diff options
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java')
-rw-r--r-- | id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java | 141 |
1 files changed, 139 insertions, 2 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java index 4e8e44007..6aeebcf7b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java @@ -1,32 +1,169 @@ package at.gv.egovernment.moa.id.configuration.struts.action; +import java.util.Date; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import org.apache.log4j.Logger; import org.apache.struts2.interceptor.ServletRequestAware; import org.apache.struts2.interceptor.ServletResponseAware; +import com.opensymphony.xwork2.ActionSupport; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator; +import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.util.MiscUtil; -public class IndexAction implements ServletRequestAware, +public class IndexAction extends ActionSupport implements ServletRequestAware, ServletResponseAware { + private static final Logger log = Logger.getLogger(IndexAction.class); + private HttpServletRequest request; private HttpServletResponse response; + private String password; + private String username; + public String start() { return Constants.STRUTS_SUCCESS; } + public String authenticate() { + + String key = null; + + if (MiscUtil.isNotEmpty(username)) { + if (ValidationHelper.containsPotentialCSSCharacter(username, false)) { + log.warn("Username contains potentail XSS characters: " + username); + addActionError(LanguageHelper.getErrorString("validation.edituser.username.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("Username is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.username.empty")); + return Constants.STRUTS_ERROR; + } + + if (MiscUtil.isEmpty(password)) { + log.warn("Password is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.password.empty")); + return Constants.STRUTS_ERROR; + + } else { + key = AuthenticationHelper.generateKeyFormPassword(password); + if (key == null) { + addActionError(LanguageHelper.getErrorString("validation.edituser.password.valid")); + return Constants.STRUTS_ERROR; + } + } + + UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(username); + if (dbuser == null) { + log.warn("Unknown Username"); + addActionError(LanguageHelper.getErrorString("webpages.index.username.unkown")); + return Constants.STRUTS_ERROR; + + } else { + if (!dbuser.isIsActive()) { + log.warn("Username " + dbuser.getUsername() + " is not active"); + addActionError(LanguageHelper.getErrorString("webpages.index.username.notactive")); + return Constants.STRUTS_ERROR; + } + + if (!dbuser.getPassword().equals(key)) { + log.warn("Username " + dbuser.getUsername() + " use a false password"); + addActionError(LanguageHelper.getErrorString("webpages.index.password.false")); + return Constants.STRUTS_ERROR; + } + + AuthenticatedUser authuser = new AuthenticatedUser( + dbuser.getHjid(), + dbuser.getGivenname(), + dbuser.getFamilyname(), + dbuser.getUsername(), + true, + dbuser.isIsAdmin()); + + authuser.setLastLogin(dbuser.getLastLoginItem()); + + dbuser.setLastLoginItem(new Date()); + + try { + ConfigurationDBUtils.saveOrUpdate(dbuser); + + } catch (MOADatabaseException e) { + log.warn("UserDatabase communicaton error", e); + addActionError(LanguageHelper.getErrorString("error.login")); + return Constants.STRUTS_ERROR; + } + finally { + ConfigurationDBUtils.closeSession(); + } + request.getSession().setAttribute(Constants.SESSION_AUTH, authuser); + return Constants.STRUTS_SUCCESS; + } + } + + public String logout() { + + HttpSession session = request.getSession(); + + if (session != null) + session.invalidate(); + + return Constants.STRUTS_SUCCESS; + } public void setServletResponse(HttpServletResponse arg0) { this.response = arg0; } public void setServletRequest(HttpServletRequest arg0) { this.request = arg0; - } + } + + /** + * @return the password + */ + public String getPassword() { + return password; + } + + /** + * @param password the password to set + */ + public void setPassword(String password) { + this.password = password; + } + + /** + * @return the username + */ + public String getUsername() { + return username; + } + + /** + * @param username the username to set + */ + public void setUsername(String username) { + this.username = username; + } + + } |