KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > golfShop > business > user > GolfShopUserManagerImpl


1 /*
2  * Enhydra Java Application Server
3  * The Initial Developer of the Original Code is Lutris Technologies Inc.
4  * Portions created by Lutris are Copyright (C) 1997-2000 Lutris Technologies
5  * Inc.
6  * All Rights Reserved.
7  *
8  * The contents of this file are subject to the Enhydra Public License Version
9  * 1.0 (the "License"); you may not use this file except in compliance with the
10  * License. You may obtain a copy of the License at
11  * http://www.enhydra.org/software/license/epl.html
12  *
13  * Software distributed under the License is distributed on an "AS IS" basis,
14  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
15  * License for the specific language governing rights and limitations under the
16  * License.
17  *
18  *
19  */
20
21 package golfShop.business.user;
22
23 import java.io.*;
24 import java.net.*;
25 import java.security.*;
26 import java.util.*;
27 import com.lutris.appserver.server.user.*;
28 import com.lutris.appserver.server.session.*;
29 import com.lutris.util.*;
30 import golfShop.data.user.UserDOImpl;
31
32 import golfShop.business.item.ItemQuery;
33 import golfShop.business.cart.CartImpl;
34 import golfShop.spec.user.*;
35 import golfShop.spec.LoginException;
36 /**
37  * The User Manager Business Object. This object handles requests
38  * for user specific data and login verification.
39  *
40  * @author Shawn McMurdo
41  * @version $Revision: 1.1 $
42  */
43 public class GolfShopUserManagerImpl implements GolfShopUserManager {
44     /**
45      * Username and password verification was successful.
46      */
47     public final int AUTH_OK = 0;
48
49     /**
50      * Username and password verification failed because of
51      * authentication failure.
52      * AUTH_FAILED is thrown by a login request if the username
53      * does not exist in the User database, the password was
54      * incorrect, or an otherwise unknown error occured during the login
55      * request. The reason for the third case is that it is not wise from a
56      * security standpoint to give unknown users potentially valuable
57      * information about possible errors occuring in the login facility.
58      */
59     public final int AUTH_FAILED = 1;
60
61     /**
62      * UNKNOWN_ERROR is indicated by methods other than the user login method
63      * to report that an unknown error has prevented a request from
64      * being processed. The UserManager.login() method reports
65      * AUTH_FAILED for unknown errors for security reasons.
66      */
67     public final int UNKNOWN_ERROR = 2;
68
69     /**
70      * IO_ERROR is thrown by methods of the UserManager if a
71      * communication failure prevented access to required information
72      * from the User database or elsewhere.
73      */
74     public final int IO_ERROR = 3;
75     
76     /**
77      * PERMISSION_DENIED indicates that a UserManager method has
78      * failed because the requesting user has insufficient privilege
79      * to perform the requested operation.
80      */
81     public final int PERMISSION_DENIED = 4;
82     
83     /**
84      * MULTIPLE_LOGIN indicates that a user has attempted to login
85      * more than the maximum number of allowable sessions.
86      */
87     public final int MULTIPLE_LOGIN = 5;
88     
89     /**
90      * ACCOUNT_DISABLED indicates that the account for the
91      * requested user has been disabled by the administrator.
92      */
93     public final int ACCOUNT_DISABLED = 6;
94     
95     /**
96      * PASSWORD_TYPO indicates that the two copies of the new
97      * password were not identical, implying that a user may have
98      * accidentally typed a new password incorrectly.
99      */
100     public final int PASSWORD_TYPO = 7;
101
102     /**
103      * PASSWORD_WEAK indicates that the UserManager refused
104      * to accept a user's password change request because the new password
105      * does not comply with policy relating to password strength. For
106      * example, the password may not have been long enough or contained
107      * enough nonalphabetic characters.
108      */
109     public final int PASSWORD_WEAK = 8;
110
111     /**
112      * UNKNOWN_HOST indicates that a login attempt failed because the IP
113      * address of the requester's host was not furnished with the login
114      * request.
115      */
116     public final int UNKNOWN_HOST = 9;
117
118     /**
119      * USERNAME_ALREADY_EXISTS indicates that a new account could not be
120      * created because an account with that same username already exists.
121      */
122     public final int USERNAME_ALREADY_EXISTS = 10;
123
124     /**
125      * The GolfShop application instance that this manager is
126      * a part of.
127      */
128
129
130     /**
131      * Process an authentication request. Verify
132      * that the user's account and password are valid.
133      *
134      * @param username The username for the account.
135      * @param password The password entered by the user.
136      *
137      * @returns An int representing success (AUTH_OK), or a failure
138      * reason (AUTH_FAILED, AUTH_IO_ERROR).
139      */
140     public int authenticate(String JavaDoc username, String JavaDoc password) {
141         // Get user from database.
142 UserDO theUser = UserDOImpl.lookupUser(username);
143         if (theUser == null) {
144             // No such user.
145 return AUTH_FAILED;
146         }
147         // Check password.
148 return theUser.authenticate(password);
149     }
150     
151     /**
152      * Process a login request issued by a user. Verify
153      * that the user's account and password are valid.
