Package org.apache.ofbiz.webapp.control

Class LoginWorker

java.lang.Object

org.apache.ofbiz.webapp.control.LoginWorker

public final class LoginWorker
extends Object

Common Workers

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	LoginWorker()

Method Summary

Modifier and Type	Method	Description
static String	autoChangePassword(HttpServletRequest request, HttpServletResponse response)
static String	autoLoginCheck(HttpServletRequest request, HttpServletResponse response)
static String	autoLoginRemove(HttpServletRequest request, HttpServletResponse response)
static String	autoLoginSet(HttpServletRequest request, HttpServletResponse response)
static String	check509CertLogin(HttpServletRequest request, HttpServletResponse response)
static GenericValue	checkImpersonationInProcess(HttpServletRequest request, HttpServletResponse response)	Return the active GenericValue of a current impersonation UserLoginHistory of current userLogin session, only if not the impersonator himself.
static String	checkLogin(HttpServletRequest request, HttpServletResponse response)	An HTTP WebEvent handler that checks to see is a userLogin is logged in.
static GenericValue	checkLogout(HttpServletRequest request, HttpServletResponse response)
static String	checkRequestHeaderLogin(HttpServletRequest request, HttpServletResponse response)
static String	checkServletRequestRemoteUserLogin(HttpServletRequest request, HttpServletResponse response)
protected static boolean	checkValidIssuer(Delegator delegator, Map<String,String> x500Map, BigInteger serialNumber)
static void	createSecuredLoginIdCookie(HttpServletRequest request, HttpServletResponse response)
static String	depersonateLogin(HttpServletRequest request, HttpServletResponse response)	An HTTP WebEvent handler to reverse an impersonate login.
static void	doBasicLogin(GenericValue userLogin, HttpServletRequest request, HttpServletResponse response)
static void	doBasicLogout(GenericValue userLogin, HttpServletRequest request, HttpServletResponse response)
static String	doMainLogin(HttpServletRequest request, HttpServletResponse response, GenericValue userLogin, Map<String,Object> userLoginSession)
static String	extensionCheckLogin(HttpServletRequest request, HttpServletResponse response)	This WebEvent allows for java 'services' to hook into the login path.
static String	extensionConnectLogin(HttpServletRequest request, HttpServletResponse response)	This WebEvent allows for java 'services' to hook into the login path.
static Collection<ComponentConfig.WebappInfo>	getAppBarWebInfos(Security security, GenericValue userLogin, String serverName, String menuName)	Returns a Collection of WebappInfo instances that the specified user is authorized to access.
protected static String	getAutoLoginCookieName(HttpServletRequest request)
static String	getAutoUserLoginId(HttpServletRequest request)
protected static String	getSecuredLoginIdCookieName(HttpServletRequest request)
static String	getSecuredUserLoginId(HttpServletRequest request)
static Map<String,Object>	getUserLoginSession(GenericValue userLogin)
static boolean	hasApplicationPermission(ComponentConfig.WebappInfo info, Security security, GenericValue userLogin)	Returns true if the specified user is authorized to access the specified web application.
static boolean	hasBasePermission(GenericValue userLogin, HttpServletRequest request)
static String	impersonateLogin(HttpServletRequest request, HttpServletResponse response)	An HTTP WebEvent handler to impersonate a given userLogin without using password.
static boolean	isFlaggedLoggedOut(GenericValue userLogin, Delegator delegator)
static boolean	isUserLoggedIn(HttpServletRequest request)
static boolean	isUserLoginActive(GenericValue userLogin)	Return true if userLogin has not been disabled
static String	login(HttpServletRequest request, HttpServletResponse response)	An HTTP WebEvent handler that logs in a userLogin.
static String	loginUserWithUserLoginId(HttpServletRequest request, HttpServletResponse response, String userLoginId)	This method will log in a user with only their username (userLoginId).
static String	logout(HttpServletRequest request, HttpServletResponse response)	An HTTP WebEvent handler that logs out a userLogin by clearing the session.
static StringUtil.StringWrapper	makeLoginUrl(HttpServletRequest request)
static StringUtil.StringWrapper	makeLoginUrl(HttpServletRequest request, String requestName)
static StringUtil.StringWrapper	makeLoginUrl(javax.servlet.jsp.PageContext pageContext)
static StringUtil.StringWrapper	makeLoginUrl(javax.servlet.jsp.PageContext pageContext, String requestName)
static void	setLoggedOut(String userLoginId, Delegator delegator)
protected static void	setWebContextObjects(HttpServletRequest request, HttpServletResponse response, Delegator delegator, LocalDispatcher dispatcher)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

