UserAction


1   package org.appfuse.webapp.action;
2   
3   import java.util.List  ;
4   
5   import javax.servlet.http.HttpServletRequest  ;
6   import javax.servlet.http.HttpServletResponse  ;
7   
8   import org.acegisecurity.Authentication;
9   import org.acegisecurity.AuthenticationTrustResolver;
10  import org.acegisecurity.AuthenticationTrustResolverImpl;
11  import org.acegisecurity.context.SecurityContextHolder;
12  import org.acegisecurity.context.SecurityContext;
13  
14  import org.apache.commons.beanutils.BeanUtils;
15  import org.apache.commons.lang.StringUtils;
16  import org.apache.struts.action.ActionForm;
17  import org.apache.struts.action.ActionForward;
18  import org.apache.struts.action.ActionMapping;
19  import org.apache.struts.action.ActionMessage;
20  import org.apache.struts.action.ActionMessages;
21  import org.apache.struts.util.MessageResources;
22  import org.appfuse.Constants;
23  import org.appfuse.model.Role;
24  import org.appfuse.model.User;
25  import org.appfuse.service.MailEngine;
26  import org.appfuse.service.RoleManager;
27  import org.appfuse.service.UserExistsException;
28  import org.appfuse.service.UserManager;
29  import org.appfuse.util.StringUtil;
30  import org.appfuse.webapp.form.UserForm;
31  import org.appfuse.webapp.util.RequestUtil;
32  import org.springframework.mail.SimpleMailMessage;
33  
34  /**
35   * Implementation of <strong>Action</strong> that interacts with the {@link
36   * UserForm} and retrieves values.  It interacts with the {@link
37   * UserManager} to retrieve/persist values to the database.
38   *
39   * <p>
40   * <a HREF="UserAction.java.htm"><i>View Source</i></a>
41   * </p>
42   *
43   * @author <a HREF="mailto:matt@raibledesigns.com">Matt Raible</a>
44   *  Modified by <a HREF="mailto:dan@getrolling.com">Dan Kibler</a>
45   *
46   * @struts.action name="userForm" path="/users" scope="request"
47   *  validate="false" parameter="method" input="mainMenu" roles="admin"
48   * @struts.action name="userForm" path="/editUser" scope="request"
49   *  validate="false" parameter="method" input="list" roles="admin"
50   * @struts.action name="userForm" path="/editProfile" scope="request"
51   *  validate="false" parameter="method" input="mainMenu"
52   * @struts.action name="userForm" path="/saveUser" scope="request"
53   *  validate="false" parameter="method" input="edit"
54   *
55   * @struts.action-forward name="list" path="/WEB-INF/pages/userList.jsp"
56   * @struts.action-forward name="edit" path="/WEB-INF/pages/userForm.jsp"
57   */
58  public final class UserAction extends BaseAction {
59      
60      public ActionForward add(ActionMapping mapping, ActionForm form,
61                               HttpServletRequest   request,
62                               HttpServletResponse   response)
63      throws Exception   {
64          if (log.isDebugEnabled()) {
65              log.debug("Entering 'add' method");
66          }
67  
68          User user = new User();
69          user.addRole(new Role(Constants.USER_ROLE));
70          UserForm userForm = (UserForm) convert(user);
71          updateFormBean(mapping, request, userForm);
72  
73          checkForRememberMeLogin(request);
74  
75          return mapping.findForward("edit");
76      }
77  
78      public ActionForward cancel(ActionMapping mapping, ActionForm form,
79                                  HttpServletRequest   request,
80                                  HttpServletResponse   response)
81      throws Exception   {
82          if (log.isDebugEnabled()) {
83              log.debug("Entering 'cancel' method");
84          }
85  
86          if (!StringUtils.equals(request.getParameter("from"), "list")) {
87              return mapping.findForward("mainMenu");
88          } else {
89              return mapping.findForward("viewUsers");
90          }
91      }
92  
93      public ActionForward delete(ActionMapping mapping, ActionForm form,
94                                  HttpServletRequest   request,
95                                  HttpServletResponse   response)
96      throws Exception   {
97          if (log.isDebugEnabled()) {
98              log.debug("Entering 'delete' method");
99          }
100         
101         // Extract attributes and parameters we will need
102         ActionMessages messages = new ActionMessages();
103         UserForm userForm = (UserForm) form;
104 
105         // Exceptions are caught by ActionExceptionHandler
106         UserManager mgr = (UserManager) getBean("userManager");
107         mgr.removeUser(userForm.getId());
108 
109         messages.add(ActionMessages.GLOBAL_MESSAGE,
110                      new ActionMessage("user.deleted", userForm.getFirstName()
111                                        + ' ' + userForm.getLastName()));
112 
113         saveMessages(request.getSession(), messages);
114 
115         // return a forward to searching users
116         return mapping.findForward("viewUsers");
117     }
118 
119     public ActionForward edit(ActionMapping mapping, ActionForm form,
