Class LoginWorker

    • Constructor Summary

      Constructors 
      Constructor Description
      LoginWorker()  
    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static java.lang.String autoChangePassword​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
      static java.lang.String autoLoginCheck​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
      static java.lang.String autoLoginRemove​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
      static java.lang.String autoLoginSet​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
      static java.lang.String check509CertLogin​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
      static GenericValue checkImpersonationInProcess​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Return the active GenericValue of a current impersonation UserLoginHistory of current userLogin session, only if not the impersonator himself.
      static java.lang.String checkLogin​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      An HTTP WebEvent handler that checks to see is a userLogin is logged in.
      static GenericValue checkLogout​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
      static java.lang.String checkRequestHeaderLogin​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
      static java.lang.String checkServletRequestRemoteUserLogin​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
      protected static boolean checkValidIssuer​(Delegator delegator, java.util.Map<java.lang.String,​java.lang.String> x500Map, java.math.BigInteger serialNumber)  
      static void createSecuredLoginIdCookie​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
      static java.lang.String depersonateLogin​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      An HTTP WebEvent handler to reverse an impersonate login.
      static void doBasicLogin​(GenericValue userLogin, javax.servlet.http.HttpServletRequest request)  
      static void doBasicLogout​(GenericValue userLogin, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
      static java.lang.String doMainLogin​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, GenericValue userLogin, java.util.Map<java.lang.String,​java.lang.Object> userLoginSession)  
      static java.lang.String extensionCheckLogin​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      This WebEvent allows for java 'services' to hook into the login path.
      static java.lang.String extensionConnectLogin​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      This WebEvent allows for java 'services' to hook into the login path.
      static java.util.Collection<ComponentConfig.WebappInfo> getAppBarWebInfos​(Security security, GenericValue userLogin, java.lang.String serverName, java.lang.String menuName)
      Returns a Collection of WebappInfo instances that the specified user is authorized to access.
      protected static java.lang.String getAutoLoginCookieName​(javax.servlet.http.HttpServletRequest request)  
      static java.lang.String getAutoUserLoginId​(javax.servlet.http.HttpServletRequest request)  
      protected static java.lang.String getSecuredLoginIdCookieName​(javax.servlet.http.HttpServletRequest request)  
      static java.lang.String getSecuredUserLoginId​(javax.servlet.http.HttpServletRequest request)  
      static java.util.Map<java.lang.String,​java.lang.Object> getUserLoginSession​(GenericValue userLogin)  
      static boolean hasApplicationPermission​(ComponentConfig.WebappInfo info, Security security, GenericValue userLogin)
      Returns true if the specified user is authorized to access the specified web application.
      static boolean hasBasePermission​(GenericValue userLogin, javax.servlet.http.HttpServletRequest request)  
      static java.lang.String impersonateLogin​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      An HTTP WebEvent handler to impersonate a given userLogin without using password.
      static boolean isFlaggedLoggedOut​(GenericValue userLogin, Delegator delegator)  
      static boolean isUserLoggedIn​(javax.servlet.http.HttpServletRequest request)  
      static boolean isUserLoginActive​(GenericValue userLogin)
      Return true if userLogin has not been disabled
      static java.lang.String login​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      An HTTP WebEvent handler that logs in a userLogin.
      static java.lang.String loginUserWithUserLoginId​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String userLoginId)
      This method will log in a user with only their username (userLoginId).
      static java.lang.String logout​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      An HTTP WebEvent handler that logs out a userLogin by clearing the session.
      static StringUtil.StringWrapper makeLoginUrl​(javax.servlet.http.HttpServletRequest request)  
      static StringUtil.StringWrapper makeLoginUrl​(javax.servlet.http.HttpServletRequest request, java.lang.String requestName)  
      static StringUtil.StringWrapper makeLoginUrl​(javax.servlet.jsp.PageContext pageContext)  
      static StringUtil.StringWrapper makeLoginUrl​(javax.servlet.jsp.PageContext pageContext, java.lang.String requestName)  
      static void setLoggedOut​(java.lang.String userLoginId, Delegator delegator)  
      protected static void setWebContextObjects​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Delegator delegator, LocalDispatcher dispatcher)  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • module

        public static final java.lang.String module
      • securityProperties

        public static final java.lang.String securityProperties
        See Also:
        Constant Field Values
    • Constructor Detail

      • LoginWorker

        public LoginWorker()
    • Method Detail

      • makeLoginUrl

        public static StringUtil.StringWrapper makeLoginUrl​(javax.servlet.jsp.PageContext pageContext,
                                                            java.lang.String requestName)
      • makeLoginUrl

        public static StringUtil.StringWrapper makeLoginUrl​(javax.servlet.http.HttpServletRequest request,
                                                            java.lang.String requestName)
      • setLoggedOut

        public static void setLoggedOut​(java.lang.String userLoginId,
                                        Delegator delegator)
      • checkLogout

        public static GenericValue checkLogout​(javax.servlet.http.HttpServletRequest request,
                                               javax.servlet.http.HttpServletResponse response)
      • checkImpersonationInProcess

        public static GenericValue checkImpersonationInProcess​(javax.servlet.http.HttpServletRequest request,
                                                               javax.servlet.http.HttpServletResponse response)
        Return the active GenericValue of a current impersonation UserLoginHistory of current userLogin session, only if not the impersonator himself.
        Parameters:
        request - The HTTP request object for the current JSP or Servlet request.
        response - The HTTP response object for the current JSP or Servlet request.
        Returns:
        GenericValue
      • extensionConnectLogin

        public static java.lang.String extensionConnectLogin​(javax.servlet.http.HttpServletRequest request,
                                                             javax.servlet.http.HttpServletResponse response)
        This WebEvent allows for java 'services' to hook into the login path. This method loads all instances of LoginCheck, and calls the LoginCheck.check(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) method. The first implementation to return a non-null value gets that value returned to the caller. Returning "none" will abort processing, while anything else gets looked up in outer view dispatch; for preprocessors, only "success" makes sense.
        Parameters:
        request - The HTTP request object for the current JSP or Servlet request.
        response - The HTTP response object for the current JSP or Servlet request.
        Returns:
        String
      • checkLogin

        public static java.lang.String checkLogin​(javax.servlet.http.HttpServletRequest request,
                                                  javax.servlet.http.HttpServletResponse response)
        An HTTP WebEvent handler that checks to see is a userLogin is logged in. If not, the user is forwarded to the login page.
        Parameters:
        request - The HTTP request object for the current JSP or Servlet request.
        response - The HTTP response object for the current JSP or Servlet request.
        Returns:
        String
      • login

        public static java.lang.String login​(javax.servlet.http.HttpServletRequest request,
                                             javax.servlet.http.HttpServletResponse response)
        An HTTP WebEvent handler that logs in a userLogin. This should run before the security check.
        Parameters:
        request - The HTTP request object for the current JSP or Servlet request.
        response - The HTTP response object for the current JSP or Servlet request.
        Returns:
        Return a boolean which specifies whether or not the calling Servlet or JSP should generate its own content. This allows an event to override the default content.
      • impersonateLogin

        public static java.lang.String impersonateLogin​(javax.servlet.http.HttpServletRequest request,
                                                        javax.servlet.http.HttpServletResponse response)
        An HTTP WebEvent handler to impersonate a given userLogin without using password. This should run before the security check.
        Parameters:
        request - The HTTP request object for the current JSP or Servlet request.
        response - The HTTP response object for the current JSP or Servlet request.
        Returns:
        Return a boolean which specifies whether or not the calling Servlet or JSP should generate its own content. This allows an event to override the default content.
      • depersonateLogin

        public static java.lang.String depersonateLogin​(javax.servlet.http.HttpServletRequest request,
                                                        javax.servlet.http.HttpServletResponse response)
        An HTTP WebEvent handler to reverse an impersonate login.
        Parameters:
        request - The HTTP request object for the current JSP or Servlet request.
        response - The HTTP response object for the current JSP or Servlet request.
        Returns:
        Return a boolean which specifies whether or not the calling Servlet or JSP should generate its own content. This allows an event to override the default content.
      • setWebContextObjects

        protected static void setWebContextObjects​(javax.servlet.http.HttpServletRequest request,
                                                   javax.servlet.http.HttpServletResponse response,
                                                   Delegator delegator,
                                                   LocalDispatcher dispatcher)
      • doMainLogin

        public static java.lang.String doMainLogin​(javax.servlet.http.HttpServletRequest request,
                                                   javax.servlet.http.HttpServletResponse response,
                                                   GenericValue userLogin,
                                                   java.util.Map<java.lang.String,​java.lang.Object> userLoginSession)
      • doBasicLogin

        public static void doBasicLogin​(GenericValue userLogin,
                                        javax.servlet.http.HttpServletRequest request)
      • logout

        public static java.lang.String logout​(javax.servlet.http.HttpServletRequest request,
                                              javax.servlet.http.HttpServletResponse response)
        An HTTP WebEvent handler that logs out a userLogin by clearing the session.
        Parameters:
        request - The HTTP request object for the current request.
        response - The HTTP response object for the current request.
        Returns:
        Return a boolean which specifies whether or not the calling request should generate its own content. This allows an event to override the default content.
      • doBasicLogout

        public static void doBasicLogout​(GenericValue userLogin,
                                         javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response)
      • autoLoginSet

        public static java.lang.String autoLoginSet​(javax.servlet.http.HttpServletRequest request,
                                                    javax.servlet.http.HttpServletResponse response)
      • createSecuredLoginIdCookie

        public static void createSecuredLoginIdCookie​(javax.servlet.http.HttpServletRequest request,
                                                      javax.servlet.http.HttpServletResponse response)
      • getAutoLoginCookieName

        protected static java.lang.String getAutoLoginCookieName​(javax.servlet.http.HttpServletRequest request)
      • getSecuredLoginIdCookieName

        protected static java.lang.String getSecuredLoginIdCookieName​(javax.servlet.http.HttpServletRequest request)
      • getAutoUserLoginId

        public static java.lang.String getAutoUserLoginId​(javax.servlet.http.HttpServletRequest request)
      • getSecuredUserLoginId

        public static java.lang.String getSecuredUserLoginId​(javax.servlet.http.HttpServletRequest request)
      • autoLoginCheck

        public static java.lang.String autoLoginCheck​(javax.servlet.http.HttpServletRequest request,
                                                      javax.servlet.http.HttpServletResponse response)
      • autoLoginRemove

        public static java.lang.String autoLoginRemove​(javax.servlet.http.HttpServletRequest request,
                                                       javax.servlet.http.HttpServletResponse response)
      • isUserLoggedIn

        public static boolean isUserLoggedIn​(javax.servlet.http.HttpServletRequest request)
      • loginUserWithUserLoginId

        public static java.lang.String loginUserWithUserLoginId​(javax.servlet.http.HttpServletRequest request,
                                                                javax.servlet.http.HttpServletResponse response,
                                                                java.lang.String userLoginId)
        This method will log in a user with only their username (userLoginId).
        Parameters:
        request -
        response -
        userLoginId -
        Returns:
        Returns "success" if user could be logged in or "error" if there was a problem.
      • checkRequestHeaderLogin

        public static java.lang.String checkRequestHeaderLogin​(javax.servlet.http.HttpServletRequest request,
                                                               javax.servlet.http.HttpServletResponse response)
      • checkServletRequestRemoteUserLogin

        public static java.lang.String checkServletRequestRemoteUserLogin​(javax.servlet.http.HttpServletRequest request,
                                                                          javax.servlet.http.HttpServletResponse response)
      • check509CertLogin

        public static java.lang.String check509CertLogin​(javax.servlet.http.HttpServletRequest request,
                                                         javax.servlet.http.HttpServletResponse response)
      • checkValidIssuer

        protected static boolean checkValidIssuer​(Delegator delegator,
                                                  java.util.Map<java.lang.String,​java.lang.String> x500Map,
                                                  java.math.BigInteger serialNumber)
                                           throws GeneralException
        Throws:
        GeneralException
      • isFlaggedLoggedOut

        public static boolean isFlaggedLoggedOut​(GenericValue userLogin,
                                                 Delegator delegator)
      • hasApplicationPermission

        public static boolean hasApplicationPermission​(ComponentConfig.WebappInfo info,
                                                       Security security,
                                                       GenericValue userLogin)
        Returns true if the specified user is authorized to access the specified web application.
        Parameters:
        info -
        security -
        userLogin -
        Returns:
        true if the specified user is authorized to access the specified web application
      • hasBasePermission

        public static boolean hasBasePermission​(GenericValue userLogin,
                                                javax.servlet.http.HttpServletRequest request)
      • getAppBarWebInfos

        public static java.util.Collection<ComponentConfig.WebappInfo> getAppBarWebInfos​(Security security,
                                                                                         GenericValue userLogin,
                                                                                         java.lang.String serverName,
                                                                                         java.lang.String menuName)
        Returns a Collection of WebappInfo instances that the specified user is authorized to access.
        Parameters:
        security -
        userLogin -
        serverName -
        menuName -
        Returns:
        A Collection WebappInfo instances that the specified user is authorized to access
      • getUserLoginSession

        public static java.util.Map<java.lang.String,​java.lang.Object> getUserLoginSession​(GenericValue userLogin)
      • autoChangePassword

        public static java.lang.String autoChangePassword​(javax.servlet.http.HttpServletRequest request,
                                                          javax.servlet.http.HttpServletResponse response)
      • isUserLoginActive

        public static boolean isUserLoginActive​(GenericValue userLogin)
        Return true if userLogin has not been disabled
        Parameters:
        userLogin -
        Returns:
        boolean