KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > appfuse > webapp > action > UserFormController


1 package org.appfuse.webapp.action;
2
3 import java.util.Locale JavaDoc;
4
5 import javax.servlet.http.HttpServletRequest JavaDoc;
6 import javax.servlet.http.HttpServletResponse JavaDoc;
7
8 import org.acegisecurity.Authentication;
9 import org.acegisecurity.AuthenticationTrustResolver;
10 import org.acegisecurity.AuthenticationTrustResolverImpl;
11 import org.acegisecurity.context.SecurityContextHolder;
12 import org.acegisecurity.context.SecurityContext;
13
14 import org.apache.commons.lang.StringUtils;
15 import org.appfuse.Constants;
16 import org.appfuse.model.Role;
17 import org.appfuse.model.User;
18 import org.appfuse.service.RoleManager;
19 import org.appfuse.service.UserManager;
20 import org.appfuse.service.UserExistsException;
21 import org.appfuse.util.StringUtil;
22 import org.appfuse.webapp.util.RequestUtil;
23 import org.springframework.validation.BindException;
24 import org.springframework.web.servlet.ModelAndView;
25 import org.springframework.web.servlet.view.RedirectView;
26
27 /**
28  * Implementation of <strong>SimpleFormController</strong> that interacts with
29  * the {@link UserManager} to retrieve/persist values to the database.
30  *
31  * <p><a HREF="UserFormController.java.htm"><i>View Source</i></a>
32  *
33  * @author <a HREF="mailto:matt@raibledesigns.com">Matt Raible</a>
34  */
35 public class UserFormController extends BaseFormController {
36     private RoleManager roleManager;
37
38     /**
39      * @param roleManager The roleManager to set.
40      */
41     public void setRoleManager(RoleManager roleManager) {
42         this.roleManager = roleManager;
43     }
44     
45     public UserFormController() {
46         setCommandName("user");
47         setCommandClass(User.class);
48     }
49
50     public ModelAndView processFormSubmission(HttpServletRequest JavaDoc request,
51                                               HttpServletResponse JavaDoc response,
52                                               Object JavaDoc command,
53                                               BindException errors)
54     throws Exception JavaDoc {
55         if (request.getParameter("cancel") != null) {
56             if (!StringUtils.equals(request.getParameter("from"), "list")) {
57                 return new ModelAndView(getCancelView());
58             } else {
59                 return new ModelAndView(getSuccessView());
60             }
61         }
62
63         return super.processFormSubmission(request, response, command, errors);
64     }
65
66     public ModelAndView onSubmit(HttpServletRequest JavaDoc request,
67                                  HttpServletResponse JavaDoc response, Object JavaDoc command,
68                                  BindException errors)
69     throws Exception JavaDoc {
70         if (log.isDebugEnabled()) {
71             log.debug("entering 'onSubmit' method...");
72         }
73
74         User user = (User) command;
75         Locale JavaDoc locale = request.getLocale();
76
77         if (request.getParameter("delete") != null) {
78             getUserManager().removeUser(user.getId().toString());
79             saveMessage(request, getText("user.deleted", user.getFullName(), locale));
80
81             return new ModelAndView(getSuccessView());
82         } else {
83             Boolean JavaDoc encrypt = (Boolean JavaDoc) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
84
85             if (StringUtils.equals(request.getParameter("encryptPass"), "true")
86                     && (encrypt != null && encrypt.booleanValue())) {
87
88                 String JavaDoc algorithm = (String JavaDoc) getConfiguration().get(Constants.ENC_ALGORITHM);
89
90                 if (algorithm == null) { // should only happen for test case
91
92                     if (log.isDebugEnabled()) {
93                         log.debug("assuming testcase, setting algorithm to 'SHA'");
94                     }
95
96                     algorithm = "SHA";
97                 }
98
99                 user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
100             }
101
102             String JavaDoc[] userRoles = request.getParameterValues("userRoles");
103
104             if (userRoles != null) {
105                 // for some reason, Spring seems to hang on to the roles in
106 // the User object, even though isSessionForm() == false
107 user.getRoles().clear();
108                 for (int i = 0; i < userRoles.length; i++) {
109                     String JavaDoc roleName = userRoles[i];
110                     user.addRole(roleManager.getRole(roleName));
111                 }
112             }
113
114             Integer JavaDoc originalVersion = user.getVersion();
115             
116             try {
117                 getUserManager().saveUser(user);
118             } catch (UserExistsException e) {
119                 log.warn(e.getMessage());
120
121                 errors.rejectValue("username", "errors.existing.user",
122                                    new Object JavaDoc[] {
123                                        user.getUsername(), user.getEmail()
124                                    }, "duplicate user");
125
126                 // redisplay the unencrypted passwords
127 user.setPassword(user.getConfirmPassword());
128                 // reset the version # to what was passed in
129 user.setVersion(originalVersion);
130                 
131                 return showForm(request, response, errors);
132             }
133
134             if (!StringUtils.equals(request.getParameter("from"), "list")) {
135                 saveMessage(request, getText("user.saved", user.getFullName(), locale));
136
137                 // return to main Menu
138 return new ModelAndView(new RedirectView("mainMenu.html"));
139             } else {
140                 if (StringUtils.isBlank(request.getParameter("version"))) {
141                     saveMessage(request, getText("user.added", user.getFullName(), locale));
142
143                     // Send an account information e-mail
144 message.setSubject(getText("signup.email.subject", locale));
145                     sendUserMessage(user, getText("newuser.email.message", user.getFullName(), locale),
146                                     RequestUtil.getAppURL(request));
147
148                     return showNewForm(request, response);
149                 } else {
150                     saveMessage(request, getText("user.updated.byAdmin", user.getFullName(), locale));
151                 }
152             }
153         }
154
155         return showForm(request, response, errors);
156     }
157
158     protected ModelAndView showForm(HttpServletRequest JavaDoc request,
159                                     HttpServletResponse JavaDoc response,
160                                     BindException errors)
161     throws Exception JavaDoc {
162         if (request.getRequestURI().indexOf("editProfile") > -1) {
163             // if URL is "editProfile" - make sure it's the current user
164 // reject if username passed in or "list" parameter passed in
165 // someone that is trying this probably knows the AppFuse code
166 // but it's a legitimate bug, so I'll fix it. ;-)
167 if ((request.getParameter("username") != null) || (request.getParameter("from") != null)) {
168                 response.sendError(HttpServletResponse.SC_FORBIDDEN);
169                 log.warn("User '" + request.getRemoteUser() + "' is trying to edit user '" +
170                          request.getParameter("username") + "'");
171
172                 return null;
173             }
174         }
175
176         // prevent ordinary users from calling a GET on editUser.html
177 // unless a bind error exists.
178 if ((request.getRequestURI().indexOf("editUser") > -1) && (!request.isUserInRole(Constants.ADMIN_ROLE) &&
179                 (errors.getErrorCount() == 0) && // be nice to server-side validation for editProfile
180 (request.getRemoteUser() != null))) { // be nice to unit tests
181 response.sendError(HttpServletResponse.SC_FORBIDDEN);
182
183             return null;
184         }
185
186         return super.showForm(request, response, errors);
187     }
188
189     protected Object JavaDoc formBackingObject(HttpServletRequest JavaDoc request)
190     throws Exception JavaDoc {
191         if (!isFormSubmission(request)) {
192             String JavaDoc username = request.getParameter("username");
193
194             // if user logged in with remember me, display a warning that they can't change passwords
195 log.debug("checking for remember me login...");
196
197             AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl();
198             SecurityContext ctx = SecurityContextHolder.getContext();
199
200             if (ctx.getAuthentication() != null) {
201                 Authentication auth = ctx.getAuthentication();
202
203                 if (resolver.isRememberMe(auth)) {
204                     request.getSession().setAttribute("cookieLogin", "true");
205
206                     // add warning message
207 saveMessage(request, getText("userProfile.cookieLogin", request.getLocale()));
208                 }
209             }
210
211             User user = null;
212
213             if (request.getRequestURI().indexOf("editProfile") > -1) {
214                 user = getUserManager().getUserByUsername(request.getRemoteUser());
215             } else if (!StringUtils.isBlank(username) && !"".equals(request.getParameter("version"))) {
216                 user = getUserManager().getUserByUsername(username);
217             } else {
218                 user = new User();
219                 user.addRole(new Role(Constants.USER_ROLE));
220             }
221
222             user.setConfirmPassword(user.getPassword());
223
224             return user;
225         }
226         return super.formBackingObject(request);
227     }
228
229     protected void onBind(HttpServletRequest JavaDoc request, Object JavaDoc command)
230     throws Exception JavaDoc {
231         // if the user is being deleted, turn off validation
232 if (request.getParameter("delete") != null) {
233             super.setValidateOnBinding(false);
234         } else {
235             super.setValidateOnBinding(true);
236         }
237     }
238 }
239
Popular Tags