📄 onlineusermanager.java
字号:
/*
* $Header: /cvsroot/mvnforum/mvnforum/src/com/mvnforum/auth/OnlineUserManager.java,v 1.7 2004/03/23 12:43:06 minhnn Exp $
* $Author: minhnn $
* $Revision: 1.7 $
* $Date: 2004/03/23 12:43:06 $
*
* ====================================================================
*
* Copyright (C) 2002-2004 by MyVietnam.net
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or any later version.
*
* All copyright notices regarding mvnForum MUST remain intact
* in the scripts and in the outputted HTML.
* The "powered by" text/logo with a link back to
* http://www.mvnForum.com and http://www.MyVietnam.net in the
* footer of the pages MUST remain visible when the pages
* are viewed on the internet or intranet.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Support can be obtained from support forums at:
* http://www.mvnForum.com/mvnforum/index
*
* Correspondence and Marketing Questions can be sent to:
* info@MyVietnam.net
*
* @author: Minh Nguyen minhnn@MyVietnam.net
* @author: Mai Nguyen mai.nh@MyVietnam.net
*/
package com.mvnforum.auth;
import java.sql.Timestamp;
import java.util.*;
import javax.servlet.http.*;
import com.mvnforum.*;
import net.myvietnam.mvncore.exception.*;
import net.myvietnam.mvncore.security.FloodControl;
import net.myvietnam.mvncore.util.*;
public class OnlineUserManager {
private static final int REMOVE_INTERVAL = 2000; //update every 2 second
private static final String MVNFORUM_SESSION_USERNAME = "mvnforum.membername";
private static final String MVNFORUM_SESSION_PASSWORD = "mvnforum.encodedpassword";
private static final String MVNFORUM_COOKIE_USERNAME = "mvnforum.membername";
private static final String MVNFORUM_COOKIE_PASSWORD = "mvnforum.encodedpassword";
//static variable
private static OnlineUserManager instance = new OnlineUserManager();
//instance variable
private Map userMap = new TreeMap();
private long timeOfLastRemoveAction = 0;
private transient Vector onlineUserListeners;
private Authenticator authenticator = null;
private OnlineUserManager() {
}
public static OnlineUserManager getInstance() {
return instance;
}
public Authenticator getAuthenticator() {
return authenticator;
}
public void setAuthenticator(Authenticator authenticator) {
this.authenticator = authenticator;
}
/**
* MemberUtil method to be called from Processor.
* It assumes that to input parameters are
* MemberName for username
* MemberMatkhau for password
*/
public void processLogin(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException, AssertionException, DatabaseException, BadInputException, FloodException {
String memberName = ParamUtil.getParameter(request, "MemberName", true);
StringUtil.checkGoodName(memberName);// check for better security
String memberPassword = "";
String memberPasswordMD5 = ParamUtil.getParameter(request, "md5pw", false);
if (memberPasswordMD5.length() == 0 || (memberPasswordMD5.endsWith("==") == false)) {
// md5 is not valid, try to use unencoded password method
memberPassword = ParamUtil.getParameterPassword(request, "MemberMatkhau", 3, 0);
}
try {
// Control the login action, we dont want user to try too many login attempt
String currentIP = request.getRemoteAddr();
FloodControl.ensureNotReachMaximum(MVNForumGlobal.FLOOD_ID_LOGIN, currentIP);
FloodControl.increaseCount(MVNForumGlobal.FLOOD_ID_LOGIN, currentIP);
OnlineUser user = null;
if (memberPassword.length() > 0) {
// that is we cannot find the md5 password
user = login(request, response, memberName, memberPassword, false);
} else {
// have the md5, go ahead
user = login(request, response, memberName, memberPasswordMD5, true);
}
((OnlineUserImpl)user).setAuthenticationType(OnlineUser.AUTHENTICATION_TYPE_HTML_FORM);
} catch (AuthenticationException ex) {
