Package org.apache.ofbiz.webapp.control

Class LoginWorker

java.lang.Object

org.apache.ofbiz.webapp.control.LoginWorker

Direct Known Subclasses:

LdapLoginWorker, OFBizSolrLoginWorker

public class LoginWorker
extends java.lang.Object

Common Workers

Field Summary

Fields

Modifier and Type	Field	Description
static java.lang.String	module
static java.lang.String	resourceWebapp
static java.lang.String	securityProperties
static java.lang.String	X509_CERT_ATTR

Constructor Summary

Constructors

Constructor	Description
LoginWorker()

Method Summary

Modifier and Type	Method	Description
static java.lang.String	autoChangePassword(HttpServletRequest request, HttpServletResponse response)
static java.lang.String	autoLoginCheck(HttpServletRequest request, HttpServletResponse response)
static java.lang.String	autoLoginRemove(HttpServletRequest request, HttpServletResponse response)
static java.lang.String	autoLoginSet(HttpServletRequest request, HttpServletResponse response)
static java.lang.String	check509CertLogin(HttpServletRequest request, HttpServletResponse response)
static GenericValue	checkImpersonationInProcess(HttpServletRequest request, HttpServletResponse response)	Return the active GenericValue of a current impersonation UserLoginHistory of current userLogin session, only if not the impersonator himself.
static java.lang.String	checkLogin(HttpServletRequest request, HttpServletResponse response)	An HTTP WebEvent handler that checks to see is a userLogin is logged in.
static GenericValue	checkLogout(HttpServletRequest request, HttpServletResponse response)
static java.lang.String	checkRequestHeaderLogin(HttpServletRequest request, HttpServletResponse response)
static java.lang.String	checkServletRequestRemoteUserLogin(HttpServletRequest request, HttpServletResponse response)
protected static boolean	checkValidIssuer(Delegator delegator, java.util.Map<java.lang.String,java.lang.String> x500Map, java.math.BigInteger serialNumber)
static void	createSecuredLoginIdCookie(HttpServletRequest request, HttpServletResponse response)
static java.lang.String	depersonateLogin(HttpServletRequest request, HttpServletResponse response)	An HTTP WebEvent handler to reverse an impersonate login.
static void	doBasicLogin(GenericValue userLogin, HttpServletRequest request)
static void	doBasicLogout(GenericValue userLogin, HttpServletRequest request, HttpServletResponse response)
static java.lang.String	doMainLogin(HttpServletRequest request, HttpServletResponse response, GenericValue userLogin, java.util.Map<java.lang.String,java.lang.Object> userLoginSession)
static java.lang.String	extensionCheckLogin(HttpServletRequest request, HttpServletResponse response)	This WebEvent allows for java 'services' to hook into the login path.
static java.lang.String	extensionConnectLogin(HttpServletRequest request, HttpServletResponse response)	This WebEvent allows for java 'services' to hook into the login path.
static java.util.Collection<ComponentConfig.WebappInfo>	getAppBarWebInfos(Security security, GenericValue userLogin, java.lang.String serverName, java.lang.String menuName)	Returns a Collection of WebappInfo instances that the specified user is authorized to access.
protected static java.lang.String	getAutoLoginCookieName(HttpServletRequest request)
static java.lang.String	getAutoUserLoginId(HttpServletRequest request)
protected static java.lang.String	getSecuredLoginIdCookieName(HttpServletRequest request)
static java.lang.String	getSecuredUserLoginId(HttpServletRequest request)
static java.util.Map<java.lang.String,java.lang.Object>	getUserLoginSession(GenericValue userLogin)
static boolean	hasApplicationPermission(ComponentConfig.WebappInfo info, Security security, GenericValue userLogin)	Returns true if the specified user is authorized to access the specified web application.
static boolean	hasBasePermission(GenericValue userLogin, HttpServletRequest request)
static java.lang.String	impersonateLogin(HttpServletRequest request, HttpServletResponse response)	An HTTP WebEvent handler to impersonate a given userLogin without using password.
static boolean	isFlaggedLoggedOut(GenericValue userLogin, Delegator delegator)
static boolean	isUserLoggedIn(HttpServletRequest request)
static boolean	isUserLoginActive(GenericValue userLogin)	Return true if userLogin has not been disabled
static java.lang.String	login(HttpServletRequest request, HttpServletResponse response)	An HTTP WebEvent handler that logs in a userLogin.
static java.lang.String	loginUserWithUserLoginId(HttpServletRequest request, HttpServletResponse response, java.lang.String userLoginId)	This method will log in a user with only their username (userLoginId).
static java.lang.String	logout(HttpServletRequest request, HttpServletResponse response)	An HTTP WebEvent handler that logs out a userLogin by clearing the session.
static StringUtil.StringWrapper	makeLoginUrl(HttpServletRequest request)
static StringUtil.StringWrapper	makeLoginUrl(HttpServletRequest request, java.lang.String requestName)
static StringUtil.StringWrapper	makeLoginUrl(PageContext pageContext)
static StringUtil.StringWrapper	makeLoginUrl(PageContext pageContext, java.lang.String requestName)
static void	setLoggedOut(java.lang.String userLoginId, Delegator delegator)
protected static void	setWebContextObjects(HttpServletRequest request, HttpServletResponse response, Delegator delegator, LocalDispatcher dispatcher)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

module

public static final java.lang.String module

resourceWebapp

public static final java.lang.String resourceWebapp

See Also:

