KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > opencms > jsp > CmsJspLoginBean


1 /*
2  * File : $Source: /usr/local/cvs/opencms/src/org/opencms/jsp/CmsJspLoginBean.java,v $
3  * Date : $Date: 2006/04/28 15:20:52 $
4  * Version: $Revision: 1.20 $
5  *
6  * This library is part of OpenCms -
7  * the Open Source Content Mananagement System
8  *
9  * Copyright (c) 2005 Alkacon Software GmbH (http://www.alkacon.com)
10  *
11  * This library is free software; you can redistribute it and/or
12  * modify it under the terms of the GNU Lesser General Public
13  * License as published by the Free Software Foundation; either
14  * version 2.1 of the License, or (at your option) any later version.
15  *
16  * This library is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19  * Lesser General Public License for more details.
20  *
21  * For further information about Alkacon Software GmbH, please see the
22  * company website: http://www.alkacon.com
23  *
24  * For further information about OpenCms, please see the
25  * project website: http://www.opencms.org
26  *
27  * You should have received a copy of the GNU Lesser General Public
28  * License along with this library; if not, write to the Free Software
29  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
30  */
31
32 package org.opencms.jsp;
33
34 import org.opencms.db.CmsLoginMessage;
35 import org.opencms.file.CmsUser;
36 import org.opencms.i18n.CmsMessageContainer;
37 import org.opencms.main.CmsException;
38 import org.opencms.main.CmsLog;
39 import org.opencms.main.OpenCms;
40 import org.opencms.security.CmsAuthentificationException;
41
42 import java.io.IOException JavaDoc;
43 import java.util.Date JavaDoc;
44
45 import javax.servlet.http.HttpServletRequest JavaDoc;
46 import javax.servlet.http.HttpServletResponse JavaDoc;
47 import javax.servlet.http.HttpSession JavaDoc;
48 import javax.servlet.jsp.PageContext JavaDoc;
49
50 import org.apache.commons.logging.Log;
51
52 /**
53  * Provides convenient wrappers usefull to create user login pages.<p>
54  *
55  * Initialize this bean at the beginning of your JSP like this:
56  * <pre>
57  * &lt;jsp:useBean id="cmslogin" class="org.opencms.jsp.CmsJspLoginBean"&gt;
58  * &lt% cmslogin.init(pageContext, request, response); %&gt;
59  * &lt;/jsp:useBean&gt;
60  * </pre>
61  * <p>
62  *
63  * @author Alexander Kandzior
64  *
65  * @version $Revision: 1.20 $
66  *
67  * @since 6.0.0
68  */
69 public class CmsJspLoginBean extends CmsJspActionElement {
70
71     /** The log object for this class. */
72     private static final Log LOG = CmsLog.getLog(CmsJspLoginBean.class);
73
74     /** Flag to indicate if a login was successful. */
75     private CmsException m_loginException;
76
77     /**
78      * Empty constructor, required for every JavaBean.<p>
79      */
80     public CmsJspLoginBean() {
81
82         // noop, you must call the init() method after you create an instance
83 }
84
85     /**
86      * Constructor, with parameters.<p>
87      *
88      * @param context the JSP page context object
89      * @param req the JSP request
90      * @param res the JSP response
91      */
92     public CmsJspLoginBean(PageContext JavaDoc context, HttpServletRequest JavaDoc req, HttpServletResponse JavaDoc res) {
93
94         super();
95         init(context, req, res);
96     }
97
98     /**
99      * Returns the link to the form that contains the login element.<p>
100      *
101      * @return the link to the form that contains the login element
102      */
103     public String JavaDoc getFormLink() {
104
105         return link(getRequestContext().getUri());
106     }
107
108     /**
109      * Returns the exception that was thrown after login,
110      * or null if no Exception was thrown (i.e. login was successul
111      * or not attempted).<p>
112      *
113      * @return the exception thrown after login
114      */
115     public CmsException getLoginException() {
116
117         return m_loginException;
118     }
119
120     /**
121      * Returns the currently logged in user.<p>
122      *
123      * @return the currently logged in user
124      */
125     public CmsUser getUser() {
126
127         return getRequestContext().currentUser();
128     }
129
130     /**
131      * Returns the username of the currently logged in user.<p>
132      *
133      * @return the username of the currently logged in user
134      */
135     public String JavaDoc getUserName() {
136
137         return getRequestContext().currentUser().getName();
138     }
139
140     /**
141      * Returns true if the current user is not the guest user,
142      * i.e. if he already has logged in with some other user account.<p>
143      *
144      * @return true if the current user is already logged in
145      */
146     public boolean isLoggedIn() {
147
148         return !getCmsObject().getRequestContext().currentUser().isGuestUser();
149     }
150
151     /**
152      * Indicates if a login was successful or not.<p>
153      *
154      * @return true if the login was successful
155      */
156     public boolean isLoginSuccess() {
157
158         return (m_loginException == null);
159     }
160
161     /**
162      * Logs a system user in to OpenCms.<p>
163      *
164      * @param userName the users name
165      * @param password the password
166      */
167     public void login(String JavaDoc userName, String JavaDoc password) {
168
169         login(userName, password, null);
170     }
171
172     /**
173      * Logs a system user into OpenCms.<p>
174      *
175      * Note that if a login project name is provided, this project must exist,
176      * otherwise the login is regarded as a failure even if the user data was correct.<p>
177      *
178      * @param userName the users name
179      * @param password the password
180      * @param projectName the project to switch to after login (if null project is not switched)
181      */
182     public void login(String JavaDoc userName, String JavaDoc password, String JavaDoc projectName) {
183
184         HttpSession JavaDoc session = null;
185         m_loginException = null;
186         try {
187
188             // login the user and create a new session
189 getCmsObject().loginUser(
190                 userName,
191                 password,
192                 getRequestContext().getRemoteAddress(),
193                 CmsUser.USER_TYPE_SYSTEMUSER);
194
195             // make sure we have a new session after login for security reasons
196 session = getRequest().getSession(false);
197             if (session != null) {
198                 session.invalidate();
199             }
200             session = getRequest().getSession(true);
201             if (projectName != null) {
202                 // if this fails, the login is regarded as a failure as well
203 getCmsObject().getRequestContext().setCurrentProject(getCmsObject().readProject(projectName));
204             }
205
206         } catch (CmsException e) {
207             // the login has failed
208 m_loginException = e;
209         }
210         if (m_loginException == null) {
211             // login was successful
212 if (LOG.isInfoEnabled()) {
213                 LOG.info(Messages.get().getBundle().key(
214                     Messages.LOG_LOGIN_SUCCESSFUL_3,
215                     userName,
216                     getRequestContext().addSiteRoot(getRequestContext().getUri()),
217                     getRequestContext().getRemoteAddress()));
218             }
219         } else {
220             // login was not successful
221 if (session != null) {
222                 session.invalidate();
223             }
224
225             if (m_loginException instanceof CmsAuthentificationException) {
226                 // the authentification of the user failed
227
228                 if (org.opencms.security.Messages.ERR_LOGIN_FAILED_DISABLED_3 == m_loginException.getMessageContainer().getKey()) {
229
230                     // the user has been disabled
231 LOG.warn(Messages.get().getBundle().key(
232                         Messages.LOG_LOGIN_FAILED_DISABLED_3,
233                         userName,
234                         getRequestContext().addSiteRoot(getRequestContext().getUri()),
235                         getRequestContext().getRemoteAddress()));
236
237                 } else if (org.opencms.security.Messages.ERR_LOGIN_FAILED_TEMP_DISABLED_5 == m_loginException.getMessageContainer().getKey()) {
238
239                     // the user has been disabled
240 LOG.warn(Messages.get().getBundle().key(
241                         Messages.LOG_LOGIN_FAILED_TEMP_DISABLED_5,
242                         new Object JavaDoc[] {
243                             userName,
244                             getRequestContext().addSiteRoot(getRequestContext().getUri()),
245                             getRequestContext().getRemoteAddress(),
246                             m_loginException.getMessageContainer().getArgs()[3],
247                             m_loginException.getMessageContainer().getArgs()[4]}));
248
249                 } else if (org.opencms.security.Messages.ERR_LOGIN_FAILED_NO_USER_3 == m_loginException.getMessageContainer().getKey()) {
250
251                     // the requested user does not exist in the database
252 LOG.warn(Messages.get().getBundle().key(
253                         Messages.LOG_LOGIN_FAILED_NO_USER_3,
254                         userName,
255                         getRequestContext().addSiteRoot(getRequestContext().getUri()),
256                         getRequestContext().getRemoteAddress()));
257
258                 } else if (org.opencms.security.Messages.ERR_LOGIN_FAILED_WITH_MESSAGE_1 == m_loginException.getMessageContainer().getKey()) {
259
260                     // logins have been disabled by the administration
261 long endTime = CmsLoginMessage.DEFAULT_TIME_END;
262                     if (OpenCms.getLoginManager().getLoginMessage() != null) {
263                         endTime = OpenCms.getLoginManager().getLoginMessage().getTimeEnd();
264                     }
265                     LOG.info(Messages.get().getBundle().key(
266                         Messages.LOG_LOGIN_FAILED_WITH_MESSAGE_4,
267                         new Object JavaDoc[] {
268                             userName,
269                             getRequestContext().addSiteRoot(getRequestContext().getUri()),
270                             getRequestContext().getRemoteAddress(),
271                             new Date JavaDoc(endTime)}));
272
273                 } else {
274
275                     // the user exists, so the password must have been wrong
276 CmsMessageContainer message = Messages.get().container(
277                         Messages.LOG_LOGIN_FAILED_3,
278                         userName,
279                         getRequestContext().addSiteRoot(getRequestContext().getUri()),
280                         getRequestContext().getRemoteAddress());
281                     if (userName.equalsIgnoreCase(OpenCms.getDefaultUsers().getUserAdmin())) {
282                         // someone tried to log in as "Admin", log this in a higher channel
283 LOG.error(message.key());
284                     } else {
285                         LOG.warn(message.key());
286                     }
287                 }
288             } else {
289                 // the error was database related, there may be an issue with the setup
290 // write the exception to the log as well
291 LOG.error(Messages.get().getBundle().key(
292                     Messages.LOG_LOGIN_FAILED_DB_REASON_3,
293                     userName,
294                     getRequestContext().addSiteRoot(getRequestContext().getUri()),
295                     getRequestContext().getRemoteAddress()), m_loginException);
296             }
297         }
298     }
299
300     /**
301      * Logs a system user in to OpenCms.<p>
302      *
303      * Note that if a login project name is provided, this project must exist,
304      * otherwise the login is regarded as a failure even if the user data was correct.<p>
305      *
306      * @param userName the users name
307      * @param password the password
308      * @param projectName the project to switch to after login (if null project is not switched)
309      * @param redirectUri the URI to redirect to after login (if null the current URI is used)
310      *
311      * @throws IOException in case redirect after login was not successful
312      */
313     public void login(String JavaDoc userName, String JavaDoc password, String JavaDoc projectName, String JavaDoc redirectUri) throws IOException JavaDoc {
314
315         login(userName, password, projectName);
316         if (m_loginException == null) {
317             if (redirectUri != null) {
318                 getResponse().sendRedirect(
319                     OpenCms.getLinkManager().substituteLink(getCmsObject(), redirectUri, null, true));
320             } else {
321                 getResponse().sendRedirect(getFormLink());
322             }
323         }
324     }
325
326     /**
327      * Logs a user out, i.e. destroys the current users session,
328      * after that the current page will be redirected to itself one time to ensure that
329      * the users session is truly destroyed.<p>
330      *
331      * @throws IOException if redirect after logout fails
332      */
333     public void logout() throws IOException JavaDoc {
334
335         HttpSession JavaDoc session = getRequest().getSession(false);
336         if (session != null) {
337             session.invalidate();
338         }
339         // logout was successful
340 if (LOG.isInfoEnabled()) {
341             LOG.info(Messages.get().getBundle().key(
342                 Messages.LOG_LOGOUT_SUCCESFUL_3,
343                 getRequestContext().currentUser().getName(),
344                 getRequestContext().addSiteRoot(getRequestContext().getUri()),
345                 getRequestContext().getRemoteAddress()));
346         }
347         getResponse().sendRedirect(getFormLink());
348     }
349 }
Popular Tags