View Javadoc

1   package org.apache.turbine.modules.actions;
2   
3   /*
4    * Copyright 2001-2005 The Apache Software Foundation.
5    *
6    * Licensed under the Apache License, Version 2.0 (the "License")
7    * you may not use this file except in compliance with the License.
8    * You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  import org.apache.commons.configuration.Configuration;
20  
21  import org.apache.commons.lang.StringUtils;
22  
23  import org.apache.commons.logging.Log;
24  import org.apache.commons.logging.LogFactory;
25  
26  import org.apache.turbine.Turbine;
27  import org.apache.turbine.TurbineConstants;
28  import org.apache.turbine.modules.Action;
29  import org.apache.turbine.om.security.User;
30  import org.apache.turbine.services.security.TurbineSecurity;
31  import org.apache.turbine.util.RunData;
32  import org.apache.turbine.util.security.DataBackendException;
33  import org.apache.turbine.util.security.TurbineSecurityException;
34  
35  /***
36   * This is where we authenticate the user logging into the system
37   * against a user in the database. If the user exists in the database
38   * that users last login time will be updated.
39   *
40   * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
41   * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
42   * @author <a href="mailto:quintonm@bellsouth.net">Quinton McCombs</a>
43   * @version $Id: LoginUser.java 264148 2005-08-29 14:21:04Z henning $
44   */
45  public class LoginUser
46          extends Action
47  {
48      /*** CGI Parameter for the user name */
49      public static final String CGI_USERNAME = "username";
50  
51      /*** CGI Parameter for the password */
52      public static final String CGI_PASSWORD = "password";
53  
54      /*** Logging */
55      private static Log log = LogFactory.getLog(LoginUser.class);
56  
57      /***
58       * Updates the user's LastLogin timestamp, sets their state to
59       * "logged in" and calls RunData.setUser() .  If the user cannot
60       * be authenticated (database error?) the user is assigned
61       * anonymous status and, if tr.props contains a TEMPLATE_LOGIN,
62       * the screenTemplate is set to this, otherwise the screen is set
63       * to SCREEN_LOGIN
64       *
65       * @param     data Turbine information.
66       * @exception TurbineSecurityException could not get instance of the
67       *            anonymous user
68       */
69      public void doPerform(RunData data)
70              throws TurbineSecurityException
71      {
72          String username = data.getParameters().getString(CGI_USERNAME, "");
73          String password = data.getParameters().getString(CGI_PASSWORD, "");
74  
75          if (StringUtils.isEmpty(username))
76          {
77              return;
78          }
79  
80          try
81          {
82              // Authenticate the user and get the object.
83              User user = TurbineSecurity.getAuthenticatedUser(
84                      username, password);
85  
86              // Store the user object.
87              data.setUser(user);
88  
89              // Mark the user as being logged in.
90              user.setHasLoggedIn(Boolean.TRUE);
91  
92              // Set the last_login date in the database.
93              user.updateLastLogin();
94  
95              // This only happens if the user is valid; otherwise, we
96              // will get a valueBound in the User object when we don't
97              // want to because the username is not set yet.  Save the
98              // User object into the session.
99              data.save();
100 
101             /*
102              * If the setPage("template.vm") method has not
103              * been used in the template to authenticate the
104              * user (usually Login.vm), then the user will
105              * be forwarded to the template that is specified
106              * by the "template.home" property as listed in
107              * TR.props for the webapp.
108              */
109 
110         }
111         catch (Exception e)
112         {
113             Configuration conf = Turbine.getConfiguration();
114 
115             if (e instanceof DataBackendException)
116             {
117                 log.error(e);
118             }
119 
120             // Set Error Message and clean out the user.
121             data.setMessage(conf.getString(TurbineConstants.LOGIN_ERROR, ""));
122             data.setUser (TurbineSecurity.getAnonymousUser());
123 
124             String loginTemplate = conf.getString(
125                     TurbineConstants.TEMPLATE_LOGIN);
126 
127             if (StringUtils.isNotEmpty(loginTemplate))
128             {
129                 // We're running in a templating solution
130                 data.setScreenTemplate(loginTemplate);
131             }
132             else
133             {
134                 data.setScreen(conf.getString(TurbineConstants.SCREEN_LOGIN));
135             }
136         }
137     }
138 }