Constant Field Values

X509_CERT_ATTR

public static final java.lang.String X509_CERT_ATTR

See Also:

Constant Field Values

securityProperties

public static final java.lang.String securityProperties

See Also:

Constant Field Values

Constructor Detail

LoginWorker

public LoginWorker()

Method Detail

makeLoginUrl

public static StringUtil.StringWrapper makeLoginUrl(PageContext pageContext)

makeLoginUrl

public static StringUtil.StringWrapper makeLoginUrl(HttpServletRequest request)

makeLoginUrl

public static StringUtil.StringWrapper makeLoginUrl(PageContext pageContext,
                                                    java.lang.String requestName)

makeLoginUrl

public static StringUtil.StringWrapper makeLoginUrl(HttpServletRequest request,
                                                    java.lang.String requestName)

setLoggedOut

public static void setLoggedOut(java.lang.String userLoginId,
                                Delegator delegator)

checkLogout

public static GenericValue checkLogout(HttpServletRequest request,
                                       HttpServletResponse response)

checkImpersonationInProcess

public static GenericValue checkImpersonationInProcess(HttpServletRequest request,
                                                       HttpServletResponse response)

Return the active GenericValue of a current impersonation UserLoginHistory of current userLogin session, only if not the impersonator himself.

Parameters:

request - The HTTP request object for the current JSP or Servlet request.

response - The HTTP response object for the current JSP or Servlet request.

Returns:

GenericValue

extensionCheckLogin

public static java.lang.String extensionCheckLogin(HttpServletRequest request,
                                                   HttpServletResponse response)

This WebEvent allows for java 'services' to hook into the login path. This method loads all instances of LoginCheck, and calls the LoginCheck.associate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) method. The first implementation to return a non-null value gets that value returned to the caller. Returning "none" will abort processing, while anything else gets looked up in outer view dispatch. This event is called when the current request needs to have a validly logged in user; it is a wrapper around checkLogin(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse).

Parameters:

request - The HTTP request object for the current JSP or Servlet request.

response - The HTTP response object for the current JSP or Servlet request.

Returns:

String

extensionConnectLogin

public static java.lang.String extensionConnectLogin(HttpServletRequest request,
                                                     HttpServletResponse response)

This WebEvent allows for java 'services' to hook into the login path. This method loads all instances of LoginCheck, and calls the LoginCheck.check(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) method. The first implementation to return a non-null value gets that value returned to the caller. Returning "none" will abort processing, while anything else gets looked up in outer view dispatch; for preprocessors, only "success" makes sense.

Parameters:

request - The HTTP request object for the current JSP or Servlet request.

response - The HTTP response object for the current JSP or Servlet request.

Returns:

String

checkLogin

public static java.lang.String checkLogin(HttpServletRequest request,
                                          HttpServletResponse response)

An HTTP WebEvent handler that checks to see is a userLogin is logged in. If not, the user is forwarded to the login page.

Parameters:

request - The HTTP request object for the current JSP or Servlet request.

response - The HTTP response object for the current JSP or Servlet request.

Returns:

String

login

public static java.lang.String login(HttpServletRequest request,
                                     HttpServletResponse response)

An HTTP WebEvent handler that logs in a userLogin. This should run before the security check.

Parameters:

request - The HTTP request object for the current JSP or Servlet request.

response - The HTTP response object for the current JSP or Servlet request.

Returns:

Return a boolean which specifies whether or not the calling Servlet or JSP should generate its own content. This allows an event to override the default content.

impersonateLogin

public static java.lang.String impersonateLogin(HttpServletRequest request,
                                                HttpServletResponse response)

An HTTP WebEvent handler to impersonate a given userLogin without using password. This should run before the security check.

Parameters:

request - The HTTP request object for the current JSP or Servlet request.

response - The HTTP response object for the current JSP or Servlet request.

Returns:

Return a boolean which specifies whether or not the calling Servlet or JSP should generate its own content. This allows an event to override the default content.

depersonateLogin

public static java.lang.String depersonateLogin(HttpServletRequest request,
                                                HttpServletResponse response)

An HTTP WebEvent handler to reverse an impersonate login.

Parameters:

request - The HTTP request object for the current JSP or Servlet request.

response - The HTTP response object for the current JSP or Servlet request.

Returns:

Return a boolean which specifies whether or not the calling Servlet or JSP should generate its own content. This allows an event to override the default content.

setWebContextObjects

protected static void setWebContextObjects(HttpServletRequest request,
                                           HttpServletResponse response,
                                           Delegator delegator,
                                           LocalDispatcher dispatcher)

doMainLogin

public static java.lang.String doMainLogin(HttpServletRequest request,
                                           HttpServletResponse response,
                                           GenericValue userLogin,
                                           java.util.Map<java.lang.String,java.lang.Object> userLoginSession)

doBasicLogin

public static void doBasicLogin(GenericValue userLogin,
                                HttpServletRequest request)

logout

public static java.lang.String logout(HttpServletRequest request,
                                      HttpServletResponse response)

An HTTP WebEvent handler that logs out a userLogin by clearing the session.

Parameters:

request - The HTTP request object for the current request.

response - The HTTP response object for the current request.

Returns:

Return a boolean which specifies whether or not the calling request should generate its own content. This allows an event to override the default content.

doBasicLogout

public static void doBasicLogout(GenericValue userLogin,
                                 HttpServletRequest request,
                                 HttpServletResponse response)

autoLoginSet

public static java.lang.String autoLoginSet(HttpServletRequest request,
                                            HttpServletResponse response)

createSecuredLoginIdCookie

public static void createSecuredLoginIdCookie(HttpServletRequest request,
                                              HttpServletResponse response)

getAutoLoginCookieName

protected static java.lang.String getAutoLoginCookieName(HttpServletRequest request)

getSecuredLoginIdCookieName

protected static java.lang.String getSecuredLoginIdCookieName(HttpServletRequest request)

getAutoUserLoginId

public static java.lang.String getAutoUserLoginId(HttpServletRequest request)

getSecuredUserLoginId

public static java.lang.String getSecuredUserLoginId(HttpServletRequest request)

autoLoginCheck

public static java.lang.String autoLoginCheck(HttpServletRequest request,
                                              HttpServletResponse response)

autoLoginRemove

public static java.lang.String autoLoginRemove(HttpServletRequest request,
                                               HttpServletResponse response)

isUserLoggedIn

public static boolean isUserLoggedIn(HttpServletRequest request)

loginUserWithUserLoginId

public static java.lang.String loginUserWithUserLoginId(HttpServletRequest request,
                                                        HttpServletResponse response,
                                                        java.lang.String userLoginId)

This method will log in a user with only their username (userLoginId).

Parameters:

request -

response -

userLoginId -

Returns:

Returns "success" if user could be logged in or "error" if there was a problem.

checkRequestHeaderLogin

public static java.lang.String checkRequestHeaderLogin(HttpServletRequest request,
                                                       HttpServletResponse response)

checkServletRequestRemoteUserLogin

public static java.lang.String checkServletRequestRemoteUserLogin(HttpServletRequest request,
                                                                  HttpServletResponse response)

check509CertLogin

public static java.lang.String check509CertLogin(HttpServletRequest request,
                                                 HttpServletResponse response)

checkValidIssuer

protected static boolean checkValidIssuer(Delegator delegator,
                                          java.util.Map<java.lang.String,java.lang.String> x500Map,
                                          java.math.BigInteger serialNumber)
                                   throws GeneralException

Throws:

GeneralException

isFlaggedLoggedOut

public static boolean isFlaggedLoggedOut(GenericValue userLogin,
                                         Delegator delegator)

hasApplicationPermission

public static boolean hasApplicationPermission(ComponentConfig.WebappInfo info,
                                               Security security,
                                               GenericValue userLogin)

Returns true if the specified user is authorized to access the specified web application.

Parameters:

info -

security -

userLogin -

Returns:

true if the specified user is authorized to access the specified web application

hasBasePermission

public static boolean hasBasePermission(GenericValue userLogin,
                                        HttpServletRequest request)

getAppBarWebInfos

public static java.util.Collection<ComponentConfig.WebappInfo> getAppBarWebInfos(Security security,
                                                                                 GenericValue userLogin,
                                                                                 java.lang.String serverName,
                                                                                 java.lang.String menuName)

Returns a Collection of WebappInfo instances that the specified user is authorized to access.

Parameters:

security -

userLogin -

serverName -

menuName -

Returns:

A Collection WebappInfo instances that the specified user is authorized to access

getUserLoginSession

public static java.util.Map<java.lang.String,java.lang.Object> getUserLoginSession(GenericValue userLogin)

autoChangePassword

public static java.lang.String autoChangePassword(HttpServletRequest request,
                                                  HttpServletResponse response)

isUserLoginActive

public static boolean isUserLoginActive(GenericValue userLogin)

Return true if userLogin has not been disabled

Parameters:

userLogin -

Returns:

boolean