📄 loginevents.java
字号:
// don't save password until after it has been sent
if (useEncryption) {
try {
supposedUserLogin.store();
} catch (GenericEntityException e) {
Debug.logWarning(e, "", module);
request.setAttribute("_ERROR_MESSAGE_", "<li>Error saving new password, the email that you receive will not have the correct password in it, your old password is still being used: " + e.toString());
return "error";
}
}
if (useEncryption) {
request.setAttribute("_EVENT_MESSAGE_", "A new password has been created and sent to you. Please check your Email.");
} else {
request.setAttribute("_EVENT_MESSAGE_", "Your password has been sent to you. Please check your Email.");
}
return "success";
}
protected static String getAutoLoginCookieName(HttpServletRequest request) {
return UtilHttp.getApplicationName(request) + ".autoUserLoginId";
}
public static String getAutoUserLoginId(HttpServletRequest request) {
String autoUserLoginId = null;
Cookie[] cookies = request.getCookies();
if (Debug.verboseOn()) Debug.logVerbose("Cookies:" + cookies, module);
if (cookies != null) {
for (int i = 0; i < cookies.length; i++) {
if (cookies[i].getName().equals(getAutoLoginCookieName(request))) {
autoUserLoginId = cookies[i].getValue();
break;
}
}
}
return autoUserLoginId;
}
public static String autoLoginCheck(HttpServletRequest request, HttpServletResponse response) {
GenericDelegator delegator = (GenericDelegator) request.getAttribute("delegator");
HttpSession session = request.getSession();
return autoLoginCheck(delegator, session, getAutoUserLoginId(request));
}
private static String autoLoginCheck(GenericDelegator delegator, HttpSession session, String autoUserLoginId) {
if (autoUserLoginId != null) {
Debug.logInfo("Running autoLogin check.", module);
try {
GenericValue autoUserLogin = delegator.findByPrimaryKey("UserLogin", UtilMisc.toMap("userLoginId", autoUserLoginId));
GenericValue person = null;
GenericValue group = null;
if (autoUserLogin != null) {
person = delegator.findByPrimaryKey("Person", UtilMisc.toMap("partyId", autoUserLogin.getString("partyId")));
group = delegator.findByPrimaryKey("PartyGroup", UtilMisc.toMap("partyId", autoUserLogin.getString("partyId")));
session.setAttribute("autoUserLogin", autoUserLogin);
}
if (person != null) {
session.setAttribute("autoName", person.getString("firstName") + " " + person.getString("lastName"));
} else if (group != null) {
session.setAttribute("autoName", group.getString("groupName"));
}
} catch (GenericEntityException e) {
Debug.logError(e, "Cannot get autoUserLogin information: " + e.getMessage(), module);
}
}
return "success";
}
public static String autoLoginSet(HttpServletRequest request, HttpServletResponse response) {
GenericDelegator delegator = (GenericDelegator) request.getAttribute("delegator");
HttpSession session = request.getSession();
GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);
autoLoginCookie.setPath("/");
response.addCookie(autoLoginCookie);
return autoLoginCheck(delegator, session, userLogin.getString("userLoginId"));
}
public static String autoLoginRemove(HttpServletRequest request, HttpServletResponse response) throws java.io.IOException {
HttpSession session = request.getSession();
GenericValue userLogin = (GenericValue) session.getAttribute("autoUserLogin");
// remove the cookie
if (userLogin != null) {
Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
autoLoginCookie.setMaxAge(0);
autoLoginCookie.setPath("/");
response.addCookie(autoLoginCookie);
}
// remove the session attributes
session.removeAttribute("autoUserLogin");
session.removeAttribute("autoName");
// logout the user if logged in.
