001 package com.bea.medrec.actions;
002
003 import com.bea.medrec.beans.PatientBean;
004 import com.bea.medrec.beans.UserBean;
005 import com.bea.medrec.utils.ClientException;
006 import com.bea.medrec.utils.ErrorConstants;
007 import com.bea.medrec.utils.MedRecLog4jFactory;
008 import com.bea.medrec.utils.MedRecWebAppUtils;
009 import com.bea.medrec.value.Patient;
010 import javax.servlet.http.HttpServletRequest;
011 import javax.servlet.http.HttpServletResponse;
012 import javax.servlet.http.HttpSession;
013 import org.apache.log4j.Logger;
014 import org.apache.struts.action.*;
015 import weblogic.servlet.security.ServletAuthentication;
016
017 import java.util.Locale;
018
019 /**
020 * <p>Login controller. Handles all request during the login
021 * process.</p>
022 *
023 * @author Copyright (c) 2005 by BEA Systems. All Rights Reserved.
024 */
025 public class LoginAction extends PatientBaseAction {
026
027 private static Logger logger = MedRecLog4jFactory.getLogger(LoginAction.class.getName());
028
029 /**
030 * <p>Process the specified HTTP request, and create the corresponding HTTP
031 * response (or forward to another web component that will create it).
032 * Return an <code>ActionForward</code> instance describing where and how
033 * control should be forwarded.
034 * <br>
035 * Handles incoming login requests.
036 * </p>
037 *
038 * @param mapping The ActionMapping used to select this instance
039 * @param form The optional ActionForm bean for this request (if any)
040 * @param request The HTTP request we are processing
041 * @param response The HTTP response we are creating
042 */
043 public ActionForward executeAction(ActionMapping mapping,
044 ActionForm form,
045 HttpServletRequest request,
046 HttpServletResponse response)
047 throws Exception {
048 // Set user's locale.
049 setupLocale(request);
050
051 // Declare and initial local variables.
052 UserBean user = (UserBean) form;
053 String action = request.getParameter(ACTION);
054 String loginSubmit = null;
055
056 // Cancel login. Redirect to start page.
057 if (isCancelled(request)) {
058 logger.info("Cancel login.");
059 form.reset(mapping, request);
060 // Return to MedRec start page.
061 return new ActionForward("medrec.startpage", true);
062 }
063
064 // Login processing.
065 loginSubmit = getMessage(request, "button.Login");
066 logger.debug("Action: " + action);
067 logger.debug("Button Message: " + loginSubmit);
068 if (isNotEmpty(action) && action.equals(loginSubmit)) {
069 try {
070 // Process login.
071 return authenticate(user, mapping, request, response);
072 } catch (Exception e) {
073 throwClientException(e, mapping, "login.home.redirect");
074 }
075 }
076
077 // First time thru.
078 return mapping.findForward("login.home");
079 }
080
081 /**
082 * <p>This method authenticates a given user containg a username and password.
083 * Since MedRec contains an Admin and Patient appplication and
084 * each application has its own specific authentication provider,
085 * authentication is a two step process. The first step the server validates
086 * the username and password by using a authentication provider. The
087 * second step checks that meta-data is found within MedRec's database.</p>
088 */
089 private ActionForward authenticate(UserBean user,
090 ActionMapping mapping,
091 HttpServletRequest request,
092 HttpServletResponse response)
093 throws Exception {
094
095 // Delcare local variables.
096 ActionForward forward = null;
097
098 Locale currentLocale = this.getLocale(request);
099 ServletAuthentication.invalidateAll(request);
100 setLocale(request, currentLocale);
101
102 // Returns an int value for AUTHENTICATED or FAILED_AUTHENTICATION
103 // after using the username and password to authenticate the user
104 // and setting that user information into the session.
105 int auth = ServletAuthentication.weak(user.getUsername(),
106 user.getPassword(), request, response);
107
108 // check auth return value
109 if (auth == ServletAuthentication.AUTHENTICATED
110 && request.isUserInRole(PATIENT_ROLE)) {
111 logger.info("Login found.");
112 logger.info("Looking up user data.");
113
114 // Retrieve patient properties.
115 Patient patient =
116 getPatientSession().findPatientByEmail(user.getUsername());
117
118 // Patient user found, but no meta-data found.
119 // Disallow login.
120 if (patient == null) {
121 ServletAuthentication.invalidateAll(request);
122 throw new ClientException(ErrorConstants.PATIENT_NOT_FOUND);
123 }
124
125 logger.info("Authentication success!");
126
127 // Create new session.
128 HttpSession session = request.getSession(true);
129
130 // Set user on session to be used throughout the app.
131 session.setAttribute(PATIENT_BEAN, new PatientBean(patient));
132
133 // Determine redirection.
134 forward = forward = getRedirectPage(request, mapping);
135 } else {
136 logger.debug("Authentication failed!");
137
138 // Reset login values.
139 user.reset();
140
141 // Create action error - invalid username and/or password.
142 ActionErrors errors = new ActionErrors();
143 errors.add("invalidLogin", new ActionError("invalid.username.password"));
144 saveErrors(request, errors);
145
146 // Return back to login page.
147 forward = mapping.findForward("login.failure");
148 }
149
150 // Log where we are going next.
151 logger.info("Redirecting to: " + forward.getPath());
152
153 return forward;
154 }
155 }
|