120                               HttpServletRequest   request,
121                               HttpServletResponse   response)
122     throws Exception   {
123         if (log.isDebugEnabled()) {
124             log.debug("Entering 'edit' method");
125         }
126 
127         UserForm userForm = (UserForm) form;
128 
129         // if URL is "editProfile" - make sure it's the current user
130         if (request.getRequestURI().indexOf("editProfile") > -1) {
131             // reject if username passed in or "list" parameter passed in
132             // someone that is trying this probably knows the AppFuse code
133             // but it's a legitimate bug, so I'll fix it. ;-)
134             if ((request.getParameter("username") != null) ||
135                     (request.getParameter("from") != null)) {
136                 response.sendError(HttpServletResponse.SC_FORBIDDEN);
137                 log.warn("User '" + request.getRemoteUser() + "' is trying to edit user '" +
138                          request.getParameter("username") + "'");
139 
140                 return null;
141             }
142         }
143 
144         // Exceptions are caught by ActionExceptionHandler
145         UserManager mgr = (UserManager) getBean("userManager");
146         User user = null;
147 
148         // if a user's username is passed in
149         if (request.getParameter("username") != null) {
150             // lookup the user using that id
151             user = mgr.getUserByUsername(userForm.getUsername());
152         } else {
153             // look it up based on the current user's id
154             user = mgr.getUserByUsername(request.getRemoteUser());
155         }
156 
157         BeanUtils.copyProperties(userForm, convert(user));
158         userForm.setConfirmPassword(userForm.getPassword());
159         updateFormBean(mapping, request, userForm);
160 
161         checkForRememberMeLogin(request);
162 
163         // return a forward to edit forward
164         return mapping.findForward("edit");
165     }
166 
167     public ActionForward save(ActionMapping mapping, ActionForm form,
168                               HttpServletRequest   request,
169                               HttpServletResponse   response)
170     throws Exception   {
171         if (log.isDebugEnabled()) {
172             log.debug("Entering 'save' method");
173         }
174         
175         // run validation rules on this form
176         // See https://appfuse.dev.java.net/issues/show_bug.cgi?id=128
177         ActionMessages errors = form.validate(mapping, request);
178 
179         if (!errors.isEmpty()) {
180             saveErrors(request, errors);
181             return mapping.findForward("edit");
182         }
183 
184         // Extract attributes and parameters we will need
185         ActionMessages messages = new ActionMessages();
186         UserForm userForm = (UserForm) form;
187         User user = new User();
188 
189         // Exceptions are caught by ActionExceptionHandler
190         // all we need to persist is the parent object
191         BeanUtils.copyProperties(user, userForm);
192 
193         Boolean   encrypt = (Boolean  ) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
194 
195         if (StringUtils.equals(request.getParameter("encryptPass"), "true") 
196                 && (encrypt != null && encrypt.booleanValue())) {
197             String   algorithm = (String  ) getConfiguration().get(Constants.ENC_ALGORITHM);
198 
199             if (algorithm == null) { // should only happen for test case
200                 log.debug("assuming testcase, setting algorithm to 'SHA'");
201                 algorithm = "SHA";
202             }
203 
204             user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
205         }
206 
207         UserManager mgr = (UserManager) getBean("userManager");
208         RoleManager roleMgr = (RoleManager) getBean("roleManager");
209         String  [] userRoles = request.getParameterValues("userRoles");
210 
211         for (int i = 0; userRoles != null &&  i < userRoles.length; i++) {
212             String   roleName = userRoles[i];
213             user.addRole(roleMgr.getRole(roleName));
214         }
215 
216         try {
217             mgr.saveUser(user);
218         } catch (UserExistsException e) {
219             log.warn(e.getMessage());
220             errors.add(ActionMessages.GLOBAL_MESSAGE,
221                        new ActionMessage("errors.existing.user",
222                                          userForm.getUsername(),
223                                          userForm.getEmail()));
224             saveErrors(request, errors);
225 
226             BeanUtils.copyProperties(userForm, convert(user));
227             userForm.setConfirmPassword(userForm.getPassword());
228             // reset the version # to what was passed in
229             userForm.setVersion(request.getParameter("version"));
230             updateFormBean(mapping, request, userForm); 
231             
232             return mapping.findForward("edit");
