View Javadoc
1   /*
2    * $Id$
3    *
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *  http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  
23  package org.apache.struts.webapp.example;
24  
25  
26  import jakarta.servlet.http.HttpServletRequest;
27  import jakarta.servlet.http.HttpServletResponse;
28  import jakarta.servlet.http.HttpSession;
29  
30  import org.apache.commons.beanutils.PropertyUtils;
31  import org.apache.struts.action.Action;
32  import org.apache.struts.action.ActionForm;
33  import org.apache.struts.action.ActionForward;
34  import org.apache.struts.action.ActionMapping;
35  import org.apache.struts.action.ActionMessage;
36  import org.apache.struts.action.ActionMessages;
37  import org.apache.struts.apps.mailreader.dao.ExpiredPasswordException;
38  import org.apache.struts.apps.mailreader.dao.User;
39  import org.apache.struts.apps.mailreader.dao.UserDatabase;
40  import org.apache.struts.util.ModuleException;
41  import org.slf4j.Logger;
42  import org.slf4j.LoggerFactory;
43  
44  
45  /**
46   * Implementation of <strong>Action</strong> that validates a user logon.
47   *
48   * @author Craig R. McClanahan
49   * @version $Rev$ $Date$
50   */
51  
52  public final class LogonAction extends Action {
53      private static final long serialVersionUID = 8794487498966644785L;
54  
55  
56      // ----------------------------------------------------- Instance Variables
57  
58  
59      /**
60       * The {@code Log} instance for this class.
61       */
62      private final static Logger LOG =
63          LoggerFactory.getLogger(LogonAction.class);
64  
65  
66      // --------------------------------------------------------- Public Methods
67  
68  
69      /**
70       * Process the specified HTTP request, and create the corresponding HTTP
71       * response (or forward to another web component that will create it).
72       * Return an <code>ActionForward</code> instance describing where and how
73       * control should be forwarded, or <code>null</code> if the response has
74       * already been completed.
75       *
76       * @param mapping The ActionMapping used to select this instance
77       * @param form The optional ActionForm bean for this request (if any)
78       * @param request The HTTP request we are processing
79       * @param response The HTTP response we are creating
80       *
81       * @exception Exception if business logic throws an exception
82       */
83      public ActionForward execute(ActionMapping mapping,
84                   ActionForm form,
85                   HttpServletRequest request,
86                   HttpServletResponse response)
87      throws Exception {
88  
89      // Extract attributes we will need
90      User user = null;
91  
92      // Validate the request parameters specified by the user
93      ActionMessages errors = new ActionMessages();
94      String username = (String)
95              PropertyUtils.getSimpleProperty(form, "username");
96          String password = (String)
97              PropertyUtils.getSimpleProperty(form, "password");
98      UserDatabase database = (UserDatabase)
99        servlet.getServletContext().getAttribute(Constants.DATABASE_KEY);
100     if (database == null)
101             errors.add(ActionMessages.GLOBAL_MESSAGE,
102                        new ActionMessage("error.database.missing"));
103     else {
104         user = getUser(database, username);
105         if ((user != null) && !user.getPassword().equals(password))
106         user = null;
107         if (user == null)
108                 errors.add(ActionMessages.GLOBAL_MESSAGE,
109                            new ActionMessage("error.password.mismatch"));
110     }
111 
112     // Report any errors we have discovered back to the original form
113     if (!errors.isEmpty()) {
114         saveErrors(request, errors);
115             return (mapping.getInputForward());
116     }
117 
118     // Save our logged-in user in the session
119     HttpSession session = request.getSession();
120     session.setAttribute(Constants.USER_KEY, user);
121     LOG.debug("LogonAction: User '{}' logged on in session {}",
122         user.getUsername(), session.getId());
123 
124         // Remove the obsolete form bean
125     if (mapping.getAttribute() != null) {
126             if ("request".equals(mapping.getScope()))
127                 request.removeAttribute(mapping.getAttribute());
128             else
129                 session.removeAttribute(mapping.getAttribute());
130         }
131 
132     // Forward control to the specified success URI
133     return (mapping.findForward("success"));
134 
135     }
136 
137 
138     // ------------------------------------------------------ Protected Methods
139 
140 
141     /**
142      * Look up the user, throwing an exception to simulate business logic
143      * rule exceptions.
144      *
145      * @param database Database in which to look up the user
146      * @param username Username specified on the logon form
147      *
148      * @throws ModuleException if a business logic rule is violated
149      */
150     public User getUser(UserDatabase database, String username)
151         throws ModuleException {
152 
153         // Force an ArithmeticException which can be handled explicitly
154         if ("arithmetic".equals(username)) {
155             throw new ArithmeticException();
156         }
157 
158         // Force an application-specific exception which can be handled
159         if ("expired".equals(username)) {
160             throw new ExpiredPasswordException(username);
161         }
162 
163         // Look up and return the specified user
164         return (database.findUser(username));
165     }
166 }