MOA-ID Configuration Tool Beta

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2013-08-08 15:50:28 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2013-08-08 15:50:28 +0200
commit: 2337072ac18b66e523818702ba6dce6b462472b1 (patch)
tree: 44482f07d89a6d7ffb57e014185b52a73e6f68d0 /id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action
parent: f7c35a0214cb10cf6f7de031e9e5e73f40e4569d (diff)
download: moa-id-spss-2337072ac18b66e523818702ba6dce6b462472b1.tar.gz
moa-id-spss-2337072ac18b66e523818702ba6dce6b462472b1.tar.bz2
moa-id-spss-2337072ac18b66e523818702ba6dce6b462472b1.zip
3 files changed, 844 insertions, 18 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
new file mode 100644
index 000000000..a8992e6b8
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
@@ -0,0 +1,353 @@
+package at.gv.egovernment.moa.id.configuration.struts.action;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.StringReader;
+import java.io.StringWriter;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.transform.Result;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.log4j.Logger;
+import org.apache.struts2.interceptor.ServletRequestAware;
+import org.apache.struts2.interceptor.ServletResponseAware;
+import org.hibernate.lob.ReaderInputStream;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig;
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.iaik.commons.util.IOUtil;
+
+import com.opensymphony.xwork2.ActionSupport;
+
+import eu.stork.vidp.messages.common.STORKBootstrap;
+
+public class ImportExportAction extends ActionSupport 
+implements ServletRequestAware, ServletResponseAware {
+	
+	private static final Logger log = Logger.getLogger(ImportExportAction.class);
+
+	private static final long serialVersionUID = 1L;
+	private HttpServletRequest request;
+	private HttpServletResponse response;
+	
+	private AuthenticatedUser authUser; 
+	
+	private File fileUpload = null;
+	private String fileUploadContentType = null;
+	private String fileUploadFileName = null;
+	
+	private InputStream fileInputStream;
+	
+	public String init() {
+		
+		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		
+		if (authUserObj != null && authUserObj instanceof AuthenticatedUser) {
+			authUser = (AuthenticatedUser) authUserObj;
+			
+			if (authUser.isAdmin()) {
+								
+				return Constants.STRUTS_SUCCESS;
+				
+			} else {
+				log.info("No access to Import/Export for User with ID" + authUser.getUserID());
+				addActionError(LanguageHelper.getErrorString("errors.notallowed"));
+				return Constants.STRUTS_NOTALLOWED;
+			}
+		}
+		return Constants.STRUTS_REAUTHENTICATE;
+		
+	}
+	
+	public String importLegacyConfig() {
+		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		
+		if (authUserObj != null && authUserObj instanceof AuthenticatedUser) {
+			authUser = (AuthenticatedUser) authUserObj;
+			
+			if (authUser.isAdmin()) {
+			
+				//load legacy config if it is configured
+			
+				if (fileUpload == null) {
+					addActionError(LanguageHelper.getErrorString("errors.importexport.nofile"));
+					return Constants.STRUTS_ERROR_VALIDATION;
+				}
+				
+				//Initialize OpenSAML for STORK
+				log.info("Starting initialization of OpenSAML...");
+				try {
+					STORKBootstrap.bootstrap();
+					
+				} catch (org.opensaml.xml.ConfigurationException e1) {
+					log.info("Legacy configuration has an Import Error", e1);
+					addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e1.getMessage()}));
+					return Constants.STRUTS_ERROR_VALIDATION;
+				}
+				log.debug("OpenSAML successfully initialized");
+				
+			
+				MOAIDConfiguration moaconfig;
+				try {
+					log.warn("WARNING! The legacy import deletes the hole old config");
+					
+					List<OnlineApplication> oas = ConfigurationDBRead.getAllOnlineApplications();
+					if (oas != null && oas.size() > 0) {
+						for (OnlineApplication oa : oas)
+							ConfigurationDBUtils.delete(oa);
+					}
+					
+
+					moaconfig = BuildFromLegacyConfig.build(fileUpload, "");
+					
+				} catch (ConfigurationException e) {
+					log.info("Legacy configuration has an Import Error", e);
+					addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()}));
+					return Constants.STRUTS_ERROR_VALIDATION;
+				}
+					
+				//check if XML config should be use
+				log.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!");
+				try {
+					MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
+					if (moaidconfig != null)
+						ConfigurationDBUtils.delete(moaidconfig);
+			
+					ConfigurationDBUtils.save(moaconfig);
+					
+				} catch (MOADatabaseException e) {
+					log.warn("General MOA-ID config can not be stored in Database");
+					addActionError(e.getMessage());
+					return Constants.STRUTS_ERROR_VALIDATION;
+				}
+				
+				finally {
+					ConfigurationDBUtils.closeSession();
+				}
+				
+				log.info("Legacy Configuration load is completed.");
+				addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success"));
+				return Constants.STRUTS_SUCCESS;
+				
+			} else {
+				log.info("No access to Import/Export for User with ID" + authUser.getUserID());
+				addActionError(LanguageHelper.getErrorString("errors.notallowed"));
+				return Constants.STRUTS_NOTALLOWED;
+			}
+		}
+		return Constants.STRUTS_REAUTHENTICATE;
+	}
+	
+	public String downloadXMLConfig() {
+		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		
+		if (authUserObj != null && authUserObj instanceof AuthenticatedUser) {
+			authUser = (AuthenticatedUser) authUserObj;
+			
+			if (authUser.isAdmin()) {
+							
+				log.info("Write MOA-ID 2.x xml config");
+				JAXBContext jc;
+				try {
+					jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
+		
+					Marshaller m = jc.createMarshaller();
+					m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
+//					File test = new File(xmlconfigout);
+//					m.marshal(moaidconfig, test);
+					MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
+					
+					if (moaidconfig == null) {
+						log.info("No MOA-ID 2.x configruation available");
+						addActionError(LanguageHelper.getErrorString("errors.importexport.export.noconfig"));
+						return Constants.STRUTS_ERROR_VALIDATION;
+					}
+					
+					List<OnlineApplication> oaconfigs = ConfigurationDBRead.getAllOnlineApplications();
+					moaidconfig.setOnlineApplication(oaconfigs);
+					
+					StringWriter writer = new StringWriter();
+					m.marshal(moaidconfig, writer);
+					fileInputStream = IOUtils.toInputStream(writer.toString(), "UTF-8"); 
+					
+				} catch (JAXBException e) {
+					log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e);
+					addActionError(LanguageHelper.getErrorString("errors.importexport.export",
+							new Object[]{e.getMessage()}));
+					return Constants.STRUTS_ERROR_VALIDATION;
+				} catch (IOException e) {
+					log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e);
+					addActionError(LanguageHelper.getErrorString("errors.importexport.export",
+							new Object[]{e.getMessage()}));
+					return Constants.STRUTS_ERROR_VALIDATION;
+				}
+				
+				finally {
+					ConfigurationDBUtils.closeSession();
+				}
+				
+				return Constants.STRUTS_SUCCESS;
+			} else {
+				log.info("No access to Import/Export for User with ID" + authUser.getUserID());
+				addActionError(LanguageHelper.getErrorString("errors.notallowed"));
+				return Constants.STRUTS_NOTALLOWED;
+			}
+		}
+		return Constants.STRUTS_REAUTHENTICATE;
+	}
+	
+	
+	public String importXMLConfig() {
+		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		
+		if (authUserObj != null && authUserObj instanceof AuthenticatedUser) {
+			authUser = (AuthenticatedUser) authUserObj;
+			
+			if (authUser.isAdmin()) {
+				
+				if (fileUpload == null) {
+					addActionError(LanguageHelper.getErrorString("errors.importexport.nofile"));
+					return Constants.STRUTS_ERROR_VALIDATION;
+				}
+				
+				log.warn("WARNING! The XML import deletes the hole old config");
+				
+				List<OnlineApplication> oas = ConfigurationDBRead.getAllOnlineApplications();
+				if (oas != null && oas.size() > 0) {
+					for (OnlineApplication oa : oas)
+						ConfigurationDBUtils.delete(oa);
+				}				
+				MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
+				if (moaidconfig != null)
+					ConfigurationDBUtils.delete(moaidconfig);
+				
+
+				log.info("Load configuration from MOA-ID 2.x XML configuration");
+				
+				try {
+					JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
+					Unmarshaller m = jc.createUnmarshaller(); 
+					MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(fileUpload);
+
+					List<OnlineApplication> importoas = moaconfig.getOnlineApplication();
+					for (OnlineApplication importoa : importoas) {
+						ConfigurationDBUtils.saveOrUpdate(importoa);
+					}
+					
+					moaconfig.setOnlineApplication(null);
+					ConfigurationDBUtils.saveOrUpdate(moaconfig);
+					
+				} catch (Exception e) {
+					log.warn("MOA-ID XML configuration can not be loaded from File.", e);
+					addActionError(LanguageHelper.getErrorString("errors.importexport.import",
+							new Object[]{e.getMessage()}));
+					return Constants.STRUTS_ERROR_VALIDATION;
+					
+				}
+				
+				finally {
+					ConfigurationDBUtils.closeSession();
+				}
+				
+				log.info("XML Configuration load is completed.");
+				addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success"));
+				return Constants.STRUTS_SUCCESS;
+			
+			} else {
+				log.info("No access to Import/Export for User with ID" + authUser.getUserID());
+				addActionError(LanguageHelper.getErrorString("errors.notallowed"));
+				return Constants.STRUTS_NOTALLOWED;
+			}
+		}
+		return Constants.STRUTS_REAUTHENTICATE;
+			
+	}
+	
+	/**
+	 * @return the fileUpload
+	 */
+	public File getFileUpload() {
+		return fileUpload;
+	}
+
+
+
+	/**
+	 * @param fileUpload the fileUpload to set
+	 */
+	public void setFileUpload(File fileUpload) {
+		this.fileUpload = fileUpload;
+	}
+
+
+
+	/**
+	 * @return the fileUploadContentType
+	 */
+	public String getFileUploadContentType() {
+		return fileUploadContentType;
+	}
+
+
+
+	/**
+	 * @param fileUploadContentType the fileUploadContentType to set
+	 */
+	public void setFileUploadContentType(String fileUploadContentType) {
+		this.fileUploadContentType = fileUploadContentType;
+	}
+
+
+
+	/**
+	 * @return the fileUploadFileName
+	 */
+	public String getFileUploadFileName() {
+		return fileUploadFileName;
+	}
+
+
+
+	/**
+	 * @param fileUploadFileName the fileUploadFileName to set
+	 */
+	public void setFileUploadFileName(String fileUploadFileName) {
+		this.fileUploadFileName = fileUploadFileName;
+	}
+
+	/**
+	 * @return the authUser
+	 */
+	public AuthenticatedUser getAuthUser() {
+		return authUser;
+	}
+
+	public void setServletResponse(HttpServletResponse response) {
+		this.response = response;
+	}
+	public void setServletRequest(HttpServletRequest request) {
+		this.request = request;
+	}
+	
+	public InputStream getFileInputStream() {
+		return fileInputStream;
+	}
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
index 4e8e44007..6aeebcf7b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
@@ -1,32 +1,169 @@
 package at.gv.egovernment.moa.id.configuration.struts.action;
 
+import java.util.Date;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
+import org.apache.log4j.Logger;
 import org.apache.struts2.interceptor.ServletRequestAware;
 import org.apache.struts2.interceptor.ServletResponseAware;
 
+import com.opensymphony.xwork2.ActionSupport;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
 import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
+import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator;
+import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
+import at.gv.egovernment.moa.util.MiscUtil;
 
-public class IndexAction implements ServletRequestAware,
+public class IndexAction extends ActionSupport implements ServletRequestAware,
 	ServletResponseAware {
 	
+	private static final Logger log = Logger.getLogger(IndexAction.class);
+	
 	private HttpServletRequest request;
 	private HttpServletResponse response;
 	
+	private String password;
+	private String username;
+	
 	public String start() {
 				
 		return Constants.STRUTS_SUCCESS;
 	}
 	
+	public String authenticate() {
+		
+		String key = null;
+		
+		if (MiscUtil.isNotEmpty(username)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(username, false)) {
+				log.warn("Username contains potentail XSS characters: " + username);
+				addActionError(LanguageHelper.getErrorString("validation.edituser.username.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+				return Constants.STRUTS_ERROR;
+			}
+		} else {
+			log.warn("Username is empty");
+			addActionError(LanguageHelper.getErrorString("validation.edituser.username.empty"));
+			return Constants.STRUTS_ERROR;
+		}
+		
+		if (MiscUtil.isEmpty(password)) {
+			log.warn("Password is empty");
+			addActionError(LanguageHelper.getErrorString("validation.edituser.password.empty"));
+			return Constants.STRUTS_ERROR;
+			
+		} else {
+			key = AuthenticationHelper.generateKeyFormPassword(password);
+			if (key == null) {
+				addActionError(LanguageHelper.getErrorString("validation.edituser.password.valid"));
+				return Constants.STRUTS_ERROR;
+			}
+		}
+		
+		UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(username);
+		if (dbuser == null) {
+			log.warn("Unknown Username");
+			addActionError(LanguageHelper.getErrorString("webpages.index.username.unkown"));
+			return Constants.STRUTS_ERROR;
+			
+		} else {
+			if (!dbuser.isIsActive()) {
+				log.warn("Username " + dbuser.getUsername() + " is not active");
+				addActionError(LanguageHelper.getErrorString("webpages.index.username.notactive"));
+				return Constants.STRUTS_ERROR;
+			}
+			
+			if (!dbuser.getPassword().equals(key)) {
+				log.warn("Username " + dbuser.getUsername() + " use a false password");
+				addActionError(LanguageHelper.getErrorString("webpages.index.password.false"));
+				return Constants.STRUTS_ERROR;
+			}
+			
+			AuthenticatedUser authuser = new AuthenticatedUser(
+					dbuser.getHjid(), 
+					dbuser.getGivenname(), 
+					dbuser.getFamilyname(), 
+					dbuser.getUsername(), 
+					true, 
+					dbuser.isIsAdmin());
+			
+			authuser.setLastLogin(dbuser.getLastLoginItem());
+			
+			dbuser.setLastLoginItem(new Date());
+			
+			try {
+				ConfigurationDBUtils.saveOrUpdate(dbuser);
+				
+			} catch (MOADatabaseException e) {
+				log.warn("UserDatabase communicaton error", e);
+				addActionError(LanguageHelper.getErrorString("error.login"));
+				return Constants.STRUTS_ERROR;
+			}
+			finally {
+				ConfigurationDBUtils.closeSession();
+			}
+			request.getSession().setAttribute(Constants.SESSION_AUTH, authuser);
+			return Constants.STRUTS_SUCCESS;	
+		}
+	}
+	
+	public String logout() {
+		
+		HttpSession session = request.getSession();
+		
+		if (session != null)
+			session.invalidate();
+		
+		return Constants.STRUTS_SUCCESS;
+	}
 	
 	public void setServletResponse(HttpServletResponse arg0) {
 		this.response = arg0;
 	}
 	public void setServletRequest(HttpServletRequest arg0) {
 		this.request =  arg0;
-	}	
+	}
+
+	/**
+	 * @return the password
+	 */
+	public String getPassword() {
+		return password;
+	}
+
+	/**
+	 * @param password the password to set
+	 */
+	public void setPassword(String password) {
+		this.password = password;
+	}
+
+	/**
+	 * @return the username
+	 */
+	public String getUsername() {
+		return username;
+	}
+
+	/**
+	 * @param username the username to set
+	 */
+	public void setUsername(String username) {
+		this.username = username;
+	}
+	
+	
 
 }
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
index 3f4b21fdd..c022d0057 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
@@ -1,51 +1,331 @@
 package at.gv.egovernment.moa.id.configuration.struts.action;
 
+import java.util.ArrayList;
 import java.util.Date;
+import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.log4j.Logger;
 import org.apache.struts2.interceptor.ServletRequestAware;
 import org.apache.struts2.interceptor.ServletResponseAware;
 
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.configuration.Constants;
 import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
+import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom;
+import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator;
+import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 import com.opensymphony.xwork2.ActionSupport;
 
 public class UserManagementAction extends ActionSupport 
 	implements ServletRequestAware, ServletResponseAware {
 	
+	private static final Logger log = Logger.getLogger(UserManagementAction.class);
+	
 	private static final long serialVersionUID = 1L;
 
 	private HttpServletRequest request;
 	private HttpServletResponse response;
+
+	private AuthenticatedUser authUser = null; 
+
+	private List<AuthenticatedUser> userlist = null;
+	private UserDatabaseFrom user = null;
+	
+	private String useridobj = null;
+	private static boolean newUser = false;
 	
-	private AuthenticatedUser authUser; 
+	public String init() {
+		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		
+		if (authUserObj != null && authUserObj instanceof AuthenticatedUser) {
+			authUser = (AuthenticatedUser) authUserObj;
+			
+			if (authUser.isAdmin()) {
+				
+				log.info("Show UserList");
+				
+				List<UserDatabase> dbuserlist = ConfigurationDBRead.getAllUsers();
+				if (dbuserlist != null) {
+					userlist = new ArrayList<AuthenticatedUser>();
+					
+					for (UserDatabase dbuser : dbuserlist) {
+						userlist.add(new AuthenticatedUser(
+								dbuser.getHjid(), 
+								dbuser.getGivenname(), 
+								dbuser.getFamilyname(),
+								dbuser.getUsername(),
+								dbuser.isIsActive(), 
+								dbuser.isIsAdmin()));
+					}
+				}
+				
+				ConfigurationDBUtils.closeSession();
+				return Constants.STRUTS_SUCCESS;
+				
+			} else {
+				log.info("User with ID " + authUser.getUserID() + " is not admin. Show only EditUser Frame");
+				UserDatabase dbuser = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+				if (dbuser == null) {
+					return Constants.STRUTS_REAUTHENTICATE;
+				}
+				user = new UserDatabaseFrom(dbuser);
+				ConfigurationDBUtils.closeSession();
+				return Constants.STRUTS_NOTALLOWED;
+			}
+		}
+		return Constants.STRUTS_REAUTHENTICATE;
+		
+	}
 	
+	public String createuser() {
+		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		
+		if (authUserObj != null && authUserObj instanceof AuthenticatedUser) {
+			authUser = (AuthenticatedUser) authUserObj;
+			
+			if (authUser.isAdmin()) {
+								
+				user = new UserDatabaseFrom();
+				
+				newUser = true;
+				return Constants.STRUTS_SUCCESS;
+				
+			} else {
+				return Constants.STRUTS_NOTALLOWED;
+			}
+		}
+		return Constants.STRUTS_REAUTHENTICATE;
+		
+	}
+	
+	public String edituser() {
+		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		
+		if (authUserObj != null && authUserObj instanceof AuthenticatedUser) {
+			authUser = (AuthenticatedUser) authUserObj;
+			
+			if (authUser.isAdmin()) {
+				long userid = -1;
+				
+				if (!ValidationHelper.validateOAID(useridobj)) {
+					addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request));
+					return Constants.STRUTS_ERROR;
+				}
+				userid = Long.valueOf(useridobj);
+				
+				UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userid);
+				if (dbuser == null) {
+					log.info("No User with ID " + userid + " in Database");;
+					addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request));
+					return Constants.STRUTS_ERROR;
+				}
+				user = new UserDatabaseFrom(dbuser);
+				
+				newUser = false;
+				
+				ConfigurationDBUtils.closeSession();
+				
+				return Constants.STRUTS_SUCCESS;
+				
+			} else {
+				log.info("User with ID " + authUser.getUserID() + " is not admin. Show his own EditUser Frame");
+				UserDatabase dbuser = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+				user = new UserDatabaseFrom(dbuser);
+				return Constants.STRUTS_SUCCESS;
+			}
+		}
+		return Constants.STRUTS_REAUTHENTICATE;
+		
+	}
+	
+	public String saveuser() {
+		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		
+		if (authUserObj != null && authUserObj instanceof AuthenticatedUser) {
+			authUser = (AuthenticatedUser) authUserObj;
+
+			String useridobj = user.getUserID();
+			long userID = -1;
+			if (MiscUtil.isEmpty(useridobj)) {
+				userID = -1;
+				
+			} else {
+				if (!ValidationHelper.validateOAID(useridobj)){
+					log.warn("User with ID " + authUser.getUserID() 
+							+ " would access UserDatabase ID " + useridobj);
+					addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request));
+					return Constants.STRUTS_ERROR;
+				}	
+				userID = Long.valueOf(useridobj);
+			}
+			
+			List<String> errors;
+			UserDatabaseFormValidator validator = new UserDatabaseFormValidator();
+			errors = validator.validate(user, userID);
+
+			if (errors.size() > 0) {
+				log.info("UserDataForm has some erros.");
+				for (String el : errors)
+					addActionError(el);	
+				user.setPassword("");
+				
+				if (MiscUtil.isEmpty(user.getUsername()))
+					newUser = true;
+				
+				return Constants.STRUTS_ERROR_VALIDATION;
+			}
+			
+			if (!authUser.isAdmin()) {
+				if (authUser.getUserID() != userID) {
+					log.warn("User with ID " + authUser.getUserID() 
+							+ " would access UserDatabase Entry " + user.getUsername());
+					addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request));
+					return Constants.STRUTS_ERROR;
+				}
+								
+			}
+
+			String error = saveFormToDB();
+			if (error != null) {
+				log.warn("UserData can not be stored in Database");
+				addActionError(error);
+				return Constants.STRUTS_SUCCESS;
+			}
+			
+			ConfigurationDBUtils.closeSession();
+			return Constants.STRUTS_SUCCESS;
+				
+		}
+		return Constants.STRUTS_REAUTHENTICATE;
+		
+	}
+	
+	public String deleteuser() {
+		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		
+		if (authUserObj != null && authUserObj instanceof AuthenticatedUser) {
+			authUser = (AuthenticatedUser) authUserObj;
+								
+			String useridobj = user.getUserID();
+			long userID = -1;
+			if (MiscUtil.isEmpty(useridobj)) {
+				userID = -1;
+				
+			} else {
+				if (!ValidationHelper.validateOAID(useridobj)){
+					log.warn("User with ID " + authUser.getUserID() 
+							+ " would access UserDatabase ID " + useridobj);
+					addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request));
+					return Constants.STRUTS_ERROR;
+				}	
+				userID = Long.valueOf(useridobj);
+			}
+						
+			if (!authUser.isAdmin()) {
+				if (authUser.getUserID() != userID) {
+					log.warn("User with ID " + authUser.getUserID() 
+							+ " would access UserDatabase Entry " + user.getUsername());
+					addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request));
+					return Constants.STRUTS_ERROR;
+				}
+			}
+			
+			UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID);
+			if (dbuser != null) {
+				dbuser.setOnlineApplication(null);
+				
+				try {
+					ConfigurationDBUtils.saveOrUpdate(dbuser);
+					ConfigurationDBUtils.delete(dbuser);
+					
+				} catch (MOADatabaseException e) {
+					log.warn("UserData can not be deleted from Database");
+					addActionError(e.getMessage());
+					return Constants.STRUTS_SUCCESS;
+				}
+				
+				finally {
+					ConfigurationDBUtils.closeSession();
+				}
+			}
+			
+			ConfigurationDBUtils.closeSession();
+			return Constants.STRUTS_SUCCESS;
+
+		}
+		return Constants.STRUTS_REAUTHENTICATE;
+		
+	}
 	
-	public String createTestUser() throws MOADatabaseException {
+	private String saveFormToDB() {
+		
+		UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(user.getUsername());
 		
-		UserDatabase user = new UserDatabase();
-		user.setBpk("");
-		user.setFamilyname("Max");
-		user.setGivenname("Mustermann");
-		user.setIsActive(true);
-		user.setIsAdmin(false);
-		user.setInstitut("EGIZ");
-		user.setLastLoginItem(new Date());
-		user.setMail("masdf@amfasdf.com");
-		user.setPhone("00660011542");
-		user.setUsername("testuser");
+		if( dbuser == null) {
+			dbuser = new UserDatabase();
+		}
 		
-		ConfigurationDBUtils.save(user);
+		dbuser.setBpk(user.getBpk());
+		dbuser.setFamilyname(user.getFamilyName());
+		dbuser.setGivenname(user.getGivenName());
+		dbuser.setInstitut(user.getInstitut());
+		dbuser.setMail(user.getMail());
+		dbuser.setPhone(user.getPhone());
+		dbuser.setUsername(user.getUsername());
 		
-		return Constants.STRUTS_SUCCESS;
+		if (authUser.isAdmin()) {
+			dbuser.setIsActive(user.isActive());
+			dbuser.setIsAdmin(user.isAdmin());
+		}
+		
+		if (MiscUtil.isNotEmpty(user.getPassword())) {
+			String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword());
+			if (key == null) {
+				return LanguageHelper.getErrorString("errors.edit.user.save");
+			}
+			dbuser.setPassword(key);			
+		}
+
+		
+		try {
+			ConfigurationDBUtils.saveOrUpdate(dbuser);
+		} catch (MOADatabaseException e) {
+			log.warn("User information can not be stored in Database.", e);
+			return LanguageHelper.getErrorString("errors.edit.user.save");
+		}
+		
+		return null;
 	}
 	
+//	public String createTestUser() throws MOADatabaseException {
+//		
+//		UserDatabase user = new UserDatabase();
+//		user.setBpk("");
+//		user.setFamilyname("Max");
+//		user.setGivenname("Mustermann");
+//		user.setIsActive(true);
+//		user.setIsAdmin(false);
+//		user.setInstitut("EGIZ");
+//		user.setLastLoginItem(new Date());
+//		user.setMail("masdf@amfasdf.com");
+//		user.setPhone("00660011542");
+//		user.setUsername("testuser");
+//		
+//		ConfigurationDBUtils.save(user);
+//		
+//		return Constants.STRUTS_SUCCESS;
+//	}
+	
 	
 	public void setServletResponse(HttpServletResponse response) {
 		this.response = response;
@@ -56,7 +336,63 @@ public class UserManagementAction extends ActionSupport
 		this.request = request;
 		
 	}
+
+	/**
+	 * @return the userlist
+	 */
+	public List<AuthenticatedUser> getUserlist() {
+		return userlist;
+	}
+
+	/**
+	 * @param userlist the userlist to set
+	 */
+	public void setUserlist(List<AuthenticatedUser> userlist) {
+		this.userlist = userlist;
+	}
+
+	/**
+	 * @return the user
+	 */
+	public UserDatabaseFrom getUser() {
+		return user;
+	}
+
+	/**
+	 * @param user the user to set
+	 */
+	public void setUser(UserDatabaseFrom user) {
+		this.user = user;
+	}
+
+	/**
+	 * @return the useridobj
+	 */
+	public String getUseridobj() {
+		return useridobj;
+	}
+
+	/**
+	 * @param useridobj the useridobj to set
+	 */
+	public void setUseridobj(String useridobj) {
+		this.useridobj = useridobj;
+	}
+
+	/**
+	 * @return the authUser
+	 */
+	public AuthenticatedUser getAuthUser() {
+		return authUser;
+	}
+
+	/**
+	 * @return the newUser
+	 */
+	public boolean isNewUser() {
+		return newUser;
+	}
+	
 	
 	
-
 }
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2013-08-08 15:50:28 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2013-08-08 15:50:28 +0200
commit	2337072ac18b66e523818702ba6dce6b462472b1 (patch)
tree	44482f07d89a6d7ffb57e014185b52a73e6f68d0 /id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action
parent	f7c35a0214cb10cf6f7de031e9e5e73f40e4569d (diff)
download	moa-id-spss-2337072ac18b66e523818702ba6dce6b462472b1.tar.gz moa-id-spss-2337072ac18b66e523818702ba6dce6b462472b1.tar.bz2 moa-id-spss-2337072ac18b66e523818702ba6dce6b462472b1.zip