Package org.apache.ofbiz.webapp.control
Class LoginWorker
- java.lang.Object
-
- org.apache.ofbiz.webapp.control.LoginWorker
-
- Direct Known Subclasses:
LdapLoginWorker
,OFBizSolrLoginWorker
public class LoginWorker extends java.lang.Object
Common Workers
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
module
static java.lang.String
resourceWebapp
static java.lang.String
securityProperties
static java.lang.String
X509_CERT_ATTR
-
Constructor Summary
Constructors Constructor Description LoginWorker()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static java.lang.String
autoChangePassword(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
static java.lang.String
autoLoginCheck(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
static java.lang.String
autoLoginRemove(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
static java.lang.String
autoLoginSet(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
static java.lang.String
check509CertLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
static GenericValue
checkImpersonationInProcess(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Return the activeGenericValue
of a current impersonation UserLoginHistory of current userLogin session, only if not the impersonator himself.static java.lang.String
checkLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
An HTTP WebEvent handler that checks to see is a userLogin is logged in.static GenericValue
checkLogout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
static java.lang.String
checkRequestHeaderLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
static java.lang.String
checkServletRequestRemoteUserLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
protected static boolean
checkValidIssuer(Delegator delegator, java.util.Map<java.lang.String,java.lang.String> x500Map, java.math.BigInteger serialNumber)
static void
createSecuredLoginIdCookie(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
static java.lang.String
depersonateLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
An HTTP WebEvent handler to reverse an impersonate login.static void
doBasicLogin(GenericValue userLogin, javax.servlet.http.HttpServletRequest request)
static void
doBasicLogout(GenericValue userLogin, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
static java.lang.String
doMainLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, GenericValue userLogin, java.util.Map<java.lang.String,java.lang.Object> userLoginSession)
static java.lang.String
extensionCheckLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
This WebEvent allows for java 'services' to hook into the login path.static java.lang.String
extensionConnectLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
This WebEvent allows for java 'services' to hook into the login path.static java.util.Collection<ComponentConfig.WebappInfo>
getAppBarWebInfos(Security security, GenericValue userLogin, java.lang.String serverName, java.lang.String menuName)
Returns aCollection
ofWebappInfo
instances that the specified user is authorized to access.protected static java.lang.String
getAutoLoginCookieName(javax.servlet.http.HttpServletRequest request)
static java.lang.String
getAutoUserLoginId(javax.servlet.http.HttpServletRequest request)
protected static java.lang.String
getSecuredLoginIdCookieName(javax.servlet.http.HttpServletRequest request)
static java.lang.String
getSecuredUserLoginId(javax.servlet.http.HttpServletRequest request)
static java.util.Map<java.lang.String,java.lang.Object>
getUserLoginSession(GenericValue userLogin)
static boolean
hasApplicationPermission(ComponentConfig.WebappInfo info, Security security, GenericValue userLogin)
Returnstrue
if the specified user is authorized to access the specified web application.static boolean
hasBasePermission(GenericValue userLogin, javax.servlet.http.HttpServletRequest request)
static java.lang.String
impersonateLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
An HTTP WebEvent handler to impersonate a given userLogin without using password.static boolean
isFlaggedLoggedOut(GenericValue userLogin, Delegator delegator)
static boolean
isUserLoggedIn(javax.servlet.http.HttpServletRequest request)
static boolean
isUserLoginActive(GenericValue userLogin)
Return true if userLogin has not been disabledstatic java.lang.String
login(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
An HTTP WebEvent handler that logs in a userLogin.static java.lang.String
loginUserWithUserLoginId(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String userLoginId)
This method will log in a user with only their username (userLoginId).static java.lang.String
logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
An HTTP WebEvent handler that logs out a userLogin by clearing the session.static StringUtil.StringWrapper
makeLoginUrl(javax.servlet.http.HttpServletRequest request)
static StringUtil.StringWrapper
makeLoginUrl(javax.servlet.http.HttpServletRequest request, java.lang.String requestName)
static StringUtil.StringWrapper
makeLoginUrl(javax.servlet.jsp.PageContext pageContext)
static StringUtil.StringWrapper
makeLoginUrl(javax.servlet.jsp.PageContext pageContext, java.lang.String requestName)
static void
setLoggedOut(java.lang.String userLoginId, Delegator delegator)
protected static void
setWebContextObjects(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Delegator delegator, LocalDispatcher dispatcher)
-
-
-
Field Detail
-
module
public static final java.lang.String module
-
resourceWebapp
public static final java.lang.String resourceWebapp
- See Also:
- Constant Field Values
-
X509_CERT_ATTR
public static final java.lang.String X509_CERT_ATTR
- See Also:
- Constant Field Values
-
securityProperties
public static final java.lang.String securityProperties
- See Also:
- Constant Field Values
-
-
Method Detail
-
makeLoginUrl
public static StringUtil.StringWrapper makeLoginUrl(javax.servlet.jsp.PageContext pageContext)
-
makeLoginUrl
public static StringUtil.StringWrapper makeLoginUrl(javax.servlet.http.HttpServletRequest request)
-
makeLoginUrl
public static StringUtil.StringWrapper makeLoginUrl(javax.servlet.jsp.PageContext pageContext, java.lang.String requestName)
-
makeLoginUrl
public static StringUtil.StringWrapper makeLoginUrl(javax.servlet.http.HttpServletRequest request, java.lang.String requestName)
-
setLoggedOut
public static void setLoggedOut(java.lang.String userLoginId, Delegator delegator)
-
checkLogout
public static GenericValue checkLogout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
-
checkImpersonationInProcess
public static GenericValue checkImpersonationInProcess(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Return the activeGenericValue
of a current impersonation UserLoginHistory of current userLogin session, only if not the impersonator himself.- Parameters:
request
- The HTTP request object for the current JSP or Servlet request.response
- The HTTP response object for the current JSP or Servlet request.- Returns:
- GenericValue
-
extensionCheckLogin
public static java.lang.String extensionCheckLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
This WebEvent allows for java 'services' to hook into the login path. This method loads all instances ofLoginCheck
, and calls theLoginCheck.associate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
method. The first implementation to return a non-null value gets that value returned to the caller. Returning "none" will abort processing, while anything else gets looked up in outer view dispatch. This event is called when the current request needs to have a validly logged in user; it is a wrapper aroundcheckLogin(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
.- Parameters:
request
- The HTTP request object for the current JSP or Servlet request.response
- The HTTP response object for the current JSP or Servlet request.- Returns:
- String
-
extensionConnectLogin
public static java.lang.String extensionConnectLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
This WebEvent allows for java 'services' to hook into the login path. This method loads all instances ofLoginCheck
, and calls theLoginCheck.check(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
method. The first implementation to return a non-null value gets that value returned to the caller. Returning "none" will abort processing, while anything else gets looked up in outer view dispatch; for preprocessors, only "success" makes sense.- Parameters:
request
- The HTTP request object for the current JSP or Servlet request.response
- The HTTP response object for the current JSP or Servlet request.- Returns:
- String
-
checkLogin
public static java.lang.String checkLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
An HTTP WebEvent handler that checks to see is a userLogin is logged in. If not, the user is forwarded to the login page.- Parameters:
request
- The HTTP request object for the current JSP or Servlet request.response
- The HTTP response object for the current JSP or Servlet request.- Returns:
- String
-
login
public static java.lang.String login(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
An HTTP WebEvent handler that logs in a userLogin. This should run before the security check.- Parameters:
request
- The HTTP request object for the current JSP or Servlet request.response
- The HTTP response object for the current JSP or Servlet request.- Returns:
- Return a boolean which specifies whether or not the calling Servlet or JSP should generate its own content. This allows an event to override the default content.
-
impersonateLogin
public static java.lang.String impersonateLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
An HTTP WebEvent handler to impersonate a given userLogin without using password. This should run before the security check.- Parameters:
request
- The HTTP request object for the current JSP or Servlet request.response
- The HTTP response object for the current JSP or Servlet request.- Returns:
- Return a boolean which specifies whether or not the calling Servlet or JSP should generate its own content. This allows an event to override the default content.
-
depersonateLogin
public static java.lang.String depersonateLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
An HTTP WebEvent handler to reverse an impersonate login.- Parameters:
request
- The HTTP request object for the current JSP or Servlet request.response
- The HTTP response object for the current JSP or Servlet request.- Returns:
- Return a boolean which specifies whether or not the calling Servlet or JSP should generate its own content. This allows an event to override the default content.
