001 package com.bea.medrec.actions;
002
003 import com.bea.medrec.value.*;
004 import com.bea.medrec.entities.*;
005 import com.bea.medrec.beans.PatientBean;
006 import com.bea.medrec.beans.UserBean;
007 import com.bea.medrec.utils.ClientException;
008 import com.bea.medrec.utils.ErrorConstants;
009 import com.bea.medrec.utils.MedRecLog4jFactory;
010 import com.bea.medrec.utils.MedRecWebAppUtils;
011 import com.bea.medrec.value.Patient;
012 import javax.ejb.FinderException;
013 import javax.servlet.http.HttpServletRequest;
014 import javax.servlet.http.HttpServletResponse;
015 import javax.servlet.http.HttpSession;
016 import org.apache.log4j.Logger;
017 import org.apache.struts.action.*;
018 import weblogic.servlet.security.ServletAuthentication;
019
020 import java.util.Locale;
021
022 /**
023 * <p>Login controller. Handles all request during the login
024 * process.</p>
025 *
026 * @author Copyright (c) 2006 by BEA Systems. All Rights Reserved.
027 */
028 public class LoginAction extends PatientBaseAction {
029
030 private static Logger logger = MedRecLog4jFactory.getLogger(LoginAction.class.getName());
031
032 /**
033 * <p>Process the specified HTTP request, and create the corresponding HTTP
034 * response (or forward to another web component that will create it).
035 * Return an <code>ActionForward</code> instance describing where and how
036 * control should be forwarded.
037 * <br>
038 * Handles incoming login requests.
039 * </p>
040 *
041 * @param mapping The ActionMapping used to select this instance
042 * @param form The optional ActionForm bean for this request (if any)
043 * @param request The HTTP request we are processing
044 * @param response The HTTP response we are creating
045 */
046 public ActionForward executeAction(ActionMapping mapping,
047 ActionForm form,
048 HttpServletRequest request,
049 HttpServletResponse response)
050 throws Exception {
051 // Set user's locale.
052 setupLocale(request);
053
054 // Declare and initial local variables.
055 UserBean user = (UserBean) form;
056 String action = request.getParameter(ACTION);
057 String loginSubmit = null;
058
059 // Cancel login. Redirect to start page.
060 if (isCancelled(request)) {
061 logger.info("Cancel login.");
062 form.reset(mapping, request);
063 // Return to MedRec start page.
064 return new ActionForward("medrec.startpage", true);
065 }
066
067 // Login processing.
068 loginSubmit = getMessage(request, "button.Login");
069 logger.debug("Action: " + action);
070 logger.debug("Button Message: " + loginSubmit);
071 if (isNotEmpty(action) && action.equals(loginSubmit)) {
072 try {
073 // Process login.
074 return authenticate(user, mapping, request, response);
075 } catch (Exception e) {
076 throwClientException(e, mapping, "login.home.redirect");
077 }
078 }
079
080 // First time thru.
081 return mapping.findForward("login.home");
082 }
083
084 /**
085 * <p>This method authenticates a given user containg a username and password.
086 * Since MedRec contains an Admin and Patient appplication and
087 * each application has its own specific authentication provider,
088 * authentication is a two step process. The first step the server validates
089 * the username and password by using a authentication provider. The
090 * second step checks that meta-data is found within MedRec's database.</p>
091 */
092 private ActionForward authenticate(UserBean user,
093 ActionMapping mapping,
094 HttpServletRequest request,
095 HttpServletResponse response)
096 throws Exception {
097
098 // Delcare local variables.
099 ActionForward forward = null;
100
101 Locale currentLocale = this.getLocale(request);
102 ServletAuthentication.invalidateAll(request);
103 setLocale(request, currentLocale);
104
105 // Returns an int value for AUTHENTICATED or FAILED_AUTHENTICATION
106 // after using the username and password to authenticate the user
107 // and setting that user information into the session.
108 int auth = ServletAuthentication.weak(user.getUsername(),
109 user.getPassword(), request, response);
110
111 // check auth return value
112 if (auth == ServletAuthentication.AUTHENTICATED
113 && request.isUserInRole(PATIENT_ROLE)) {
114 logger.info("Login found.");
115 logger.info("Looking up user data.");
116
117 // Retrieve patient properties.
118 Patient patient =
119 getPatientSession().findPatientByEmail(user.getUsername());
120
121 // Patient user found, but no meta-data found.
122 // Disallow login.
123 if (patient == null) {
124 ServletAuthentication.invalidateAll(request);
125 throw new ClientException(ErrorConstants.PATIENT_NOT_FOUND);
126 }
127
128 logger.info("Authentication success!");
129
130 // Create new session.
131 HttpSession session = request.getSession(true);
132
133 // Set user on session to be used throughout the app.
134 session.setAttribute(PATIENT_BEAN, new PatientBean(patient));
135
136 // Determine redirection.
137 forward = forward = getRedirectPage(request, mapping);
138 } else {
139 User userLocal = null;
140 String userStatus = null;
141 try {
142 userLocal = getAdminSession().getUserByUsername(user.getUsername());
143 }catch (FinderException ex){
144 logger.debug("Can't find the user with the given username " + user.getUsername());
145 userStatus = "NOT EXISTED";
146 }
147 if (userLocal != null)userStatus = userLocal.getStatus();
148 logger.debug("Status is " + userStatus);
149 if (userStatus.equals("NEW")){
150 logger.debug("Not yet approved by admin!");
151 // Create action error - User not yet approved.
152 ActionErrors errors = new ActionErrors();
153 errors.add("invalidLogin", new ActionError("invalid.user"));
154 saveErrors(request, errors);
155 // Return back to login page.
156 forward = mapping.findForward("login.failure");
157 } else if (userStatus.equals("DENIED")){
158 logger.debug("Registration denied by admin!");
159 // Create action error - User registration denied.
160 ActionErrors errors = new ActionErrors();
161 errors.add("invalidLogin", new ActionError("denied.user"));
162 saveErrors(request, errors);
163 // Return back to login page.
164 forward = mapping.findForward("login.failure");
165 } else {
166 logger.debug("Authentication failed!");
167
168 // Reset login values.
169 user.reset();
170
171 // Create action error - invalid username and/or password.
172 ActionErrors errors = new ActionErrors();
173 errors.add("invalidLogin", new ActionError("invalid.username.password"));
174 saveErrors(request, errors);
175
176 // Return back to login page.
177 forward = mapping.findForward("login.failure");
178 }
179 }
180
181 // Log where we are going next.
182 logger.info("Redirecting to: " + forward.getPath());
183
184 return forward;
185 }
186 }
|