if (ex.getReason() == NotLoginException.WRONG_PASSWORD) {
request.setAttribute("MemberName", memberName);// so user dont have to retype USER NAME
}
throw ex;
}
}
/**
* NOTE: This method MUST be the only way to authenticate a user
* NOTE: the parameter response can be equals null
*/
protected OnlineUser login(HttpServletRequest request, HttpServletResponse response,
String memberName, String memberPassword, boolean passwordEncoded)
throws AuthenticationException, DatabaseException, AssertionException {
try {
StringUtil.checkGoodName(memberName);
} catch (Exception ex) {
throw new AuthenticationException(ex.getMessage(), NotLoginException.WRONG_NAME);
}
String encodedPassword;
OnlineUser user;
if (passwordEncoded) {
encodedPassword = memberPassword;
user = ManagerFactory.getOnlineUserFactory().getAuthenticatedUser(request, response, memberName, encodedPassword, true);
} else {
encodedPassword = ManagerFactory.getOnlineUserFactory().getEncodedPassword(memberName, memberPassword);
//user = ManagerFactory.getOnlineUserFactory().getAuthenticatedUser(request, response, memberName, memberPassword, false);
user = ManagerFactory.getOnlineUserFactory().getAuthenticatedUser(request, response, memberName, encodedPassword, true);
}
HttpSession session = request.getSession();
String sessionID = session.getId();
setOnlineUser(sessionID, user);
// now save the login info in the session only if we support
// encoded passwords
if (null != encodedPassword) {
session.setAttribute(MVNFORUM_SESSION_USERNAME, memberName);
session.setAttribute(MVNFORUM_SESSION_PASSWORD, encodedPassword);
}
boolean fromLoginPage = ParamUtil.getParameterBoolean(request, "FromLoginPage");
if ( fromLoginPage && (response != null) ) {
manageAutoLogin(memberName, encodedPassword, request, response);
}
return user;
}
protected void manageAutoLogin(String memberName, String encodedPassword,
HttpServletRequest request, HttpServletResponse response) {
boolean autoLogin = ParamUtil.getParameterBoolean(request, "AutoLogin");
if (autoLogin) {
int autoLoginExpire = (60 * 60 * 24) * 1; // 1 day
try {
autoLoginExpire = ParamUtil.getParameterInt(request, "AutoLoginExpire");
} catch (Exception ex) {
// do nothing
}
Cookie nameCookie = new Cookie(MVNFORUM_COOKIE_USERNAME, memberName);
nameCookie.setMaxAge(autoLoginExpire);
nameCookie.setPath("/");
Cookie passwordCookie = new Cookie(MVNFORUM_COOKIE_PASSWORD, encodedPassword);
passwordCookie.setMaxAge(autoLoginExpire);
passwordCookie.setPath("/");
response.addCookie(nameCookie);
response.addCookie(passwordCookie);
}
}
public void logout(HttpServletRequest request, HttpServletResponse response)
throws DatabaseException, AssertionException {
HttpSession session = request.getSession();
String sessionID = session.getId();
OnlineUser user = null;
if (authenticator == null) {
// temporary hack, if no authenticator has been set,
// then we use the old method
// @todo: more thought on this later
user = ManagerFactory.getOnlineUserFactory().getAnonymousUser(request);
}
setOnlineUser(sessionID, user);
ManagerFactory.getOnlineUserFactory().logout(request, response);
// now always clear the session information
session.setAttribute(MVNFORUM_SESSION_USERNAME, null);
session.setAttribute(MVNFORUM_SESSION_PASSWORD, null);
}
public void deleteCookie(HttpServletRequest request, HttpServletResponse response)
throws DatabaseException, AssertionException {
Cookie nameCookie = new Cookie(MVNFORUM_COOKIE_USERNAME, "");
nameCookie.setMaxAge(0);// delete this cookie
Cookie passwordCookie = new Cookie(MVNFORUM_COOKIE_PASSWORD, "");
passwordCookie.setMaxAge(0);// delete this cookie
response.addCookie(nameCookie);
response.addCookie(passwordCookie);
}
public OnlineUser getOnlineUser(HttpServletRequest request)
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -