001 package com.bea.medrec.actions;
002
003 import com.bea.medrec.beans.PhysicianBean;
004 import com.bea.medrec.beans.UserBean;
005 import com.bea.medrec.utils.MedRecLog4jFactory;
006 import com.bea.medrec.utils.MedRecWebAppUtils;
007 import javax.servlet.http.HttpServletRequest;
008 import javax.servlet.http.HttpServletResponse;
009 import javax.servlet.http.HttpSession;
010 import org.apache.log4j.Logger;
011 import org.apache.struts.action.*;
012 import weblogic.servlet.security.ServletAuthentication;
013
014 import java.util.Locale;
015
016 /**
017 * Physician login controller. Handles all request during the login
018 * process. Currently no authentication done for the physician application.
019 *
020 * @author Copyright (c) 2006 by BEA Systems. All Rights Reserved.
021 */
022 public class PhysLoginAction extends BaseAction implements PhysicianConstants {
023
024 private static Logger logger =
025 MedRecLog4jFactory.getLogger(PhysLoginAction.class.getName());
026
027 /**
028 * <p>Process the specified HTTP request, and create the corresponding HTTP
029 * response (or forward to another web component that will create it).
030 * Return an <code>ActionForward</code> instance describing where and how
031 * control should be forwarded.
032 * <br>
033 * Handles incoming login requests.
034 * </p>
035 *
036 * @param mapping The ActionMapping used to select this instance
037 * @param form The optional ActionForm bean for this request (if any)
038 * @param request The HTTP request we are processing
039 * @param response The HTTP response we are creating
040 */
041 public ActionForward executeAction(ActionMapping mapping,
042 ActionForm form,
043 HttpServletRequest request,
044 HttpServletResponse response)
045 throws Exception {
046 // Set user's locale.
047 setupLocale(request);
048
049 // Declare and initial local variables.
050 UserBean user = (UserBean) form;
051 String action = request.getParameter(ACTION);
052 String loginSubmit = null;
053
054 // Cancel login. Redirect to start page.
055 if (isCancelled(request)) {
056 logger.info("Cancel login.");
057 form.reset(mapping, request);
058 ServletAuthentication.invalidateAll(request);
059 // Return to MedRec start page.
060 return new ActionForward("medrec.startpage", true);
061 }
062
063 // Login processing.
064 loginSubmit = getMessage(request, "button.Login");
065 logger.debug("Action: " + action);
066 logger.debug("Button Message: " + loginSubmit);
067 if (MedRecWebAppUtils.isNotEmpty(action) && action.equals(loginSubmit)) {
068 try {
069 return authenticate(user, mapping, request, response);
070 } catch (Exception e) {
071 throwClientException(e, mapping, "login.home.redirect");
072 }
073 }
074
075 // First time thru.
076 return mapping.findForward("login.home");
077 }
078
079 /**
080 * <p>This method authenticates a given user containg a username and password.
081 * Since MedRec contains an Admin and Patient appplication and
082 * each application has its own specific authentication provider. The Admin
083 * application uses WebLogic's DefaultAuthenticator which stores usernames
084 * and passwords within an LDAP database.</p>
085 */
086 private ActionForward authenticate(UserBean user,
087 ActionMapping mapping,
088 HttpServletRequest request,
089 HttpServletResponse response)
090 throws Exception {
091
092 // Declare local variables.
093 ActionForward forward = null;
094
095 Locale currentLocale = this.getLocale(request);
096 ServletAuthentication.invalidateAll(request);
097 setLocale(request, currentLocale);
098
099 // Returns an int value for AUTHENTICATED or FAILED_AUTHENTICATION
100 // after using the username and password to authenticate the user
101 // and setting that user information into the session.
102 int auth = ServletAuthentication.weak(user.getUsername(),
103 user.getPassword(), request, response);
104
105 // Check auth return value.
106 if (auth == ServletAuthentication.AUTHENTICATED) {
107 logger.info("Authentication success!");
108
109 // Create new session.
110 HttpSession session = request.getSession(true);
111
112 // Set user on session to be used throughout the app.
113 // Hardcoding name. User lookup functionality has been intentionally
114 // left out of the physician application.
115 PhysicianBean physician = new PhysicianBean("Mary", "Blige", user.getUsername());
116 session.setAttribute(PHYSICIAN_BEAN, physician);
117
118 forward = getRedirectPage(request, mapping);
119 } else {
120 logger.info("Authentication failed!");
121
122 // Reset login values.
123 user.reset();
124
125 // Create action error - invalid username and/or password.
126 ActionErrors errors = new ActionErrors();
127 errors.add("invalidLogin", new ActionError("invalid.username.password"));
128 saveErrors(request, errors);
129
130 // Set redirect to login page.
131 forward = mapping.findForward("login.failure");
132 }
133
134 // Log where we are going next.
135 logger.info("Redirecting to: " + forward.getPath());
136 return forward;
137 }
138 }
|