sfaloginevents.java

国外的一套开源CRM

/*
 * 
 * Copyright (c) 2004 SourceTap - www.sourcetap.com
 *
 *  The contents of this file are subject to the SourceTap Public License 
 * ("License"); You may not use this file except in compliance with the 
 * License. You may obtain a copy of the License at http://www.sourcetap.com/license.htm
 * Software distributed under the License is distributed on an  "AS IS"  basis,
 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for
 * the specific language governing rights and limitations under the License.
 *
 * The above copyright notice and this permission notice shall be included
 * in all copies or substantial portions of the Software.
 *
 */

package com.sourcetap.sfa.security;

import java.util.HashMap;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.ofbiz.base.util.Debug;
import org.ofbiz.base.util.UtilFormatOut;
import org.ofbiz.base.util.UtilMisc;
import org.ofbiz.base.util.UtilProperties;
import org.ofbiz.content.stats.VisitHandler;
import org.ofbiz.entity.GenericDelegator;
import org.ofbiz.entity.GenericEntityException;
import org.ofbiz.entity.GenericValue;
import org.ofbiz.securityext.login.LoginEvents;
import org.ofbiz.service.GenericServiceException;
import org.ofbiz.service.LocalDispatcher;
import org.ofbiz.service.ModelService;

import com.sourcetap.sfa.util.UserInfo;


/**
 * DOCUMENT ME!
 *
 */
public class SFALoginEvents extends LoginEvents {
	
    public static final String module = SFALoginEvents.class.getName();

    /**
     * DOCUMENT ME!
     *
     * @param request 
     * @param response 
     *
     * @return 
     *
     * @throws java.rmi.RemoteException 
     * @throws java.io.IOException 
     * @throws javax.servlet.ServletException 
     */
    public static String login(HttpServletRequest request, HttpServletResponse response)
    {
        HttpSession session = request.getSession();
            	
        String username = request.getParameter("USERNAME");
        String password = request.getParameter("PASSWORD");

        if (username == null) username = (String) session.getAttribute("USERNAME");
        if (password == null) password = (String) session.getAttribute("PASSWORD");
        
        if ((username != null) && ("true".equals(UtilProperties.getPropertyValue("security.properties", "username.lowercase")))) {
            username = username.toLowerCase();
        }
        if ((password != null) && ("true".equals(UtilProperties.getPropertyValue("security.properties", "password.lowercase")))) {
            password = password.toLowerCase();
        }

        if ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "login.lock.active"))) {
            boolean userIdLoggedIn = isLoggedInSession(username, request, false);
            boolean thisUserLoggedIn = isLoggedInSession(username, request, true);
            if (userIdLoggedIn && !thisUserLoggedIn) {
                request.setAttribute("_ERROR_MESSAGE_", "<b>This user is already logged in.</b><br>");
                return "error";
            }
        }
	
        return login(request, response, username, password);
    }

    /**
     * DOCUMENT ME!
     *
     * @param request 
     * @param response 
     * @param username 
     * @param password 
     *
     * @return 
     *
     * @throws java.rmi.RemoteException 
     * @throws java.io.IOException 
     * @throws javax.servlet.ServletException 
     */
    public static String login(HttpServletRequest request,
        HttpServletResponse response, String username, String password)
    {
        String errMsg = "";
        HttpSession session = request.getSession();

        GenericDelegator delegator = (GenericDelegator) request.getAttribute(
                "delegator");

        // get the visit id to pass to the userLogin for history
        String visitId = VisitHandler.getVisitId(session);
        
        LocalDispatcher dispatcher = (LocalDispatcher) request.getAttribute("dispatcher");
        Map result = null;
        GenericValue userLogin = null;

        try {
            result = dispatcher.runSync("userLogin", UtilMisc.toMap("login.username", username, "login.password", password, "visitId", visitId));
        } catch (GenericServiceException e) {
            Debug.logError(e, "Error calling userLogin service", module);
            request.setAttribute("_ERROR_MESSAGE_", "<b>The following error occurred during login:</b><br>" + e.getMessage());
            return "error";
        }

        if (ModelService.RESPOND_SUCCESS.equals(result.get(ModelService.RESPONSE_MESSAGE))) {
            userLogin = (GenericValue) result.get("userLogin");
            Map userLoginSession = (Map) result.get("userLoginSession");

            if (userLogin != null && hasBasePermission(userLogin, request)) {
				session.setAttribute("_USER_LOGIN_", userLogin);
                doBasicLogin(userLogin, request);
            } else {
                request.setAttribute("_ERROR_MESSAGE_", "<b>Unable to login in to this application.</b><br>");
                return "error";
            }
            
            if (userLoginSession != null) {
            	session.setAttribute("userLoginSession", userLoginSession);
            }
        } else {
            errMsg = (String) result.get(ModelService.ERROR_MESSAGE);

            errMsg = "<b>The following error occurred during login:</b><br>" + errMsg;
            request.setAttribute("_ERROR_MESSAGE_", errMsg);
            return "error";
        }
                
        request.setAttribute("_LOGIN_PASSED_", "TRUE");
        // make sure the autoUserLogin is set to the same and that the client cookie has the correct userLoginId

        String roleId = "";
        String accountId = "";
        String contactName = "";

        try {
            HashMap roleMap = new HashMap();
            roleMap.put("contactId", userLogin.get("partyId"));

            GenericValue contactGV = delegator.findByPrimaryKey("Contact", roleMap);

            if (contactGV == null) {
                Debug.logWarning("login not associated with a contact", module);

                return "Login not associated with a contact";
            } else {
                roleId = UtilFormatOut.checkNull(contactGV.getString("roleId"));

                String firstName = (contactGV.getString("firstName") == null)
                    ? "" : contactGV.getString("firstName");
                String lastName = (contactGV.getString("lastName") == null)
                    ? "" : contactGV.getString("lastName");

                if (((firstName != null) && !firstName.equals("")) ||
                        ((lastName != null) && !lastName.equals(""))) {
                    contactName = firstName + " " + lastName;
                } else {
                    contactName = username;
                }

                accountId =  UtilFormatOut.checkNull(contactGV.getString("accountId"));
            }
        } catch (GenericEntityException e) {
            Debug.logError("unable to get role info", module);
            Debug.logError(e, module);
        }

        try {
            session.setAttribute("partyId", userLogin.get("partyId"));
            session.setAttribute("userName", request.getParameter("USERNAME"));
            session.setAttribute("roleId", roleId);

            // store all user Info related attributes in UserInfo.  Eventually this will replace partyId, userName, and roleId above
            UserInfo userInfo = new UserInfo((String) userLogin.get("partyId"),
                    roleId, request.getParameter("USERNAME"), contactName,
                    accountId);
            session.setAttribute("userInfo", userInfo);

            Debug.logVerbose("--> Session Set", module);
        } catch (Exception e) {
            Debug.logError(e, module);
        }

        return autoLoginSet(request, response);
    }
}