1 package org.apache.turbine.modules.actions;
2
3 /*
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
19 * under the License.
20 */
21
22 import org.apache.commons.configuration.Configuration;
23
24 import org.apache.commons.lang.StringUtils;
25
26 import org.apache.commons.logging.Log;
27 import org.apache.commons.logging.LogFactory;
28
29 import org.apache.turbine.Turbine;
30 import org.apache.turbine.TurbineConstants;
31 import org.apache.turbine.modules.Action;
32 import org.apache.turbine.om.security.User;
33 import org.apache.turbine.pipeline.PipelineData;
34 import org.apache.turbine.services.security.TurbineSecurity;
35 import org.apache.turbine.util.RunData;
36 import org.apache.turbine.util.security.DataBackendException;
37 import org.apache.turbine.util.security.TurbineSecurityException;
38
39 /**
40 * This is where we authenticate the user logging into the system
41 * against a user in the database. If the user exists in the database
42 * that users last login time will be updated.
43 *
44 * @deprecated Use PipelineData version instead.
45 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
46 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
47 * @author <a href="mailto:quintonm@bellsouth.net">Quinton McCombs</a>
48 * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
49 * @version $Id: LoginUser.java 1066529 2011-02-02 17:01:46Z ludwig $
50 */
51 @Deprecated
52 public class LoginUser
53 extends Action
54 {
55 /** CGI Parameter for the user name */
56 public static final String CGI_USERNAME = "username";
57
58 /** CGI Parameter for the password */
59 public static final String CGI_PASSWORD = "password";
60
61 /** Logging */
62 private static Log log = LogFactory.getLog(LoginUser.class);
63
64 /**
65 * Updates the user's LastLogin timestamp, sets their state to
66 * "logged in" and calls RunData.setUser() . If the user cannot
67 * be authenticated (database error?) the user is assigned
68 * anonymous status and, if tr.props contains a TEMPLATE_LOGIN,
69 * the screenTemplate is set to this, otherwise the screen is set
70 * to SCREEN_LOGIN
71 *
72 * @param data Turbine information.
73 * @exception TurbineSecurityException could not get instance of the
74 * anonymous user
75 */
76 @Override
77 public void doPerform(RunData data)
78 throws TurbineSecurityException
79 {
80 String username = data.getParameters().getString(CGI_USERNAME, "");
81 String password = data.getParameters().getString(CGI_PASSWORD, "");
82
83 if (StringUtils.isEmpty(username))
84 {
85 return;
86 }
87
88 try
89 {
90 // Authenticate the user and get the object.
91 User user = TurbineSecurity.getAuthenticatedUser(
92 username, password);
93
94 // Store the user object.
95 data.setUser(user);
96
97 // Mark the user as being logged in.
98 user.setHasLoggedIn(Boolean.TRUE);
99
100 // Set the last_login date in the database.
101 user.updateLastLogin();
102
103 // This only happens if the user is valid; otherwise, we
104 // will get a valueBound in the User object when we don't
105 // want to because the username is not set yet. Save the
106 // User object into the session.
107 data.save();
108
109 /*
110 * If the setPage("template.vm") method has not
111 * been used in the template to authenticate the
112 * user (usually Login.vm), then the user will
113 * be forwarded to the template that is specified
114 * by the "template.home" property as listed in
115 * TR.props for the webapp.
116 */
117
118 }
119 catch (Exception e)
120 {
121 Configuration conf = Turbine.getConfiguration();
122
123 if (e instanceof DataBackendException)
124 {
125 log.error(e);
126 }
127
128 // Set Error Message and clean out the user.
129 data.setMessage(conf.getString(TurbineConstants.LOGIN_ERROR, ""));
130 data.setUser (TurbineSecurity.getAnonymousUser());
131
132 String loginTemplate = conf.getString(
133 TurbineConstants.TEMPLATE_LOGIN);
134
135 if (StringUtils.isNotEmpty(loginTemplate))
136 {
137 // We're running in a templating solution
138 data.setScreenTemplate(loginTemplate);
139 }
140 else
141 {
142 data.setScreen(conf.getString(TurbineConstants.SCREEN_LOGIN));
143 }
144 }
145 }
146
147
148 /**
149 * Updates the user's LastLogin timestamp, sets their state to
150 * "logged in" and calls RunData.setUser() . If the user cannot
151 * be authenticated (database error?) the user is assigned
152 * anonymous status and, if tr.props contains a TEMPLATE_LOGIN,
153 * the screenTemplate is set to this, otherwise the screen is set
154 * to SCREEN_LOGIN
155 *
156 * @param pipelineData Turbine information.
157 * @exception TurbineSecurityException could not get instance of the
158 * anonymous user
159 */
160 @Override
161 public void doPerform(PipelineData pipelineData)
162 throws TurbineSecurityException
163 {
164 RunData data = getRunData(pipelineData);
165 doPerform(data);
166 }
167
168 }