001    package org.apache.turbine.modules.actions;
002    
003    /*
004     * Licensed to the Apache Software Foundation (ASF) under one
005     * or more contributor license agreements.  See the NOTICE file
006     * distributed with this work for additional information
007     * regarding copyright ownership.  The ASF licenses this file
008     * to you under the Apache License, Version 2.0 (the
009     * "License"); you may not use this file except in compliance
010     * with the License.  You may obtain a copy of the License at
011     *
012     *   http://www.apache.org/licenses/LICENSE-2.0
013     *
014     * Unless required by applicable law or agreed to in writing,
015     * software distributed under the License is distributed on an
016     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017     * KIND, either express or implied.  See the License for the
018     * specific language governing permissions and limitations
019     * under the License.
020     */
021    
022    import org.apache.commons.configuration.Configuration;
023    
024    import org.apache.commons.lang.StringUtils;
025    
026    import org.apache.commons.logging.Log;
027    import org.apache.commons.logging.LogFactory;
028    
029    import org.apache.turbine.Turbine;
030    import org.apache.turbine.TurbineConstants;
031    import org.apache.turbine.modules.Action;
032    import org.apache.turbine.om.security.User;
033    import org.apache.turbine.pipeline.PipelineData;
034    import org.apache.turbine.services.security.TurbineSecurity;
035    import org.apache.turbine.util.RunData;
036    import org.apache.turbine.util.security.DataBackendException;
037    import org.apache.turbine.util.security.TurbineSecurityException;
038    
039    /**
040     * This is where we authenticate the user logging into the system
041     * against a user in the database. If the user exists in the database
042     * that users last login time will be updated.
043     *
044     * @deprecated Use PipelineData version instead.
045     * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
046     * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
047     * @author <a href="mailto:quintonm@bellsouth.net">Quinton McCombs</a>
048     * @author <a href="mailto:peter@courcoux.biz">Peter Courcoux</a>
049     * @version $Id: LoginUser.java 1066529 2011-02-02 17:01:46Z ludwig $
050     */
051    @Deprecated
052    public class LoginUser
053            extends Action
054    {
055        /** CGI Parameter for the user name */
056        public static final String CGI_USERNAME = "username";
057    
058        /** CGI Parameter for the password */
059        public static final String CGI_PASSWORD = "password";
060    
061        /** Logging */
062        private static Log log = LogFactory.getLog(LoginUser.class);
063    
064        /**
065         * Updates the user's LastLogin timestamp, sets their state to
066         * "logged in" and calls RunData.setUser() .  If the user cannot
067         * be authenticated (database error?) the user is assigned
068         * anonymous status and, if tr.props contains a TEMPLATE_LOGIN,
069         * the screenTemplate is set to this, otherwise the screen is set
070         * to SCREEN_LOGIN
071         *
072         * @param     data Turbine information.
073         * @exception TurbineSecurityException could not get instance of the
074         *            anonymous user
075         */
076        @Override
077        public void doPerform(RunData data)
078                throws TurbineSecurityException
079        {
080            String username = data.getParameters().getString(CGI_USERNAME, "");
081            String password = data.getParameters().getString(CGI_PASSWORD, "");
082    
083            if (StringUtils.isEmpty(username))
084            {
085                return;
086            }
087    
088            try
089            {
090                // Authenticate the user and get the object.
091                User user = TurbineSecurity.getAuthenticatedUser(
092                        username, password);
093    
094                // Store the user object.
095                data.setUser(user);
096    
097                // Mark the user as being logged in.
098                user.setHasLoggedIn(Boolean.TRUE);
099    
100                // Set the last_login date in the database.
101                user.updateLastLogin();
102    
103                // This only happens if the user is valid; otherwise, we
104                // will get a valueBound in the User object when we don't
105                // want to because the username is not set yet.  Save the
106                // User object into the session.
107                data.save();
108    
109                /*
110                 * If the setPage("template.vm") method has not
111                 * been used in the template to authenticate the
112                 * user (usually Login.vm), then the user will
113                 * be forwarded to the template that is specified
114                 * by the "template.home" property as listed in
115                 * TR.props for the webapp.
116                 */
117    
118            }
119            catch (Exception e)
120            {
121                Configuration conf = Turbine.getConfiguration();
122    
123                if (e instanceof DataBackendException)
124                {
125                    log.error(e);
126                }
127    
128                // Set Error Message and clean out the user.
129                data.setMessage(conf.getString(TurbineConstants.LOGIN_ERROR, ""));
130                data.setUser (TurbineSecurity.getAnonymousUser());
131    
132                String loginTemplate = conf.getString(
133                        TurbineConstants.TEMPLATE_LOGIN);
134    
135                if (StringUtils.isNotEmpty(loginTemplate))
136                {
137                    // We're running in a templating solution
138                    data.setScreenTemplate(loginTemplate);
139                }
140                else
141                {
142                    data.setScreen(conf.getString(TurbineConstants.SCREEN_LOGIN));
143                }
144            }
145        }
146    
147    
148        /**
149         * Updates the user's LastLogin timestamp, sets their state to
150         * "logged in" and calls RunData.setUser() .  If the user cannot
151         * be authenticated (database error?) the user is assigned
152         * anonymous status and, if tr.props contains a TEMPLATE_LOGIN,
153         * the screenTemplate is set to this, otherwise the screen is set
154         * to SCREEN_LOGIN
155         *
156         * @param     pipelineData Turbine information.
157         * @exception TurbineSecurityException could not get instance of the
158         *            anonymous user
159         */
160        @Override
161        public void doPerform(PipelineData pipelineData)
162                throws TurbineSecurityException
163        {
164            RunData data = getRunData(pipelineData);
165            doPerform(data);
166        }
167    
168    }