LoginWorker

protected LoginWorker()

Method Details

makeLoginUrl

public static StringUtil.StringWrapper makeLoginUrl(javax.servlet.jsp.PageContext pageContext)

makeLoginUrl

public static StringUtil.StringWrapper makeLoginUrl(HttpServletRequest request)

makeLoginUrl

public static StringUtil.StringWrapper makeLoginUrl(javax.servlet.jsp.PageContext pageContext,
 String requestName)

makeLoginUrl

public static StringUtil.StringWrapper makeLoginUrl(HttpServletRequest request,
 String requestName)

setLoggedOut

public static void setLoggedOut(String userLoginId,
 Delegator delegator)

checkLogout

public static GenericValue checkLogout(HttpServletRequest request,
 HttpServletResponse response)

checkImpersonationInProcess

public static GenericValue checkImpersonationInProcess(HttpServletRequest request,
 HttpServletResponse response)

Return the active GenericValue of a current impersonation UserLoginHistory of current userLogin session, only if not the impersonator himself.

Parameters:

request - The HTTP request object for the current JSP or Servlet request.

response - The HTTP response object for the current JSP or Servlet request.

Returns:

GenericValue

extensionCheckLogin

public static String extensionCheckLogin(HttpServletRequest request,
 HttpServletResponse response)

This WebEvent allows for java 'services' to hook into the login path. This method loads all instances of LoginCheck, and calls the LoginCheck.associate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) method. The first implementation to return a non-null value gets that value returned to the caller. Returning "none" will abort processing, while anything else gets looked up in outer view dispatch. This event is called when the current request needs to have a validly logged in user; it is a wrapper around checkLogin(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse).

Parameters:

request - The HTTP request object for the current JSP or Servlet request.

response - The HTTP response object for the current JSP or Servlet request.

Returns:

String

extensionConnectLogin

public static String extensionConnectLogin(HttpServletRequest request,
 HttpServletResponse response)

This WebEvent allows for java 'services' to hook into the login path. This method loads all instances of LoginCheck, and calls the LoginCheck.check(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) method. The first implementation to return a non-null value gets that value returned to the caller. Returning "none" will abort processing, while anything else gets looked up in outer view dispatch; for preprocessors, only "success" makes sense.

Parameters:

request - The HTTP request object for the current JSP or Servlet request.

response - The HTTP response object for the current JSP or Servlet request.

Returns:

String

checkLogin

public static String checkLogin(HttpServletRequest request,
 HttpServletResponse response)

An HTTP WebEvent handler that checks to see is a userLogin is logged in. If not, the user is forwarded to the login page.

Parameters:

request - The HTTP request object for the current JSP or Servlet request.

response - The HTTP response object for the current JSP or Servlet request.

Returns:

String

login

public static String login(HttpServletRequest request,
 HttpServletResponse response)

An HTTP WebEvent handler that logs in a userLogin. This should run before the security check.

Parameters:

request - The HTTP request object for the current JSP or Servlet request.

response - The HTTP response object for the current JSP or Servlet request.

Returns:

Return a boolean which specifies whether or not the calling Servlet or JSP should generate its own content. This allows an event to override the default content.

impersonateLogin

public static String impersonateLogin(HttpServletRequest request,
 HttpServletResponse response)

An HTTP WebEvent handler to impersonate a given userLogin without using password. This should run before the security check.

Parameters:

request - The HTTP request object for the current JSP or Servlet request.

response - The HTTP response object for the current JSP or Servlet request.

Returns:

Return a boolean which specifies whether or not the calling Servlet or JSP should generate its own content. This allows an event to override the default content.

depersonateLogin

public static String depersonateLogin(HttpServletRequest request,
 HttpServletResponse response)

An HTTP WebEvent handler to reverse an impersonate login.

Parameters:

request - The HTTP request object for the current JSP or Servlet request.

response - The HTTP response object for the current JSP or Servlet request.

Returns:

Return a boolean which specifies whether or not the calling Servlet or JSP should generate its own content. This allows an event to override the default content.

setWebContextObjects

protected static void setWebContextObjects(HttpServletRequest request,
 HttpServletResponse response,
 Delegator delegator,
 LocalDispatcher dispatcher)

doMainLogin

public static String doMainLogin(HttpServletRequest request,
 HttpServletResponse response,
 GenericValue userLogin,
 Map<String,Object> userLoginSession)

doBasicLogin

public static void doBasicLogin(GenericValue userLogin,
 HttpServletRequest request,
 HttpServletResponse response)

logout

public static String logout(HttpServletRequest request,
 HttpServletResponse response)

An HTTP WebEvent handler that logs out a userLogin by clearing the session.

Parameters:

request - The HTTP request object for the current request.

response - The HTTP response object for the current request.

Returns:

Return a boolean which specifies whether or not the calling request should generate its own content. This allows an event to override the default content.

doBasicLogout

public static void doBasicLogout(GenericValue userLogin,
 HttpServletRequest request,
 HttpServletResponse response)

autoLoginSet

public static String autoLoginSet(HttpServletRequest request,
 HttpServletResponse response)

createSecuredLoginIdCookie

public static void createSecuredLoginIdCookie(HttpServletRequest request,
 HttpServletResponse response)

getAutoLoginCookieName

protected static String getAutoLoginCookieName(HttpServletRequest request)

getSecuredLoginIdCookieName

protected static String getSecuredLoginIdCookieName(HttpServletRequest request)

getAutoUserLoginId

public static String getAutoUserLoginId(HttpServletRequest request)

getSecuredUserLoginId

public static String getSecuredUserLoginId(HttpServletRequest request)

autoLoginCheck

public static String autoLoginCheck(HttpServletRequest request,
 HttpServletResponse response)

autoLoginRemove

public static String autoLoginRemove(HttpServletRequest request,
 HttpServletResponse response)

isUserLoggedIn

public static boolean isUserLoggedIn(HttpServletRequest request)

loginUserWithUserLoginId

public static String loginUserWithUserLoginId(HttpServletRequest request,
 HttpServletResponse response,
 String userLoginId)

This method will log in a user with only their username (userLoginId).

Parameters:

request -

response -

userLoginId -

Returns:

Returns "success" if user could be logged in or "error" if there was a problem.

checkRequestHeaderLogin

public static String checkRequestHeaderLogin(HttpServletRequest request,
 HttpServletResponse response)

checkServletRequestRemoteUserLogin

public static String checkServletRequestRemoteUserLogin(HttpServletRequest request,
 HttpServletResponse response)

check509CertLogin

public static String check509CertLogin(HttpServletRequest request,
 HttpServletResponse response)

checkValidIssuer

protected static boolean checkValidIssuer(Delegator delegator,
 Map<String,String> x500Map,
 BigInteger serialNumber)
                                   throws GeneralException

Throws:

GeneralException

isFlaggedLoggedOut

public static boolean isFlaggedLoggedOut(GenericValue userLogin,
 Delegator delegator)

hasApplicationPermission

public static boolean hasApplicationPermission(ComponentConfig.WebappInfo info,
 Security security,
 GenericValue userLogin)

Returns true if the specified user is authorized to access the specified web application.

Parameters:

info -

security -

userLogin -

Returns:

true if the specified user is authorized to access the specified web application

hasBasePermission

public static boolean hasBasePermission(GenericValue userLogin,
 HttpServletRequest request)

getAppBarWebInfos

public static Collection<ComponentConfig.WebappInfo> getAppBarWebInfos(Security security,
 GenericValue userLogin,
 String serverName,
 String menuName)

Returns a Collection of WebappInfo instances that the specified user is authorized to access.

Parameters:

security -

userLogin -

serverName -

menuName -

Returns:

A Collection WebappInfo instances that the specified user is authorized to access

getUserLoginSession

public static Map<String,Object> getUserLoginSession(GenericValue userLogin)

autoChangePassword

public static String autoChangePassword(HttpServletRequest request,
 HttpServletResponse response)

isUserLoginActive

public static boolean isUserLoginActive(GenericValue userLogin)

Return true if userLogin has not been disabled

Parameters:

userLogin -

Returns:

boolean