233         }
234 
235         BeanUtils.copyProperties(userForm, convert(user));
236         userForm.setConfirmPassword(userForm.getPassword());
237         updateFormBean(mapping, request, userForm);
238         
239         if (!StringUtils.equals(request.getParameter("from"), "list")) {
240             // add success messages
241             messages.add(ActionMessages.GLOBAL_MESSAGE,
242                          new ActionMessage("user.saved"));
243             saveMessages(request.getSession(), messages);
244 
245             // return a forward to main Menu
246             return mapping.findForward("mainMenu");
247         } else {
248             // add success messages
249             if ("".equals(request.getParameter("version"))) {
250                 messages.add(ActionMessages.GLOBAL_MESSAGE,
251                              new ActionMessage("user.added", user.getFullName()));
252                 saveMessages(request.getSession(), messages);
253                 sendNewUserEmail(request, userForm);
254 
255                 return mapping.findForward("addUser");
256             } else {
257                 messages.add(ActionMessages.GLOBAL_MESSAGE,
258                              new ActionMessage("user.updated.byAdmin",
259                                                user.getFullName()));
260                 saveMessages(request, messages);
261 
262                 return mapping.findForward("edit");
263             }
264         }
265     }
266 
267     public ActionForward search(ActionMapping mapping, ActionForm form,
268                                 HttpServletRequest   request,
269                                 HttpServletResponse   response)
270     throws Exception   {
271         if (log.isDebugEnabled()) {
272             log.debug("Entering 'search' method");
273         }
274 
275         UserForm userForm = (UserForm) form;
276 
277         // Exceptions are caught by ActionExceptionHandler
278         UserManager mgr = (UserManager) getBean("userManager");
279         User user = (User) convert(userForm);
280         List   users = mgr.getUsers(user);
281         request.setAttribute(Constants.USER_LIST, users);
282 
283         // return a forward to the user list definition
284         return mapping.findForward("list");
285     }
286     
287     public ActionForward unspecified(ActionMapping mapping, ActionForm form,
288                                      HttpServletRequest   request,
289                                      HttpServletResponse   response)
290     throws Exception   {
291         
292         return search(mapping, form, request, response);
293     }
294 
295     private void sendNewUserEmail(HttpServletRequest   request, UserForm userForm)
296     throws Exception   {
297         MessageResources resources = getResources(request);
298 
299         // Send user an e-mail
300         if (log.isDebugEnabled()) {
301             log.debug("Sending user '" + userForm.getUsername() +
302                       "' an account information e-mail");
303         }
304 
305         SimpleMailMessage message = (SimpleMailMessage) getBean("mailMessage");
306         message.setTo(userForm.getFullName() + "<" + userForm.getEmail() + ">");
307 
308         StringBuffer   msg = new StringBuffer  ();
309         msg.append(resources.getMessage("newuser.email.message",
310                                         userForm.getFullName()));
311         msg.append("\n\n" + resources.getMessage("userForm.username"));
312         msg.append(": " + userForm.getUsername() + "\n");
313         msg.append(resources.getMessage("userForm.password") + ": ");
314         msg.append(userForm.getPassword());
315         msg.append("\n\nLogin at: " + RequestUtil.getAppURL(request));
316         message.setText(msg.toString());
317 
318         message.setSubject(resources.getMessage("signup.email.subject"));
319 
320         MailEngine engine = (MailEngine) getBean("mailEngine");
321         engine.send(message);
322     }
323 
324     private void checkForRememberMeLogin(HttpServletRequest   request) {
325         // if user logged in with remember me, display a warning that they can't change passwords
326         log.debug("checking for remember me login...");
327 
328         AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl();
329         SecurityContext ctx = SecurityContextHolder.getContext();
330 
331         if (ctx != null) {
332             Authentication auth = ctx.getAuthentication();
333 
334             if (resolver.isRememberMe(auth)) {
335                 request.getSession().setAttribute("cookieLogin", "true");
336                 
337                 // add warning message
338                 ActionMessages messages = new ActionMessages();
339                 messages.add(ActionMessages.GLOBAL_MESSAGE,  new ActionMessage("userProfile.cookieLogin"));
340                 saveMessages(request, messages);
341             }
342         }
343     }
344 }
345
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags