loginaction.java

我在加拿大学习的一个比较复杂的在线银行程序.

package com.ebusiness.ebank.action;

import java.util.*;

import org.apache.log4j.Logger;

//import netscape.ldap.LDAPException;

//import javax.rmi.PortableRemoteObject;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import javax.security.auth.callback.CallbackHandler;

import org.apache.struts.Globals;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionError;
import org.apache.struts.action.ActionErrors;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;

import weblogic.security.SimpleCallbackHandler;
import weblogic.security.services.Authentication;
import weblogic.servlet.security.ServletAuthentication;

import com.ebusiness.ebank.form.LoginForm;
//import com.ebusiness.ebank.encryption.StringEncrypter;
import com.ebusiness.ebank.util.Constants;
import com.ebusiness.ebank.log.AuditLogger;
import com.ebusiness.ebank.security.*;
import com.ebusiness.ebank.exception.SystemException;

public class LoginAction extends Action
{
    private Logger log = Logger.getLogger(this.getClass());

    public ActionForward execute(ActionMapping        mapping,
                                 ActionForm           form,
                                 HttpServletRequest   request,
                                 HttpServletResponse  response)
           throws ServletException
    {
        LoginForm loginForm = (LoginForm)form;
        String mapforward = loginForm.getAction();
        String username = loginForm.getUserName();
        String password = loginForm.getPassword();
        HttpSession session = request.getSession();
        //session.setAttribute("username",username);
        ActionErrors errors = new ActionErrors();
        AuditLogger audit = new AuditLogger(this.log,
                        username,
                        "Sign In", "eBusiness Online Banking");
        String failedReason = "";
        String status = "Successful";

        try
        {
            CallbackHandler handler = new SimpleCallbackHandler(username,password);
            Subject mySubject =  Authentication.login(handler);
            ServletAuthentication.runAs(mySubject,request);

            UserProfile profile = UserContainer.getUserProfile(request);
            session.setAttribute(Constants.USER_ID, username);
            session.setAttribute(Globals.LOCALE_KEY, new Locale(profile.getUserLanguagePreference()));
        }
        catch (SystemException se)
        {
            status = "Failure";
            failedReason = "SystemException: " + se.getMessage();
            log.error("Failed to get UserProfile.", se);
        }
        catch(LoginException le)
        {
            status = "Failure";
            failedReason = username + " is failed to authenticate";
        }
        catch (Exception e)
        {
            status = "Failure";
            failedReason = "SystemException: " + e.getMessage();
            log.error("Failed to get UserProfile.", e);
        }
        String auditValue = " Client IP address: " + request.getRemoteAddr();
        auditValue += "  User Agent: " + request.getHeader("user-agent");
        audit.setFailedReason(failedReason);
        audit.setStatus(status);
        audit.log(auditValue);
        if (status.equals("Failure"))
        {
            ActionError error = new ActionError("error.login.incorrectusernamepassword");
            errors.add(ActionErrors.GLOBAL_ERROR,error);
            saveErrors(request,errors);
        }
        return mapping.findForward(status);
    }
}