if (session.getAttribute("userLogin") != null) {
request.setAttribute("_AUTO_LOGIN_LOGOUT_", new Boolean(true));
return logout(request, response);
}
return "success";
}
/**
* Gets (and creates if necessary) a key to be used for an external login parameter
*/
public static String getExternalLoginKey(HttpServletRequest request) {
Debug.logInfo("Running getExternalLoginKey, externalLoginKeys.size=" + externalLoginKeys.size(), module);
GenericValue userLogin = (GenericValue) request.getAttribute("userLogin");
String externalKey = (String) request.getAttribute(EXTERNAL_LOGIN_KEY_ATTR);
if (externalKey != null) return externalKey;
HttpSession session = request.getSession();
synchronized (session) {
// if the session has a previous key in place, remove it from the master list
String sesExtKey = (String) session.getAttribute(EXTERNAL_LOGIN_KEY_ATTR);
if (sesExtKey != null) {
externalLoginKeys.remove(sesExtKey);
}
//check the userLogin here, after the old session setting is set so that it will always be cleared
if (userLogin == null) return "";
//no key made yet for this request, create one
while (externalKey == null || externalLoginKeys.containsKey(externalKey)) {
externalKey = "EL" + Long.toString(Math.round(Math.random() * 1000000)) + Long.toString(Math.round(Math.random() * 1000000));
}
request.setAttribute(EXTERNAL_LOGIN_KEY_ATTR, externalKey);
session.setAttribute(EXTERNAL_LOGIN_KEY_ATTR, externalKey);
externalLoginKeys.put(externalKey, userLogin);
return externalKey;
}
}
public static String checkExternalLoginKey(HttpServletRequest request, HttpServletResponse response) {
HttpSession session = request.getSession();
String externalKey = request.getParameter(EXTERNAL_LOGIN_KEY_ATTR);
if (externalKey == null) return "success";
GenericValue userLogin = (GenericValue) externalLoginKeys.get(externalKey);
if (userLogin != null) {
// found userLogin, do the external login...
// if the user is already logged in and the login is different, logout the other user
GenericValue currentUserLogin = (GenericValue) session.getAttribute("userLogin");
if (currentUserLogin != null) {
if (currentUserLogin.getString("userLoginId").equals(userLogin.getString("userLoginId"))) {
// is the same user, just carry on...
return "success";
}
// logout the current user and login the new user...
String logoutRetVal = logout(request, response);
// ignore the return value; even if the operation failed we want to set the new UserLogin
}
if ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "login.lock.active"))) {
String username = userLogin.getString("userLoginId");
boolean userIdLoggedIn = isLoggedInSession(username, request, false);
boolean thisUserLoggedIn = isLoggedInSession(username, request, true);
if (userIdLoggedIn && !thisUserLoggedIn) {
request.setAttribute("_ERROR_MESSAGE_", "<b>This user is already logged in.</b><br>");
return "error";
}
}
doBasicLogin(userLogin, request);
} else {
Debug.logWarning("Could not find userLogin for external login key: " + externalKey, module);
}
return "success";
}
public static void cleanupExternalLoginKey(HttpSession session) {
String sesExtKey = (String) session.getAttribute(EXTERNAL_LOGIN_KEY_ATTR);
if (sesExtKey != null) {
externalLoginKeys.remove(sesExtKey);
}
}
public static boolean isLoggedInSession(GenericValue userLogin, HttpServletRequest request) {
return isLoggedInSession(userLogin.getString("userLoginId"), request, true);
}
public static boolean isLoggedInSession(String userLoginId, HttpServletRequest request, boolean checkSessionId) {
if (userLoginId != null) {
Map webappMap = (Map) loggedInSessions.get(userLoginId);
if (webappMap == null) {
return false;
} else {
String sessionId = (String) webappMap.get(UtilHttp.getApplicationName(request));
if (!checkSessionId) {
if (sessionId == null) {
return false;
}
} else {
if (sessionId == null || !sessionId.equals(request.getSession().getId())) {
return false;
}
}
}
return true;
} else {
return false;
}
}
public static void loginToSession(GenericValue userLogin, HttpServletRequest request) {
if (userLogin != null) {
Map webappMap = (Map) loggedInSessions.get(userLogin.get("userLoginId"));
if (webappMap == null) {
webappMap = new HashMap();
loggedInSessions.put(userLogin.get("userLoginId"), webappMap);
}
String webappName = UtilHttp.getApplicationName(request);
webappMap.put(webappName, request.getSession().getId());
}
}
public static void logoutFromAllSessions(GenericValue userLogin) {
if (userLogin != null) {
loggedInSessions.remove(userLogin.get("userLoginId"));
}
}
protected static boolean hasBasePermission(GenericValue userLogin, HttpServletRequest request) {
ServletContext context = (ServletContext) request.getAttribute("servletContext");
Security security = (Security) request.getAttribute("security");
HttpSession session = request.getSession();
String serverId = (String) context.getAttribute("_serverId");
String contextPath = request.getContextPath();
ComponentConfig.WebappInfo info = ComponentConfig.getWebAppInfo(serverId, contextPath);
if (security != null) {
if (info != null) {
String permission = info.getBasePermission();
if (!"NONE".equals(permission) && !security.hasEntityPermission(permission, "_VIEW", userLogin)) {
return false;
}
} else {
Debug.logInfo("No webapp configuration found for : " + serverId + " / " + contextPath, module);
}
} else {
Debug.logWarning("Received a null Security object from HttpServletRequest", module);
}
return true;
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -