1 /*
2 * $Id$
3 *
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
19 * under the License.
20 */
21
22
23 package org.apache.struts.webapp.example;
24
25
26 import jakarta.servlet.http.HttpServletRequest;
27 import jakarta.servlet.http.HttpServletResponse;
28 import jakarta.servlet.http.HttpSession;
29
30 import org.apache.commons.beanutils.PropertyUtils;
31 import org.apache.struts.action.Action;
32 import org.apache.struts.action.ActionForm;
33 import org.apache.struts.action.ActionForward;
34 import org.apache.struts.action.ActionMapping;
35 import org.apache.struts.action.ActionMessage;
36 import org.apache.struts.action.ActionMessages;
37 import org.apache.struts.apps.mailreader.dao.ExpiredPasswordException;
38 import org.apache.struts.apps.mailreader.dao.User;
39 import org.apache.struts.apps.mailreader.dao.UserDatabase;
40 import org.apache.struts.util.ModuleException;
41 import org.slf4j.Logger;
42 import org.slf4j.LoggerFactory;
43
44
45 /**
46 * Implementation of <strong>Action</strong> that validates a user logon.
47 *
48 * @author Craig R. McClanahan
49 * @version $Rev$ $Date$
50 */
51
52 public final class LogonAction extends Action {
53 private static final long serialVersionUID = 8794487498966644785L;
54
55
56 // ----------------------------------------------------- Instance Variables
57
58
59 /**
60 * The {@code Log} instance for this class.
61 */
62 private final static Logger LOG =
63 LoggerFactory.getLogger(LogonAction.class);
64
65
66 // --------------------------------------------------------- Public Methods
67
68
69 /**
70 * Process the specified HTTP request, and create the corresponding HTTP
71 * response (or forward to another web component that will create it).
72 * Return an <code>ActionForward</code> instance describing where and how
73 * control should be forwarded, or <code>null</code> if the response has
74 * already been completed.
75 *
76 * @param mapping The ActionMapping used to select this instance
77 * @param form The optional ActionForm bean for this request (if any)
78 * @param request The HTTP request we are processing
79 * @param response The HTTP response we are creating
80 *
81 * @exception Exception if business logic throws an exception
82 */
83 public ActionForward execute(ActionMapping mapping,
84 ActionForm form,
85 HttpServletRequest request,
86 HttpServletResponse response)
87 throws Exception {
88
89 // Extract attributes we will need
90 User user = null;
91
92 // Validate the request parameters specified by the user
93 ActionMessages errors = new ActionMessages();
94 String username = (String)
95 PropertyUtils.getSimpleProperty(form, "username");
96 String password = (String)
97 PropertyUtils.getSimpleProperty(form, "password");
98 UserDatabase database = (UserDatabase)
99 servlet.getServletContext().getAttribute(Constants.DATABASE_KEY);
100 if (database == null)
101 errors.add(ActionMessages.GLOBAL_MESSAGE,
102 new ActionMessage("error.database.missing"));
103 else {
104 user = getUser(database, username);
105 if ((user != null) && !user.getPassword().equals(password))
106 user = null;
107 if (user == null)
108 errors.add(ActionMessages.GLOBAL_MESSAGE,
109 new ActionMessage("error.password.mismatch"));
110 }
111
112 // Report any errors we have discovered back to the original form
113 if (!errors.isEmpty()) {
114 saveErrors(request, errors);
115 return (mapping.getInputForward());
116 }
117
118 // Save our logged-in user in the session
119 HttpSession session = request.getSession();
120 session.setAttribute(Constants.USER_KEY, user);
121 LOG.debug("LogonAction: User '{}' logged on in session {}",
122 user.getUsername(), session.getId());
123
124 // Remove the obsolete form bean
125 if (mapping.getAttribute() != null) {
126 if ("request".equals(mapping.getScope()))
127 request.removeAttribute(mapping.getAttribute());
128 else
129 session.removeAttribute(mapping.getAttribute());
130 }
131
132 // Forward control to the specified success URI
133 return (mapping.findForward("success"));
134
135 }
136
137
138 // ------------------------------------------------------ Protected Methods
139
140
141 /**
142 * Look up the user, throwing an exception to simulate business logic
143 * rule exceptions.
144 *
145 * @param database Database in which to look up the user
146 * @param username Username specified on the logon form
147 *
148 * @throws ModuleException if a business logic rule is violated
149 */
150 public User getUser(UserDatabase database, String username)
151 throws ModuleException {
152
153 // Force an ArithmeticException which can be handled explicitly
154 if ("arithmetic".equals(username)) {
155 throw new ArithmeticException();
156 }
157
158 // Force an application-specific exception which can be handled
159 if ("expired".equals(username)) {
160 throw new ExpiredPasswordException(username);
161 }
162
163 // Look up and return the specified user
164 return (database.findUser(username));
165 }
166 }