| com.jcorporate.expresso.core.controller.Controller
 com.jcorporate.expresso.core.controller.DBController
com.jcorporate.expresso.services.controller.LoginController
All known Subclasses: com.jcorporate.expresso.services.controller.SimpleLoginController,
| LoginController | | abstract public class LoginController extends DBController (Code) | | Main Login Controller - used for login/logout and basic interaction with
the registration system. This class recognizes the 'registration' classHandler
name in the expresso-config.xml It uses the classname in that field to
construct and forward to the appropriate registration class.
Creation date: (5/12/2001 6:36:41 PM)
author:
Shash Chatterjee |
| Method Summary | |
| protected int | attemptLogin(ControllerRequest request, ControllerResponse response, ErrorCollection errors, HttpServletRequest hreq, HttpServletResponse hres, PersistentSession session)
Processes the login request. | | protected void | delayLogin()
Function called to suspend thread execution for x many seconds before
offering a retry to login. | | public Controller | getDefaultLoginController()
Prefereable method to call if you already have a controller instance. | | public Controller | getDefaultRegistrationController()
Prefereable method to call if you already have a controller instance. | | public static Controller | getLoginController()
Gets the Login controller based upon the classhandler or the
default.... | | public void | logInvalidLoginAttempt(String msg, ControllerRequest request)
Does a warning log to log the invalid login request. | | public void | postLoginProcessing(ControllerRequest request, ControllerResponse response)
Override this class to do some post processing in your derived controllers. | | public static void | setCookie(String userName, String password, HttpServletResponse res, boolean clear, String dbname)
Set a long-life cookie on the client side that records the login
information, so the user does not have to log in again
next time they begin a session. | | public static void | setPersistentLoginAttributes(ControllerRequest request, String loginName)
after successful authentication, set all the necessary parameters in session
this method is useful when integrating into different authentication system.
override Controller.perform, and after doing non-expresso authentication in
that override, call this static method,
then proceed with the standard Controller.perform, and expresso will pick
up the login values specified here.
this method made static 3/03 in order to allow external authentication;
should be changed to plug-in model when available in v. | | public boolean | stateAllowed(String newState, ControllerRequest params)
|
| CLASS_HANDLER_NAME | | final public static String CLASS_HANDLER_NAME(Code) | | |
| DEFAULT_CLASS_NAME | | final public static String DEFAULT_CLASS_NAME(Code) | | |
| LOGINNAME_COOKIE | | final public static String LOGINNAME_COOKIE(Code) | | |
| PASSWORD_COOKIE | | final public static String PASSWORD_COOKIE(Code) | | |
| LoginController | | public LoginController()(Code) | | LoginController constructor. Sets all the states and parameters
for the system.
|
| attemptLogin | | protected int attemptLogin(ControllerRequest request, ControllerResponse response, ErrorCollection errors, HttpServletRequest hreq, HttpServletResponse hres, PersistentSession session) throws ControllerException, NonHandleableException, DBException(Code) | | Processes the login request. Sets the errors collection if there's
a problem with the login. This method expects the HttpServletRequest to have
two parameters, LoginName and Password
Parameters:
request - The ControllerRequest handed off to a controller by theframework
Parameters:
response - The ControllerResponse object
Parameters:
errors - The system fills out the errors collection if thereare problems with the login itself.
Parameters:
hreq - The "low level" version of ControllerRequest. Allows directaccess to http components.
Parameters:
hres - The "low level" version of ControllerResponse. Allows directaccess to the http HttpServletResponse.
Parameters:
session - The PersistantSession object to write the CurrentLogin response to the uid of the user if successfully logged in
throws:
ControllerException - upon logic error
throws:
NonHandleableException - upon a fatal error
throws:
DBException - if there is database lookup problems |
| delayLogin | | protected void delayLogin()(Code) | | Function called to suspend thread execution for x many seconds before
offering a retry to login. Helps to slow down brute force attacks.
