/*
* Coefficient - facilitates project based collaboration
* Copyright (C) 2003, Dylan Etkin, CSIR icomtek
* PO Box 395
* Pretoria 0001, RSA
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
package za.org.coefficient.modules.user;
import net.sf.hibernate.Hibernate;
import net.sf.hibernate.HibernateException;
import net.sf.hibernate.type.Type;
import za.org.coefficient.authentication.CoefficientUser;
import za.org.coefficient.core.Constants;
import za.org.coefficient.interfaces.CoefficientContext;
import za.org.coefficient.modules.BaseModule;
import net.sf.hibernate.util.HibernateUtil;
import za.org.coefficient.util.ejb.SecurityUtil;
import za.org.coefficient.util.ejb.VelocityScreenUtil;
import java.util.ArrayList;
import java.util.HashMap;
import org.apache.commons.httpclient.Cookie;
/**
* @pojo2ejb.class
* name="Security"
* jndi-prefix="za/org/coefficient/permanent/"
* interface-extends="za.org.coefficient.interfaces.Module"
* interface-local-extends="za.org.coefficient.interfaces.ModuleLocal"
*
* @web.resource-env-ref
* name="za/org/coefficient/permanent/Security"
* type="za.org.coefficient.modules.user.Security"
* @web.resource-env-ref
* name="Security"
* type="za.org.coefficient.modules.user.Security"
*/
public class Security extends BaseModule {
//~ Methods ================================================================
public String getMainMethod() {
return "loginPrompt";
}
public String getModuleDescription() {
return "This is the module that handles site security";
}
public String getModuleDisplayName() {
return "User Information";
}
public CoefficientContext login(CoefficientContext ctx) {
// since we are changing id first invalidate the session
ctx.invalidateSession();
// Select from users where username and password are what is passed
// in and if found set into the session
CoefficientUser user = null;
String password = ctx.getParameter("password");
String username = ctx.getParameter("username");
try {
if (!ctx.getParameterAsBoolean("hashedPassword")) {
password = new String(SecurityUtil.md5AsHexString(password));
}
ArrayList users =
new ArrayList(HibernateUtil.find("from "
+ CoefficientUser.class.getName()
+ " as pe_user where pe_user.userName = ?"
+ " and pe_user.password = ? and pe_user.active = ?",
new Object[] { username, password, new Boolean(true) },
new Type[] {
Hibernate.STRING, Hibernate.STRING,
Hibernate.BOOLEAN
}));
if (users.size() != 1) {
ctx.setError("Incorrect username/password");
} else {
user = (CoefficientUser) users.get(0);
}
} catch (HibernateException he) {
he.printStackTrace();
}
ctx.setSessionAttribute(Constants.USER_SESSION_STRING, user);
if (!ctx.isError()) {
String rememberMe = ctx.getParameter("rememberMe");
if (rememberMe != null) {
// set a persistent cookie
Cookie usernameCookie = new Cookie(ctx.getRequestURL(),
"coefficient_username", username);
Cookie passwordCookie = new Cookie(ctx.getRequestURL(),
"coefficient_password", password);
usernameCookie.setExpiryDate(new java.util.Date(System.currentTimeMillis() + Integer.MAX_VALUE));
passwordCookie.setExpiryDate(new java.util.Date(System.currentTimeMillis() + Integer.MAX_VALUE));
ctx.setCookie(usernameCookie);
ctx.setCookie(passwordCookie);
}
if (!ctx.getParameterAsBoolean("hashedPassword")) {
ctx.setForward("security", "loginSuccess");
}
}
return ctx;
}
public CoefficientContext loginPrompt(CoefficientContext ctx) {
HashMap map = new HashMap();
map.put("module", this);
map.put("curr_module", ctx.getParameter("module"));
map.put("curr_op", ctx.getParameter("op"));
StringBuffer sb = null;
if (ctx.getCurrentUser() == null) {
sb = VelocityScreenUtil.getProcessedScreen("loginPrompt.vm", map);
} else {
map.put("currentUser", ctx.getCurrentUser());
sb = VelocityScreenUtil.getProcessedScreen("loginDisplayInfo.vm",
map);
}
// Set the html into the context
ctx.setModuleContent(sb.toString(), getModuleDisplayName());
return ctx;
}
public CoefficientContext loginSuccess(CoefficientContext ctx) {
ctx.setModuleContent("login successful!", "Login");
return ctx;
}
public CoefficientContext logout(CoefficientContext ctx) {
ctx.invalidateSession();
Cookie usernameCookie = new Cookie(ctx.getRequestURL(), "coefficient_username", "");
Cookie passwordCookie = new Cookie(ctx.getRequestURL(), "coefficient_password", "");
usernameCookie.setExpiryDate(new java.util.Date(System.currentTimeMillis()));
passwordCookie.setExpiryDate(new java.util.Date(System.currentTimeMillis()));
ctx.setCookie(usernameCookie);
ctx.setCookie(passwordCookie);
if (!ctx.isError()) {
ctx.setForward("security", "logoutSuccess");
}
return ctx;
}
public CoefficientContext logoutSuccess(CoefficientContext ctx) {
ctx.setModuleContent("logout successful!", "Logout");
return ctx;
}
}
|