001: /* ====================================================================
002: * The Jcorporate Apache Style Software License, Version 1.2 05-07-2002
003: *
004: * Copyright (c) 1995-2002 Jcorporate Ltd. All rights reserved.
005: *
006: * Redistribution and use in source and binary forms, with or without
007: * modification, are permitted provided that the following conditions
008: * are met:
009: *
010: * 1. Redistributions of source code must retain the above copyright
011: * notice, this list of conditions and the following disclaimer.
012: *
013: * 2. Redistributions in binary form must reproduce the above copyright
014: * notice, this list of conditions and the following disclaimer in
015: * the documentation and/or other materials provided with the
016: * distribution.
017: *
018: * 3. The end-user documentation included with the redistribution,
019: * if any, must include the following acknowledgment:
020: * "This product includes software developed by Jcorporate Ltd.
021: * (http://www.jcorporate.com/)."
022: * Alternately, this acknowledgment may appear in the software itself,
023: * if and wherever such third-party acknowledgments normally appear.
024: *
025: * 4. "Jcorporate" and product names such as "Expresso" must
026: * not be used to endorse or promote products derived from this
027: * software without prior written permission. For written permission,
028: * please contact info@jcorporate.com.
029: *
030: * 5. Products derived from this software may not be called "Expresso",
031: * or other Jcorporate product names; nor may "Expresso" or other
032: * Jcorporate product names appear in their name, without prior
033: * written permission of Jcorporate Ltd.
034: *
035: * 6. No product derived from this software may compete in the same
036: * market space, i.e. framework, without prior written permission
037: * of Jcorporate Ltd. For written permission, please contact
038: * partners@jcorporate.com.
039: *
040: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
041: * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
042: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
043: * DISCLAIMED. IN NO EVENT SHALL JCORPORATE LTD OR ITS CONTRIBUTORS
044: * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
045: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
046: * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
047: * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
048: * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
049: * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
050: * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
051: * SUCH DAMAGE.
052: * ====================================================================
053: *
054: * This software consists of voluntary contributions made by many
055: * individuals on behalf of the Jcorporate Ltd. Contributions back
056: * to the project(s) are encouraged when you make modifications.
057: * Please send them to support@jcorporate.com. For more information
058: * on Jcorporate Ltd. and its products, please see
059: * <http://www.jcorporate.com/>.
060: *
061: * Portions of this software are based upon other open source
062: * products and are subject to their respective licenses.
063: */
064: package com.jcorporate.expresso.services.validation;
065:
066: import com.jcorporate.expresso.core.controller.Controller;
067: import com.jcorporate.expresso.core.controller.ControllerException;
068: import com.jcorporate.expresso.core.controller.ControllerRequest;
069: import com.jcorporate.expresso.core.controller.ControllerResponse;
070: import com.jcorporate.expresso.core.controller.NonHandleableException;
071: import com.jcorporate.expresso.core.controller.Transition;
072: import com.jcorporate.expresso.core.db.DBException;
073: import com.jcorporate.expresso.core.i18n.Messages;
074: import com.jcorporate.expresso.core.security.User;
075: import com.jcorporate.expresso.services.dbobj.RegistrationDomain;
076: import com.jcorporate.expresso.services.dbobj.Setup;
077: import org.apache.log4j.Logger;
078:
079: import java.util.Hashtable;
080: import java.util.StringTokenizer;
081: import java.util.Vector;
082:
083: /**
084: * This class is a helper class that allows the LoginController controller to
085: * authorize or deny a registration request
086: *
087: * @author Shash Chatterjee
088: * @version $Revision: 1.19 $ $Date: 2004/11/17 20:48:22 $
089: * @see com.jcorporate.expresso.services.controller.LoginController
090: * @since Expresso 5.0
091: */
092: public class ApproveRegistrationValidator implements ValidationHandler {
093: /**
094: *
095: */
096: protected static Logger log = Logger
097: .getLogger(ApproveRegistrationValidator.class);
098:
099: /**
100: * Default constructor Creation date: (9/23/2001 2:23:06 PM) Author: Shash
101: * Chatterjee
102: */
103: public ApproveRegistrationValidator() {
104: super ();
105: }
106:
107: /**
108: * This method is used to send administrators of a registration domain an
109: * email notifying that a user registered and requires approval. This
110: * method is called by ValidationJob when a new validation request is
111: * submitted. Creation date: (9/23/2001 2:24:30 PM) Author: Shash
112: * Chatterjee
113: *
114: * @param params params All the application-specific parameters from
115: * LoginController
116: * @param URL URL The link that the user will click on to validate the
117: * request
118: * @throws AuthValidationException AuthValidationException
119: * @see com.jcorporate.expresso.services.job.ValidationJob
120: */
121: public void notify(Hashtable params, String URL)
122: throws AuthValidationException {
123: // The db context for the user (Note: this is different from the Validation entry context, which
124: // could very well be in a different DB context)
125: String dbName = (String) params.get("db");
126:
127: // The login name of the user
128: String loginName = (String) params.get("UserName");
129: Vector addresses = new Vector(0);
130:
131: try {
132: // Create the list of addresses to notify, in this case just the user
133: User myUser = new User();
134: myUser.setDataContext(dbName);
135: myUser.setLoginName(loginName);
136:
137: if (!myUser.find()) {
138: throw new AuthValidationException("User with login \""
139: + loginName + "\" not found");
140: }
141:
142: RegistrationDomain rd = new RegistrationDomain();
143: rd.setDataContext(dbName);
144: rd.setField("Name", myUser.getRegistrationDomain());
145:
146: if (!rd.find()) {
147: throw new AuthValidationException(
148: "Registration domain \""
149: + myUser.getRegistrationDomain()
150: + "\" not found");
151: }
152:
153: String approvers = rd.getField("Approvers");
154: StringTokenizer stk = new StringTokenizer(approvers, ",");
155:
156: while (stk.hasMoreTokens()) {
157: String approverLoginName = stk.nextToken();
158: User approver = new User();
159: approver.setDataContext(dbName);
160: approver.setLoginName(approverLoginName);
161:
162: if (!approver.find()) {
163: throw new AuthValidationException(
164: "Approver (user) with login name \""
165: + approverLoginName
166: + "\" cannot be found");
167: }
168:
169: addresses.add(approver.getEmail());
170: }
171:
172: StringBuffer msg = new StringBuffer();
173: msg.append("User \"" + loginName
174: + "\" requires approval for domain \""
175: + rd.getField("Name") + "\".\n");
176: msg
177: .append("\nPlease approve or deny by clicking on link below:\n");
178: msg.append(URL);
179:
180: // Send email notification
181: ValidationEntry.notifyByEmail(dbName, Setup.getValue(
182: dbName, "MAILFrom"), addresses,
183: "Registration Approval Requested", msg.toString());
184: } catch (DBException dbe) {
185: throw new AuthValidationException(
186: "DB error accessing user \"" + loginName + "\"",
187: dbe);
188: }
189: }
190:
191: /**
192: * This method is used after the approver is validated. This method simply
193: * transitions back to a state of the LoginController This method is
194: * called by ValidationController after a validation code matches that
195: * stored in the validation entry. Creation date: (9/23/2001 2:24:30 PM)
196: * Author: Shash Chatterjee
197: *
198: * @param params params All the application-specific parameters from
199: * LoginController
200: * @param request the ControllerRequest object
201: * @param response response The controller response from the
202: * runValidationState of ValidationController
203: * @param ctlr ctlr The ValidationController instance
204: * @return A ControllerResponse object
205: * @throws ControllerException ControllerException
206: * @see com.jcorporate.expresso.services.controller.ValidationController
207: */
208: public ControllerResponse validated(Hashtable params,
209: ControllerRequest request, ControllerResponse response,
210: Controller ctlr) throws ControllerException,
211: NonHandleableException {
212: // The db context for the user (Note: this is different from the Validation entry context, which
213: // could very well be in a different DB context)
214: String dbname = (String) params.get("db");
215:
216: // The login name of the user
217: String loginName = (String) params.get("UserName");
218:
219: Transition t = new Transition();
220: t.setControllerObject((String) params
221: .get("RegistrationController"));
222: t.setState("promptApproval");
223: t.setName("promptApproval");
224: t.addParam("db", dbname);
225: t.addParam("UserName", loginName);
226:
227: //
228: //Here we save the validation entry from the request to the session so
229: //that after the redirect, the Administrator can decide to postpone his
230: //decision and still leave the validation link available.
231: //
232: request.getSession().setPersistentAttribute(
233: ValidationEntry.SESSION_KEY,
234: request.getSession().getAttribute(
235: ValidationEntry.SESSION_KEY));
236:
237: t.redirectTransition(request, response);
238:
239: return response;
240: }
241:
242: /**
243: * Convenience version of the above with no arguments.
244: *
245: * @param stringCode the string to retrieve
246: * @return The local-language string corresponding to the given code to
247: * return the local language by considering the user as well.
248: */
249: protected String getString(String stringCode) {
250: Object[] args = {};
251:
252: return Messages.getString(
253: "com.jcorporate.expresso.core.ExpressoSchema",
254: stringCode, args);
255: }
256:
257: /* getString(String) */
258:
259: /**
260: * Pass on a call to retrieve an appropriate localized string from the
261: * correct Schema object. This version of the call is overridden with more
262: * sophisticated versions in DBController (which knows the user id) to
263: * return the local language by considering the user as well.
264: *
265: * @param stringCode the string to retrieve
266: * @param args the formatting arguments
267: * @return java.lang.String
268: */
269: protected String getString(String stringCode, Object[] args) {
270: return Messages.getString(
271: "com.jcorporate.expresso.core.ExpressoSchema",
272: stringCode, args);
273: }
274: /* getString(String, Object[]) */
275: }
|