[a 40,000 word dictionary attack prolonged by 3 seconds a piece
adds potentially 33 hours to the attack time. Yes this can be partially bypassed
through simultaneous requests, but it still adds significant reponse time]
|
| getDefaultLoginController | | public Controller getDefaultLoginController() throws ControllerException(Code) | | Prefereable method to call if you already have a controller instance. Use
it instead of getLoginController to use the Schema as your source of
login controllers
The Controller Object that is a registration controller
throws:
ControllerException - if an error occurs instantiating the controllerobject |
| getDefaultRegistrationController | | public Controller getDefaultRegistrationController() throws ControllerException(Code) | | Prefereable method to call if you already have a controller instance. Use
it instead of getRegistrationController to use the Schema as your source of
login controllers
The Controller Object that is a registration controller
throws:
ControllerException - if an error occurs instantiating the controllerobject |
| getLoginController | | public static Controller getLoginController() throws ControllerException(Code) | | Gets the Login controller based upon the classhandler or the
default....
an instantiated LoginController
throws:
ControllerException - if there's an error instantiating the LoginController |
| logInvalidLoginAttempt | | public void logInvalidLoginAttempt(String msg, ControllerRequest request)(Code) | | Does a warning log to log the invalid login request. Also logs the
remote IP Address.
Parameters:
msg - The main message to log.
Parameters:
request - If it happens to be a ServletControllerRequest |
| postLoginProcessing | | public void postLoginProcessing(ControllerRequest request, ControllerResponse response) throws ControllerException(Code) | | Override this class to do some post processing in your derived controllers.
Parameters:
request - The ControllerRequest Object
Parameters:
response - The ControllerResponse Object
throws:
ControllerException - upon error processing the post login information |
| setCookie | | public static void setCookie(String userName, String password, HttpServletResponse res, boolean clear, String dbname) throws ControllerException(Code) | | Set a long-life cookie on the client side that records the login
information, so the user does not have to log in again
next time they begin a session. CAN BE A SERIOUS SECURITY
RISK - Only used when the PC is physically secured or when the network
login is required and prevents others from using the same browser cookies
this method made static 3/03 in order to allow external authentication;
should be changed to plug-in model when available in v. 5.4 and thereafter
Parameters:
userName - User name to save in cookie
Parameters:
password - Password to save in cookie
Parameters:
res - Standard response object
Parameters:
clear - Should the cookies be cleared instead?
Parameters:
dbname - The data context to set the login for.
throws:
ControllerException - if a database error occurs |
| setPersistentLoginAttributes | | public static void setPersistentLoginAttributes(ControllerRequest request, String loginName) throws ControllerException(Code) | | after successful authentication, set all the necessary parameters in session
this method is useful when integrating into different authentication system.
override Controller.perform, and after doing non-expresso authentication in
that override, call this static method,
then proceed with the standard Controller.perform, and expresso will pick
up the login values specified here.
this method made static 3/03 in order to allow external authentication;
should be changed to plug-in model when available in v. 5.1 and thereafter
Parameters:
request - The ControllerRequest object for this request
Parameters:
loginName - the login name which has been (potentially) corrected to match case in DB, even if DB matches on any lower/upper case
throws:
ControllerException - upon error |
| stateAllowed | | public boolean stateAllowed(String newState, ControllerRequest params) throws ControllerException(Code) | | Override the normal stateAllowed method to always allow
access to this controller for certain states - otherwise no-one can ever log in :-)
Parameters:
newState - the state to transition to.
Parameters:
params - The controllerRequest object true if the state is allowed for the currently logged in user.
throws:
ControllerException - if there is an error while looking up the sercurity permissions |
| Methods inherited from com.jcorporate.expresso.core.controller.Controller | protected void addFinalState(State newFinalState) throws NonHandleableException(Code)(Java Doc)
protected void addPromptTransitions(State nextState, ControllerResponse response) throws ControllerException(Code)(Java Doc)
protected void addRegDomainParamtoSession(HttpServletRequest req, ControllerRequest creq, String regDomain) throws ControllerException(Code)(Java Doc)
protected void addRequestedURLtoSession(HttpServletRequest req, ControllerRequest creq) throws ControllerException(Code)(Java Doc)
protected void addState(State newState)(Code)(Java Doc)
protected void addStatePairing(State promptState, State handleState, String stateFormClass) throws NonHandleableException(Code)(Java Doc)
protected void endTimer(long beginTimer, HttpServletRequest request)(Code)(Java Doc)
public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException(Code)(Java Doc)
protected ActionForm findControllerForm(ControllerRequest request) throws ControllerException(Code)(Java Doc)
protected String generateToken(ControllerRequest request)(Code)(Java Doc)
protected ActionForward getActionForward(ServletControllerRequest req, ActionConfig mapping, ControllerResponse res) throws NonHandleableException, ControllerException(Code)(Java Doc)
protected Transition getControllerChainingTransition()(Code)(Java Doc)
protected Transition getControllerSecurityTransition()(Code)(Java Doc)
public State getFinalState()(Code)(Java Doc)
public String getInitialState()(Code)(Java Doc)
public synchronized Logger getLogger()(Code)(Java Doc)
public static String[] getParamValues(ServletControllerRequest request, String paramName)(Code)(Java Doc)
protected String getRequestURL(HttpServletRequest req)(Code)(Java Doc)
final protected String getSchema()(Code)(Java Doc)
public synchronized Stack getSchemaHierarchy()(Code)(Java Doc)
protected Schema getSchemaInstance()(Code)(Java Doc)
public synchronized Stack getSchemaStack()(Code)(Java Doc)
final public State getState(String stateName)(Code)(Java Doc)
final public Hashtable getStates()(Code)(Java Doc)
protected String getString(String stringCode)(Code)(Java Doc)
protected String getString(String stringCode, Object[] args)(Code)(Java Doc)
public String getTitle()(Code)(Java Doc)
protected void handleException(HttpServletRequest req, ControllerRequest creq, String dbName, String userName, Throwable theException) throws ServletException(Code)(Java Doc)
public static synchronized Controller instantiate(String className) throws ControllerException(Code)(Java Doc)
protected boolean isFinalState(String newState)(Code)(Java Doc)
protected boolean isHandleState(State nextState)(Code)(Java Doc)
protected boolean isPromptState(State nextState)(Code)(Java Doc)
protected boolean isTokenValid(ControllerRequest request)(Code)(Java Doc)
protected StateForm loadStateForm(State nextState, ActionForm controllerForm) throws ControllerException(Code)(Java Doc)
public ControllerResponse newState(String newState, ControllerRequest myRequest) throws ControllerException, NonHandleableException(Code)(Java Doc)
protected String nextHandleState(State nextState)(Code)(Java Doc)
protected String nextPromptState(State nextState)(Code)(Java Doc)
protected void populateStateForm(StateForm stateForm, ControllerRequest request) throws ControllerException(Code)(Java Doc)
protected void postPerform(State nextState, ControllerRequest request, ControllerResponse response) throws ControllerException(Code)(Java Doc)
protected void prePerform(State nextState, ControllerRequest request, ControllerResponse response) throws ControllerException(Code)(Java Doc)
protected String previousPromptState(State nextState)(Code)(Java Doc)
protected void processRequestTransitions(State nextState, ControllerRequest request) throws ControllerException(Code)(Java Doc)
protected Transition processTransitions(ControllerRequest request, ControllerResponse response, State nextState) throws ControllerException, NonHandleableException(Code)(Java Doc)
protected void redirectRequest(HttpServletResponse response, String redirectURL) throws IOException(Code)(Java Doc)
public void redirectRequest(ControllerRequest request, ControllerResponse response, String redirectURL) throws IOException(Code)(Java Doc)
protected ForwardConfig remapFromExtension(ForwardConfig fwd, ActionConfig mapping, ServletControllerRequest req) throws ControllerException(Code)(Java Doc)
protected void resetToken(ControllerRequest request)(Code)(Java Doc)
protected void saveToken(ControllerRequest request)(Code)(Java Doc)
protected void setControllerChainingTransition(Transition newControllerChainingTransition) throws NonHandleableException(Code)(Java Doc)
protected void setControllerSecurityTransition(Transition newControllerSecurityTransition)(Code)(Java Doc)
public ControllerResponse setCurrentState(String newState, ControllerRequest params) throws ControllerException, NonHandleableException(Code)(Java Doc)
public void setInitialState(String newInitialState)(Code)(Java Doc)
protected void setSchema(String schemaClass)(Code)(Java Doc)
protected void setSchema(Class schemaClass)(Code)(Java Doc)
public void setupDefaultValues(String dbName) throws DBException(Code)(Java Doc)
protected void setupReturnToSender(State nextState, ControllerRequest request) throws ControllerException(Code)(Java Doc)
protected synchronized void setupSubclassLog()(Code)(Java Doc)
public boolean stateAllowed(String newState, ControllerRequest params) throws ControllerException(Code)(Java Doc)
protected void transition(String newState, ControllerRequest req, ControllerResponse res) throws ControllerException, NonHandleableException(Code)(Java Doc)
protected void transition(String newState, Class externalController, ControllerRequest req, ControllerResponse res) throws ControllerException, NonHandleableException(Code)(Java Doc)
protected void transition(String newState, ControllerRequest req, ControllerResponse res, boolean clear) throws ControllerException, NonHandleableException(Code)(Java Doc)
protected void unloadStateForm(StateForm stateForm, ActionForm controllerForm) throws ControllerException(Code)(Java Doc)
|
|
|