001 package com.bea.medrec.actions;
002
003 import com.bea.medrec.beans.AdminBean;
004 import com.bea.medrec.beans.UserBean;
005 import com.bea.medrec.utils.MedRecLog4jFactory;
006 import com.bea.medrec.utils.MedRecWebAppUtils;
007 import javax.servlet.http.HttpServletRequest;
008 import javax.servlet.http.HttpServletResponse;
009 import javax.servlet.http.HttpSession;
010 import org.apache.log4j.Logger;
011 import org.apache.struts.action.*;
012 import weblogic.servlet.security.ServletAuthentication;
013
014 import java.util.Locale;
015
016 /**
017 * <p>Admin Login controller. Handles all request during the Admin login
018 * process.</p>
019 *
020 * @author Copyright (c) 2006 by BEA Systems. All Rights Reserved.
021 */
022 public class AdminLoginAction extends BaseAction implements AdminConstants {
023
024 private static Logger logger =
025 MedRecLog4jFactory.getLogger(AdminLoginAction.class.getName());
026
027 /**
028 * <p>Process the specified HTTP request, and create the corresponding HTTP
029 * response (or forward to another web component that will create it).
030 * Return an <code>ActionForward</code> instance describing where and how
031 * control should be forwarded.
032 * <br>
033 * Handles incoming login requests.
034 * </p>
035 *
036 * @param mapping The ActionMapping used to select this instance
037 * @param form The optional ActionForm bean for this request (if any)
038 * @param request The HTTP request we are processing
039 * @param response The HTTP response we are creating
040 */
041 public ActionForward executeAction(ActionMapping mapping,
042 ActionForm form,
043 HttpServletRequest request,
044 HttpServletResponse response)
045 throws Exception
046 {
047 // Set user's locale.
048 setupLocale(request);
049
050 // Declare and initial local variables.
051 UserBean user = (UserBean)form;
052 String action = request.getParameter(ACTION);
053 String loginSubmit = null;
054
055 // Cancel login. Redirect to start page.
056 if (isCancelled(request)) {
057 logger.info("Cancel login.");
058 form.reset(mapping, request);
059 ServletAuthentication.invalidateAll(request);
060 // Return to MedRec start page.
061 return new ActionForward("medrec.startpage", true);
062 }
063
064 // Login processing.
065 loginSubmit = getMessage(request, "button.Login");
066 logger.debug("Action: "+action);
067 logger.debug("Button Message: "+loginSubmit);
068 if (MedRecWebAppUtils.isNotEmpty(action) && action.equals(loginSubmit)) {
069 try {
070 return authenticate(user, mapping, request, response);
071 }
072 catch(Exception e) {
073 throwClientException(e,mapping,"login.home.redirect");
074 }
075 }
076
077 // First time thru.
078 return mapping.findForward("login.home");
079 }
080
081 /**
082 * <p>This method authenticates a given user containg a username and password.
083 * Since MedRec contains an Admin and Patient appplication and
084 * each application has its own specific authentication provider. The Admin
085 * application uses WebLogic's DefaultAuthenticator which stores usernames
086 * and passwords within an LDAP database.</p>
087 */
088 private ActionForward authenticate(UserBean user,
089 ActionMapping mapping,
090 HttpServletRequest request,
091 HttpServletResponse response)
092 throws Exception {
093
094 // Declare local variables.
095 ActionForward forward = null;
096
097 Locale currentLocale = this.getLocale(request);
098 ServletAuthentication.invalidateAll(request);
099 setLocale(request, currentLocale);
100
101 // Returns an int value for AUTHENTICATED or FAILED_AUTHENTICATION
102 // after using the username and password to authenticate the user
103 // and setting that user information into the session.
104 int auth = ServletAuthentication.weak(user.getUsername(),
105 user.getPassword(), request, response);
106
107 // Check auth return value.
108 if (auth == ServletAuthentication.AUTHENTICATED
109 && request.isUserInRole(MEDREC_ADMIN_ROLE)) {
110 logger.info("Authentication success!");
111
112 // Create new session.
113 HttpSession session = request.getSession(true);
114
115 // Set user on session to be used throughout the app.
116 AdminBean admin = new AdminBean(user.getUsername());
117 session.setAttribute(ADMIN_BEAN, admin);
118
119 forward = getRedirectPage(request, mapping);
120 }
121 else {
122 logger.info("Authentication failed!");
123
124 // Reset login values.
125 user.reset();
126
127 // Create action error - invalid username and/or password.
128 ActionErrors errors = new ActionErrors();
129 errors.add("invalidLogin", new ActionError("invalid.username.password"));
130 saveErrors(request, errors);
131
132 // Set redirect to login page.
133 forward = mapping.findForward("login.failure");
134 }
135
136 // Log where we are going next.
137 logger.info("Redirecting to: "+forward.getPath());
138 return forward;
139 }
140 }
|