRemoteObject.narrow(scRef, SystemConfigurationHome.class);
50             SystemConfiguration sc = scHome.create();
51
52             SESSION_TIMEOUT = sc.getIntegerProperty("web_session_timeout", SESSION_TIMEOUT);
53         } catch(Exception e) {
54         }
55     }
56
57     public LoginAction() {
58     }
59
60     public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
61         ActionErrors errors = new ActionErrors();
62         ActionForward errorMapping = null;
63         String login = null;
64
65         try {
66             InitialContext ic = new InitialContext();
67
68             Object uhRef = ic.lookup("java:comp/env/" + UserHandler.JNDI_NAME);
69             UserHandlerHome uhHome = (UserHandlerHome) PortableRemoteObject.narrow(uhRef, UserHandlerHome.class);
70             UserHandler uh = uhHome.create();
71
72
73             try {
74                 UserModel user = null;
75                 String encPassword = null;
76
77                 int authType = LoginUtilities.getRequestAuthType(request);
78
79                 if(authType == AuthenticationConstants.AUTH_TYPE_PASSWORD_PLAIN) {
80                     login = (String ) request.getAttribute(Constants.AUTH_LOGIN_KEY);
81                     String authenticator = (String ) request.getAttribute(Constants.AUTH_VALUE_KEY);
82                     if(login == null || login.equals("")) {
83                         login = (String ) PropertyUtils.getSimpleProperty(form, "login");
84                     }
85                     if(authenticator == null || authenticator.equals("")) {
86                         authenticator = (String ) PropertyUtils.getSimpleProperty(form, "password");
87                     }
88                     encPassword = UserUtilities.encryptPassword(authenticator);
89
90                     Logger.logDebug("Attempting login with plaintext password for user " + login);
91                     user = uh.checkLogin(login, authenticator, AuthenticationConstants.AUTH_TYPE_PASSWORD_PLAIN, AuthenticationConstants.REQ_SOURCE_WEB);
92                 } else if(authType == AuthenticationConstants.AUTH_TYPE_PASSWORD_ENC) {
93                     login = (String ) request.getAttribute(Constants.AUTH_LOGIN_KEY);
94                     String authenticator = (String ) request.getAttribute(Constants.AUTH_VALUE_KEY);
95                     if(login == null || login.equals("")) {
96                         login = (String ) PropertyUtils.getSimpleProperty(form, "login");
97                     }
98                     if(authenticator == null || authenticator.equals("")) {
99                         authenticator = (String ) PropertyUtils.getSimpleProperty(form, "encpassword");
100                     }
101                     encPassword = authenticator;
102
103                     Logger.logDebug("Attempting login with encrypted password for user " + login);
104                     user = uh.checkLogin(login, authenticator, AuthenticationConstants.AUTH_TYPE_PASSWORD_ENC, AuthenticationConstants.REQ_SOURCE_WEB);
105                 } else if(authType == AuthenticationConstants.AUTH_TYPE_REQUEST) {
106                     Logger.logDebug("Attempting login with request object");
107                     user = uh.checkLogin(login, request, AuthenticationConstants.AUTH_TYPE_REQUEST, AuthenticationConstants.REQ_SOURCE_WEB);
108                 } else {
109                     Logger.logDebug("Attempting login with with unknown auth type");
110                     user = uh.checkLogin(login, request, AuthenticationConstants.AUTH_TYPE_UNKNOWN, AuthenticationConstants.REQ_SOURCE_WEB);
111                 }
112
113                 if(user == null) {
114                     throw new AuthenticatorException(AuthenticatorException.UNKNOWN_USER);
115                 }
116                 login = user.getLogin();
117
118                 setupSession(user, encPassword, request, response);
119
120                 String redirect = request.getParameter(Constants.AUTH_REDIRECT_KEY);
121                 Logger.logDebug("Redirect URL from request param = " + redirect);
122                 if(redirect == null || "".equals(redirect)) {
123                     redirect = (String ) request.getAttribute(Constants.AUTH_REDIRECT_KEY);
124                     Logger.logDebug("Redirect URL from request attribute = " + redirect);
125                 }
126                 int redirectIndex = (redirect == null ? -1 : redirect.indexOf("?" + Constants.AUTH_REDIRECT_KEY + "="));
127                 if(redirectIndex > -1) {
128                     int extraParamIndex = redirect.indexOf("&", redirectIndex);
129                     int lastParamIndex = redirect.lastIndexOf("&", redirectIndex);
130                     if(Logger.isLoggingDebug()) {
131                         Logger.logDebug("Original redirect URL = " + redirect);
132                         Logger.logDebug("Redirect Index: " + redirectIndex + " ExtraParamIndex: " + extraParamIndex + " LastParamIndex: " + lastParamIndex);
133                     }
134                     if(extraParamIndex > -1 && lastParamIndex > -1) {
135                         redirect = redirect.substring(0, redirectIndex) + "?" + redirect.substring(extraParamIndex + 1, lastParamIndex);
136                     } else if(extraParamIndex > -1) {
137                         redirect = redirect.substring(0, redirectIndex) + "?" + redirect.substring(extraParamIndex + 1);
138                     } else {
139                         redirect = redirect.substring(0, redirectIndex);
140                     }
141                 }
142                 SessionManager.createSession(user.getLogin());
143                 Logger.logInfo("User " + (user != null ? user.getLogin() : "UNKNOWN") + " logged in successfully.");
144                 if(redirect == null || "".equals(redirect)) {
145                     return mapping.findForward("index");
146                 } else {
147                     if(Logger.isLoggingDebug()) {
148                         Logger.logDebug("Redirecting to " + redirect);
149                     }
150                     return new ActionForward(redirect, true);
151                 }
152             } catch(IllegalStateException ise) {
153                 if(Logger.isLoggingDebug()) {
154                     Logger.logDebug("IllegalStateException caught during login.", ise);
155                 }
156                 errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("itracker.web.error.login.system"));
157             } catch(AuthenticatorException le) {
158                 if(Logger.isLoggingDebug()) {
159                     Logger.logDebug("Login Exception for user " + (login != null ? login : "UNKNOWN") + ". Type = " + le.getType(), le);
160                 }
161                 if(le.getType() == AuthenticatorException.INVALID_PASSWORD) {
162                     errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("itracker.web.error.login.badpass"));
163                 } else if(le.getType() == AuthenticatorException.INACTIVE_ACCOUNT) {
164                     errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("itracker.web.error.login.inactive"));
165                 } else if(le.getType() == AuthenticatorException.UNKNOWN_USER) {
166                     errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("itracker.web.error.login.unknown"));
167                 } else if(le.getType() == AuthenticatorException.INVALID_AUTHENTICATION_TYPE) {
168                     errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("itracker.web.error.login.system"));
169                 } else if(le.getType() == AuthenticatorException.CUSTOM_ERROR) {
170                     errors.add(ActionErrors.GLOBAL_ERROR, new ActionError(le.getMessageKey()));
171                 } else {
172                     errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("itracker.web.error.login.system"));
173                 }
174
175                 if(le.getErrorPageType() == AuthenticatorException.ERRORPAGE_TYPE_FORWARD) {
176                     errorMapping = mapping.findForward(le.getErrorPageValue());
177                 } else if(le.getErrorPageType() == AuthenticatorException.ERRORPAGE_TYPE_URL) {
178                     errorMapping = new ActionForward(le.getErrorPageValue());
179                 }
180             }
181             Logger.logInfo("User " + (login != null ? login : "UNKNOWN") + " login unsucessful.");
182         } catch(NamingException ne) {
183             errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("itracker.web.error.login.system"));
184             Logger.logError("Could not locate session EJB for login.", ne);
185         } catch(CreateException ce) {
186             errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("itracker.web.error.login.system"));
187             Logger.logError("Could not create session EJB for login.", ce);
188         } catch(Exception e) {
189             errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("itracker.web.error.login.system"));
190             Logger.logError("System Error.", e);
191         }
192         if(! errors.isEmpty()) {
193             LogoffAction logoff = new LogoffAction();
194             logoff.clearSession(login, request, response);
195             saveErrors(request, errors);
196         }
197         return (errorMapping == null ? mapping.findForward("login") : errorMapping);
198     }
199
200     public UserModel setupSession(String login, HttpServletRequest request, HttpServletResponse response) {
201         try {
202             InitialContext ic = new InitialContext();
203
204             Object uhRef = ic.lookup("java:comp/env/" + UserHandler.JNDI_NAME);
205             UserHandlerHome uhHome = (UserHandlerHome) PortableRemoteObject.narrow(uhRef, UserHandlerHome.class);
206             UserHandler uh = uhHome.create();
207
208             UserModel user = uh.getUserByLogin(login);
209             if(user != null) {
210                 String encPassword = null;
211                 Cookie[] cookies = request.getCookies();
212                 if(cookies != null) {
213                     for(int i = 0; i < cookies.length; i++) {
214                         if(Constants.COOKIE_NAME.equals(cookies[i].getName())) {
215                             int seperator = cookies[i].getValue().indexOf('~');
216                             if(seperator > 0) {
217                                 encPassword = cookies[i].getValue().substring(seperator + 1);
218                             }
219                         }
220                     }
221                 }
222
223                 return setupSession(user, encPassword, request, response);
224             }
225         } catch(NamingException ne) {
226             Logger.logError("Could not locate session EJB for login reset.", ne);
227         } catch(CreateException ce) {
228             Logger.logError("Could not create session EJB for login reset.", ce);
229         }
230         return null;
231     }
232
233     public UserModel setupSession(UserModel user, String encPassword, HttpServletRequest request, HttpServletResponse response) {
234         if(user == null) {
235             return null;
236         }
237
238         try {
239             InitialContext ic = new InitialContext();
240
241             Object uhRef = ic.lookup("java:comp/env/" + UserHandler.JNDI_NAME);
242             UserHandlerHome uhHome = (UserHandlerHome) PortableRemoteObject.narrow(uhRef, UserHandlerHome.class);
243             UserHandler uh = uhHome.create();
244
245
246             if(Logger.isLoggingDebug()) {
247                 Logger.logDebug("Creating new session");
248             }
249             HttpSession session = request.getSession(true);
250
251             if(Logger.isLoggingDebug()) {
252                 Logger.logDebug("Setting session timeout to " + SESSION_TIMEOUT + " minutes");
253             }
254             session.setMaxInactiveInterval(SESSION_TIMEOUT * 60);
255
256             if(Logger.isLoggingDebug()) {
257                 Logger.logDebug("Setting session tracker");
258             }
259             session.setAttribute(Constants.SESSION_TRACKER_KEY, new SessionTracker(user.getLogin(), session.getId()));
260
261             if(Logger.isLoggingDebug()) {
262                 Logger.logDebug("Setting user information");
263             }
264             session.setAttribute(Constants.USER_KEY, user);
265
266             if(Logger.isLoggingDebug()) {
267                 Logger.logDebug("Setting preferences for user " + user.getLogin());
268             }
269             UserPreferencesModel userPrefs = uh.getUserPreferencesByUserId(user.getId());
270             session.setAttribute(Constants.PREFERENCES_KEY, userPrefs);
271
272             if(Logger.isLoggingDebug()) {
273                 Logger.logDebug("Setting user locale to " + ITrackerResources.getLocale(userPrefs.getUserLocale()));
274             }
275             session.setAttribute(Constants.LOCALE_KEY, ITrackerResources.getLocale(userPrefs.getUserLocale()));
276
277             if(Logger.isLoggingDebug()) {
278                 Logger.logDebug("Setting autologin cookie for user " + user.getLogin());
279             }
280             Cookie cookie = new Cookie(Constants.COOKIE_NAME, "");
281             cookie.setPath(request.getContextPath());
282             if(userPrefs.getSaveLogin()) {
283                 if(encPassword != null) {
284                     if(Logger.isLoggingDebug()) {
285                         Logger.logDebug("User allows autologin");
286                     }
287                     cookie.setComment("ITracker autologin cookie");
288                     cookie.setValue(user.getLogin() + "~" + encPassword);
289                     cookie.setMaxAge(30 * 24 * 60 * 60);
290                 }
291             } else {
292                 if(Logger.isLoggingDebug()) {
293                     Logger.logDebug("User does not allow autologin");
294                 }
295                 cookie.setValue("");
296                 cookie.setMaxAge(0);
297             }
298             response.addCookie(cookie);
299
300             if(Logger.isLoggingDebug()) {
301                 Logger.logDebug("Setting permissions for user " + user.getLogin());
302             }
303             HashMap permissions = uh.getUserPermissions(user, AuthenticationConstants.REQ_SOURCE_WEB);
304             session.setAttribute(Constants.PERMISSIONS_KEY, permissions);
305
306             //Reset some session forms
307 session.setAttribute(Constants.SEARCH_QUERY_KEY, null);
308
309             SessionManager.clearSessionNeedsReset(user.getLogin());
310             if(Logger.isLoggingDebug()) {
311                 Logger.logDebug("User session data updated.");
312             }
313             return user;
314         } catch(NamingException ne) {
315             Logger.logError("Could not locate session EJB for login reset.", ne);
316         } catch(CreateException ce) {
317             Logger.logError("Could not create session EJB for login reset.", ce);
318         }
319         return null;
320     }
321
322 }
323   

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags