001: /*
002: *
003: * Copyright (c) 2004 SourceTap - www.sourcetap.com
004: *
005: * The contents of this file are subject to the SourceTap Public License
006: * ("License"); You may not use this file except in compliance with the
007: * License. You may obtain a copy of the License at http://www.sourcetap.com/license.htm
008: * Software distributed under the License is distributed on an "AS IS" basis,
009: * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for
010: * the specific language governing rights and limitations under the License.
011: *
012: * The above copyright notice and this permission notice shall be included
013: * in all copies or substantial portions of the Software.
014: *
015: */
016:
017: package com.sourcetap.sfa.security;
018:
019: import java.util.HashMap;
020: import java.util.Map;
021:
022: import javax.servlet.http.HttpServletRequest;
023: import javax.servlet.http.HttpServletResponse;
024: import javax.servlet.http.HttpSession;
025:
026: import org.ofbiz.base.util.Debug;
027: import org.ofbiz.base.util.UtilFormatOut;
028: import org.ofbiz.base.util.UtilMisc;
029: import org.ofbiz.base.util.UtilProperties;
030: import org.ofbiz.content.stats.VisitHandler;
031: import org.ofbiz.entity.GenericDelegator;
032: import org.ofbiz.entity.GenericEntityException;
033: import org.ofbiz.entity.GenericValue;
034: import org.ofbiz.securityext.login.LoginEvents;
035: import org.ofbiz.service.GenericServiceException;
036: import org.ofbiz.service.LocalDispatcher;
037: import org.ofbiz.service.ModelService;
038:
039: import com.sourcetap.sfa.util.UserInfo;
040:
041: /**
042: * DOCUMENT ME!
043: *
044: */
045: public class SFALoginEvents extends LoginEvents {
046:
047: public static final String module = SFALoginEvents.class.getName();
048:
049: /**
050: * DOCUMENT ME!
051: *
052: * @param request
053: * @param response
054: *
055: * @return
056: *
057: * @throws java.rmi.RemoteException
058: * @throws java.io.IOException
059: * @throws javax.servlet.ServletException
060: */
061: public static String login(HttpServletRequest request,
062: HttpServletResponse response) {
063: HttpSession session = request.getSession();
064:
065: String username = request.getParameter("USERNAME");
066: String password = request.getParameter("PASSWORD");
067:
068: if (username == null)
069: username = (String) session.getAttribute("USERNAME");
070: if (password == null)
071: password = (String) session.getAttribute("PASSWORD");
072:
073: if ((username != null)
074: && ("true".equals(UtilProperties.getPropertyValue(
075: "security.properties", "username.lowercase")))) {
076: username = username.toLowerCase();
077: }
078: if ((password != null)
079: && ("true".equals(UtilProperties.getPropertyValue(
080: "security.properties", "password.lowercase")))) {
081: password = password.toLowerCase();
082: }
083:
084: if ("true".equalsIgnoreCase(UtilProperties.getPropertyValue(
085: "security.properties", "login.lock.active"))) {
086: boolean userIdLoggedIn = isLoggedInSession(username,
087: request, false);
088: boolean this UserLoggedIn = isLoggedInSession(username,
089: request, true);
090: if (userIdLoggedIn && !this UserLoggedIn) {
091: request.setAttribute("_ERROR_MESSAGE_",
092: "<b>This user is already logged in.</b><br>");
093: return "error";
094: }
095: }
096:
097: return login(request, response, username, password);
098: }
099:
100: /**
101: * DOCUMENT ME!
102: *
103: * @param request
104: * @param response
105: * @param username
106: * @param password
107: *
108: * @return
109: *
110: * @throws java.rmi.RemoteException
111: * @throws java.io.IOException
112: * @throws javax.servlet.ServletException
113: */
114: public static String login(HttpServletRequest request,
115: HttpServletResponse response, String username,
116: String password) {
117: String errMsg = "";
118: HttpSession session = request.getSession();
119:
120: GenericDelegator delegator = (GenericDelegator) request
121: .getAttribute("delegator");
122:
123: // get the visit id to pass to the userLogin for history
124: String visitId = VisitHandler.getVisitId(session);
125:
126: LocalDispatcher dispatcher = (LocalDispatcher) request
127: .getAttribute("dispatcher");
128: Map result = null;
129: GenericValue userLogin = null;
130:
131: try {
132: result = dispatcher.runSync("userLogin", UtilMisc.toMap(
133: "login.username", username, "login.password",
134: password, "visitId", visitId));
135: } catch (GenericServiceException e) {
136: Debug
137: .logError(e, "Error calling userLogin service",
138: module);
139: request.setAttribute("_ERROR_MESSAGE_",
140: "<b>The following error occurred during login:</b><br>"
141: + e.getMessage());
142: return "error";
143: }
144:
145: if (ModelService.RESPOND_SUCCESS.equals(result
146: .get(ModelService.RESPONSE_MESSAGE))) {
147: userLogin = (GenericValue) result.get("userLogin");
148: Map userLoginSession = (Map) result.get("userLoginSession");
149:
150: if (userLogin != null
151: && hasBasePermission(userLogin, request)) {
152: session.setAttribute("_USER_LOGIN_", userLogin);
153: doBasicLogin(userLogin, request);
154: } else {
155: request
156: .setAttribute("_ERROR_MESSAGE_",
157: "<b>Unable to login in to this application.</b><br>");
158: return "error";
159: }
160:
161: if (userLoginSession != null) {
162: session.setAttribute("userLoginSession",
163: userLoginSession);
164: }
165: } else {
166: errMsg = (String) result.get(ModelService.ERROR_MESSAGE);
167:
168: errMsg = "<b>The following error occurred during login:</b><br>"
169: + errMsg;
170: request.setAttribute("_ERROR_MESSAGE_", errMsg);
171: return "error";
172: }
173:
174: request.setAttribute("_LOGIN_PASSED_", "TRUE");
175: // make sure the autoUserLogin is set to the same and that the client cookie has the correct userLoginId
176:
177: String roleId = "";
178: String accountId = "";
179: String contactName = "";
180:
181: try {
182: HashMap roleMap = new HashMap();
183: roleMap.put("contactId", userLogin.get("partyId"));
184:
185: GenericValue contactGV = delegator.findByPrimaryKey(
186: "Contact", roleMap);
187:
188: if (contactGV == null) {
189: Debug.logWarning("login not associated with a contact",
190: module);
191:
192: return "Login not associated with a contact";
193: } else {
194: roleId = UtilFormatOut.checkNull(contactGV
195: .getString("roleId"));
196:
197: String firstName = (contactGV.getString("firstName") == null) ? ""
198: : contactGV.getString("firstName");
199: String lastName = (contactGV.getString("lastName") == null) ? ""
200: : contactGV.getString("lastName");
201:
202: if (((firstName != null) && !firstName.equals(""))
203: || ((lastName != null) && !lastName.equals(""))) {
204: contactName = firstName + " " + lastName;
205: } else {
206: contactName = username;
207: }
208:
209: accountId = UtilFormatOut.checkNull(contactGV
210: .getString("accountId"));
211: }
212: } catch (GenericEntityException e) {
213: Debug.logError("unable to get role info", module);
214: Debug.logError(e, module);
215: }
216:
217: try {
218: session.setAttribute("partyId", userLogin.get("partyId"));
219: session.setAttribute("userName", request
220: .getParameter("USERNAME"));
221: session.setAttribute("roleId", roleId);
222:
223: // store all user Info related attributes in UserInfo. Eventually this will replace partyId, userName, and roleId above
224: UserInfo userInfo = new UserInfo((String) userLogin
225: .get("partyId"), roleId, request
226: .getParameter("USERNAME"), contactName, accountId);
227: session.setAttribute("userInfo", userInfo);
228:
229: Debug.logVerbose("--> Session Set", module);
230: } catch (Exception e) {
231: Debug.logError(e, module);
232: }
233:
234: return autoLoginSet(request, response);
235: }
236: }
|