-
setWebContextObjects
protected static void setWebContextObjects(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Delegator delegator, LocalDispatcher dispatcher)
-
doMainLogin
public static java.lang.String doMainLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, GenericValue userLogin, java.util.Map<java.lang.String,java.lang.Object> userLoginSession)
-
doBasicLogin
public static void doBasicLogin(GenericValue userLogin, javax.servlet.http.HttpServletRequest request)
-
logout
public static java.lang.String logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
An HTTP WebEvent handler that logs out a userLogin by clearing the session.- Parameters:
request
- The HTTP request object for the current request.response
- The HTTP response object for the current request.- Returns:
- Return a boolean which specifies whether or not the calling request should generate its own content. This allows an event to override the default content.
-
doBasicLogout
public static void doBasicLogout(GenericValue userLogin, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
-
autoLoginSet
public static java.lang.String autoLoginSet(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
-
createSecuredLoginIdCookie
public static void createSecuredLoginIdCookie(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
-
getAutoLoginCookieName
protected static java.lang.String getAutoLoginCookieName(javax.servlet.http.HttpServletRequest request)
-
getSecuredLoginIdCookieName
protected static java.lang.String getSecuredLoginIdCookieName(javax.servlet.http.HttpServletRequest request)
-
getAutoUserLoginId
public static java.lang.String getAutoUserLoginId(javax.servlet.http.HttpServletRequest request)
-
getSecuredUserLoginId
public static java.lang.String getSecuredUserLoginId(javax.servlet.http.HttpServletRequest request)
-
autoLoginCheck
public static java.lang.String autoLoginCheck(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
-
autoLoginRemove
public static java.lang.String autoLoginRemove(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
-
isUserLoggedIn
public static boolean isUserLoggedIn(javax.servlet.http.HttpServletRequest request)
-
loginUserWithUserLoginId
public static java.lang.String loginUserWithUserLoginId(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String userLoginId)
This method will log in a user with only their username (userLoginId).- Parameters:
request
-response
-userLoginId
-- Returns:
- Returns "success" if user could be logged in or "error" if there was a problem.
-
checkRequestHeaderLogin
public static java.lang.String checkRequestHeaderLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
-
checkServletRequestRemoteUserLogin
public static java.lang.String checkServletRequestRemoteUserLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
-
check509CertLogin
public static java.lang.String check509CertLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
-
checkValidIssuer
protected static boolean checkValidIssuer(Delegator delegator, java.util.Map<java.lang.String,java.lang.String> x500Map, java.math.BigInteger serialNumber) throws GeneralException
- Throws:
GeneralException
-
isFlaggedLoggedOut
public static boolean isFlaggedLoggedOut(GenericValue userLogin, Delegator delegator)
-
hasApplicationPermission
public static boolean hasApplicationPermission(ComponentConfig.WebappInfo info, Security security, GenericValue userLogin)
Returnstrue
if the specified user is authorized to access the specified web application.- Parameters:
info
-security
-userLogin
-- Returns:
true
if the specified user is authorized to access the specified web application
-
hasBasePermission
public static boolean hasBasePermission(GenericValue userLogin, javax.servlet.http.HttpServletRequest request)
-
getAppBarWebInfos
public static java.util.Collection<ComponentConfig.WebappInfo> getAppBarWebInfos(Security security, GenericValue userLogin, java.lang.String serverName, java.lang.String menuName)
Returns aCollection
ofWebappInfo
instances that the specified user is authorized to access.- Parameters:
security
-userLogin
-serverName
-menuName
-- Returns:
- A
Collection
WebappInfo
instances that the specified user is authorized to access
-
getUserLoginSession
public static java.util.Map<java.lang.String,java.lang.Object> getUserLoginSession(GenericValue userLogin)
-
autoChangePassword
public static java.lang.String autoChangePassword(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
-
isUserLoginActive
public static boolean isUserLoginActive(GenericValue userLogin)
Return true if userLogin has not been disabled- Parameters:
userLogin
-- Returns:
- boolean
-
-