154      * A username may be logged in multiple times. If the login is
155      * sucessfull, the session object's user pointer is set to the
156      * user data object represeting the logged in username.
157      *
158      * @param username The user identification entered by the user.
159      * @param password The password entered by the user.
160      * @param session The session object for the broweser attempting the
161      * login.
162      * @exception LoginException Thrown if authentication fails.
163      */
164     public void login(String JavaDoc username, String JavaDoc password, Session session)
165                         throws LoginException, SessionException {
166         Session standardSession = (Session)session;
167         SessionManager standardSessionManager =
168             (SessionManager)session.getSessionManager();
169         SessionData sd = standardSession.getSessionData();
170         // Verify the login.
171 // Get user from database.
172 UserDO theUser = UserDOImpl.lookupUser(username);
173         if (theUser == null)
174             // No such user.
175 refuse(AUTH_FAILED);
176         // Check password.
177 if (theUser.authenticate(password) != AUTH_OK)
178             refuse(AUTH_FAILED);
179
180         /*
181          * Even if the user is already logged in, allow the login.
182          * If they are already logged in, they have already connected to
183          * the Lutris Business Server, and so they already have a session
184          * cookie and an assocated session object exists in the session
185          * manager.
186          * Either way, give them a new (empty) cart.
187          *
188          * This is an important policy decision. We could re-use the
189          * existing session key, so the two users share one cart. Or we
190          * could have the new login to terminate the old session by
191          * elimintating the previous session key. Or we could deny the
192          * new login. It depends on how you want your application to behave.
193          */
194         if (standardSession.getUser() != null) {
195             standardSession.clearUser();
196             try {
197                 sd.remove("cart"); // Throw away old cart.
198 } catch (KeywordValueException e) {
199                 throw new FatalExceptionError(e);
200             }
201         }
202
203         /*
204          * Save the user in the session. This signifies that the
205          * session is valid, and the user is logged in. When the user fisrt
206          * connects to this application, she will be given a new session,
207          * but the user is not logged in so the user pointer is null.
208          * That is, new sessions have an internal user pointer. It is
209          * initally null. Until we set it, the user for a given session
210          * is not considered logged in.
211          */
212         standardSession.setUser((UserDOImpl)theUser);
213
214         /*
215          * Save the cart in the session data so it is available for each
216          * request they make.
217          */
218         try {
219             sd.set("cart", new CartImpl(ItemQuery.global));
220         } catch (KeywordValueException e) {
221             throw new LoginException(UNKNOWN_ERROR);
222         }
223     }
224     
225     /**
226      *
227      * @param session The session to log out.
228      */
229     public void logout(Session session) throws SessionException {
230         if (session != null) {
231             /*DTDT 260604*/
232             try{
233                 SessionData sessionData=session.getSessionData();
234                 String JavaDoc [] sessinDataKeys=sessionData.leafKeys();
235                 for (int i=0;i<sessinDataKeys.length;i++){
236                     sessionData.remove(sessinDataKeys[i]);
237                 }
238             }catch (Exception JavaDoc e){
239                 throw new SessionException(e.getMessage());
240             }
241             
242             //session.getSessionManager().deleteSession(session.getSessionKey());
243 }
244     }
245     
246     /**
247      * Internal convenience method to throw a login refusal error.
248      *
249      * @param why The error code indicating why the request failed.
250      */
251     private static final void refuse(int why) throws LoginException {
252         throw new LoginException(why);
253     }
254
255
256
257     /**
258      * This function creates a new account, then calls login() above to
259      * create the session etc...
260      *
261      * @param username The user identification entered by the user.
262      * @param password The password entered by the user.
263      * @returns A cookie representing the user's new session.
264      * @exception LoginException Thrown if authentication fails.
265      */
266     public void createAccount(String JavaDoc username,
267                               String JavaDoc password,
268                               String JavaDoc address1,
269                               String JavaDoc address2,
270                               String JavaDoc city,
271                               String JavaDoc state,
272                               String JavaDoc zip,
273                               String JavaDoc creditCard,
274                               String JavaDoc email,
275                               Session session) throws LoginException, SessionException {
276
277         // Verify the username is available.
278 // Get user from database.
279 UserDO theUser = UserDOImpl.lookupUser(username);
280         if (theUser != null) {
281             // That user name is already taken.
282 refuse(USERNAME_ALREADY_EXISTS);
283         }
284         // Create the new user account/data-object.
285 UserDO newUser = UserDOImpl.createUser(username,
286                         password, address1, address2, city,
287                         state, zip, creditCard, email);
288         if (newUser == null)
289             refuse(UNKNOWN_ERROR);
290         // Now that the account exists, log in like normal.
291 login(username, password, session);
292     }
293
294
295     /*
296      * This is just defined so that we meet the UserManager interface
297      * specs. In a larger application this would be usefull, but in this
298      * demo it is not used.
299     */
300     public User getUser(String JavaDoc username) {
301         return (User) UserDOImpl.lookupUser(username);
302     }
303 }
304
305
Popular Tags