All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.aoindustries.website.AuthenticatedAction Maven / Gradle / Ivy

/*
 * aoweb-struts-core - Core API for legacy Struts-based site framework with AOServ Platform control panels.
 * Copyright (C) 2007-2009, 2015, 2016, 2017, 2018  AO Industries, Inc.
 *     [email protected]
 *     7262 Bull Pen Cir
 *     Mobile, AL 36695
 *
 * This file is part of aoweb-struts-core.
 *
 * aoweb-struts-core is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * aoweb-struts-core is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with aoweb-struts-core.  If not, see .
 */
package com.aoindustries.website;

import com.aoindustries.aoserv.client.AOServConnector;
import com.aoindustries.aoserv.client.linux.User;
import com.aoindustries.validation.ValidationException;
import java.io.IOException;
import java.util.Locale;
import java.util.logging.Level;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;

/**
 * Ensures the user is logged in.  Forwards to "login" if not logged in.  Otherwise, it sets the
 * request attribute "aoConn" and then calls
 * execute(ActionMapping,ActionForm,HttpServletRequest,HttpServletResponse,Locale,Skin,AOServConnector).
 * The default implementation of this new execute method simply returns the mapping
 * of "success".
*
* More simply put, without overriding the new execute method, this action returns either the mapping * for "login" or "success". * * @author AO Industries, Inc. */ abstract public class AuthenticatedAction extends SkinAction { @Override final public ActionForward execute( ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response, SiteSettings siteSettings, Locale locale, Skin skin ) throws Exception { // Handle login AOServConnector aoConn = getAoConn(request, response); if(aoConn==null) { String target = request.getRequestURL().toString(); if(!target.endsWith("/login.do")) { String queryString = request.getQueryString(); if(queryString!=null) target = target+'?'+queryString; request.getSession().setAttribute(Constants.AUTHENTICATION_TARGET, target); } else { request.getSession().removeAttribute(Constants.AUTHENTICATION_TARGET); } return mapping.findForward("login"); } // Set request values request.setAttribute("aoConn", aoConn); return execute(mapping, form, request, response, siteSettings, locale, skin, aoConn); } /** * Gets the AOServConnector that represents the actual login id. This will not change when * the user performs a switch user ("su").. */ public static AOServConnector getAuthenticatedAoConn(HttpServletRequest request, HttpServletResponse response) { return (AOServConnector)request.getSession().getAttribute(Constants.AUTHENTICATED_AO_CONN); } /** * Gets the AOServConnector for the user or null if not logged in. This also handles the "su" behavior that was * stored in the session by SkinAction. */ public static AOServConnector getAoConn(HttpServletRequest request, HttpServletResponse response) { HttpSession session = request.getSession(); AOServConnector authenticatedAoConn = getAuthenticatedAoConn(request, response); // Not logged in if(authenticatedAoConn==null) return null; // Is a "su" requested? String su=(String)session.getAttribute(Constants.SU_REQUESTED); if(su!=null) { session.removeAttribute(Constants.SU_REQUESTED); try { AOServConnector aoConn; if(su.isEmpty()) { aoConn = authenticatedAoConn; } else { try { User.Name suId = User.Name.valueOf(su); aoConn = authenticatedAoConn.switchUsers(suId); } catch(ValidationException e) { // Ignore requests for invalid su aoConn = authenticatedAoConn; } } session.setAttribute(Constants.AO_CONN, aoConn); return aoConn; } catch(IOException err) { LogFactory.getLogger(session.getServletContext(), AuthenticatedAction.class).log(Level.SEVERE, null, err); } } // Look for previous effective user AOServConnector aoConn = (AOServConnector)session.getAttribute(Constants.AO_CONN); if(aoConn!=null) return aoConn; // Default effective user to authenticated user session.setAttribute(Constants.AO_CONN, authenticatedAoConn); return authenticatedAoConn; } /** * Once authentication has been handled, this version of the execute method is invoked. * The default implementation of this method simply returns the mapping of "success". */ public ActionForward execute( ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response, SiteSettings siteSettings, Locale locale, Skin skin, AOServConnector aoConn ) throws Exception { return mapping.findForward("success"); } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy