📄 onlineusermanager.java
字号:
/*
* $Header: /cvsroot/mvnforum/mvnforum/src/com/mvnforum/auth/OnlineUserManager.java,v 1.44 2006/04/14 17:05:26 minhnn Exp $
* $Author: minhnn $
* $Revision: 1.44 $
* $Date: 2006/04/14 17:05:26 $
*
* ====================================================================
*
* Copyright (C) 2002-2006 by MyVietnam.net
*
* All copyright notices regarding mvnForum MUST remain
* intact in the scripts and in the outputted HTML.
* The "powered by" text/logo with a link back to
* http://www.mvnForum.com and http://www.MyVietnam.net in
* the footer of the pages MUST remain visible when the pages
* are viewed on the internet or intranet.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* Support can be obtained from support forums at:
* http://www.mvnForum.com/mvnforum/index
*
* Correspondence and Marketing Questions can be sent to:
* info at MyVietnam net
*
* @author: Minh Nguyen
* @author: Mai Nguyen
*/
package com.mvnforum.auth;
import java.sql.Timestamp;
import java.util.*;
import javax.servlet.http.*;
import com.mvnforum.*;
import com.mvnforum.db.DAOFactory;
import net.myvietnam.mvncore.exception.*;
import net.myvietnam.mvncore.security.Encoder;
import net.myvietnam.mvncore.security.FloodControl;
import net.myvietnam.mvncore.util.*;
import net.myvietnam.mvncore.web.GenericRequest;
import net.myvietnam.mvncore.web.GenericResponse;
import net.myvietnam.mvncore.web.impl.GenericRequestServletImpl;
import net.myvietnam.mvncore.web.impl.GenericResponseServletImpl;
public class OnlineUserManager {
private static final int REMOVE_INTERVAL = 2000; //update every 2 second
private static final String MVNFORUM_SESSION_USERNAME = "mvnforum.membername";
private static final String MVNFORUM_SESSION_PASSWORD = "mvnforum.encodedpassword";
private static final String MVNFORUM_COOKIE_USERNAME = "mvnforum.membername";
private static final String MVNFORUM_COOKIE_PASSWORD = "mvnforum.encodedpassword";
private static final String MVNFORUM_COOKIE_PATH = "/";
public static final String PASSWORD_OF_METHOD_REALM = "Realm"; //must not be changed in all cases
public static final String PASSWORD_OF_METHOD_CUSTOMIZATION = "Remote";//must not be changed in all cases
//static variable
private static OnlineUserManager instance = new OnlineUserManager();
//instance variable
private Map userMap = new TreeMap();
private long timeOfLastRemoveAction = 0;
private transient Vector onlineUserListeners;
private Authenticator authenticator = null;
private OnlineUserManager() {
}
public static OnlineUserManager getInstance() {
return instance;
}
public Authenticator getAuthenticator() {
return authenticator;
}
public void setAuthenticator(Authenticator authenticator) {
this.authenticator = authenticator;
}
/**
* MemberUtil method to be called from Processor.
* It assumes that to input parameters are
* MemberName for username
* MemberMatkhau for password
*/
public void processLogin(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException, AssertionException, DatabaseException, BadInputException, FloodException {
String memberName = ParamUtil.getParameter(request, "MemberName", true);
StringUtil.checkGoodName(memberName);// check for better security
String memberPassword = "";
String memberPasswordMD5 = ParamUtil.getParameter(request, "md5pw", false);
if (memberPasswordMD5.length() == 0 || (memberPasswordMD5.endsWith("==") == false)) {
// md5 is not valid, try to use unencoded password method
memberPassword = ParamUtil.getParameterPassword(request, "MemberMatkhau", 3, 0);
if (memberPassword.length() == 0) {
throw new AssertionException("Cannot allow memberPassword's length is 0. Serious Assertion Failed.");
}
}
processLogin(request, response, memberName, memberPassword, memberPasswordMD5);
/*
String currentIP = request.getRemoteAddr();
try {
// Control the login action, we dont want user to try too many login attempt
FloodControl.ensureNotReachMaximum(MVNForumGlobal.FLOOD_ID_LOGIN, currentIP);
OnlineUser user = null;
if (memberPassword.length() > 0) {
// that is we cannot find the md5 password
user = login(request, response, memberName, memberPassword, false);
} else {
// have the md5, go ahead
user = login(request, response, memberName, memberPasswordMD5, true);
}
((OnlineUserImpl)user).setAuthenticationType(OnlineUser.AUTHENTICATION_TYPE_HTML_FORM);
} catch (AuthenticationException ex) {
// only increase login count if unsucessful
FloodControl.increaseCount(MVNForumGlobal.FLOOD_ID_LOGIN, currentIP);
if (ex.getReason() == NotLoginException.WRONG_PASSWORD) {
request.setAttribute("MemberName", memberName);// so user dont have to retype USER NAME
}
throw ex;
} catch (FloodException fe) {
Locale locale = I18nUtil.getLocaleInRequest(request);
Integer maxWrongLogins = new Integer(FloodControl.getActionsPerHour(MVNForumGlobal.FLOOD_ID_LOGIN));
//throw new FloodException("You have reached the maximum number of wrong login actions for this page. Please try this page later. This is to prevent forum from being flooded.");
String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.FloodException.login_too_many_times", new Object[]{ maxWrongLogins });
throw new FloodException(localizedMessage);
}*/
}
/**
* Login method, if memberPassword length == 0, then login with memberPasswordMD5
*/
public void processLogin(HttpServletRequest request, HttpServletResponse response,
String memberName, String memberPassword, String memberPasswordMD5)
throws AuthenticationException, AssertionException, DatabaseException, BadInputException, FloodException {
StringUtil.checkGoodName(memberName);// check for better security
String currentIP = request.getRemoteAddr();
try {
// Control the login action, we dont want user to try too many login attempt
FloodControl.ensureNotReachMaximum(MVNForumGlobal.FLOOD_ID_LOGIN, currentIP);
OnlineUser user = null;
if (memberPassword.length() > 0) {
// that is we cannot find the md5 password
user = login(request, response, memberName, memberPassword, false);
} else {
// have the md5, go ahead
user = login(request, response, memberName, memberPasswordMD5, true);
}
((OnlineUserImpl)user).setAuthenticationType(OnlineUser.AUTHENTICATION_TYPE_HTML_FORM);
} catch (AuthenticationException ex) {
// only increase login count if unsucessful
FloodControl.increaseCount(MVNForumGlobal.FLOOD_ID_LOGIN, currentIP);
if (ex.getReason() == NotLoginException.WRONG_PASSWORD) {
request.setAttribute("MemberName", memberName);// so user dont have to retype USER NAME
}
throw ex;
} catch (FloodException fe) {
Locale locale = I18nUtil.getLocaleInRequest(request);
Integer maxWrongLogins = new Integer(FloodControl.getActionsPerHour(MVNForumGlobal.FLOOD_ID_LOGIN));
//throw new FloodException("You have reached the maximum number of wrong login actions for this page. Please try this page later. This is to prevent forum from being flooded.");
String localizedMessage = MVNForumResourceBundle.getString(locale, "mvncore.exception.FloodException.login_too_many_times", new Object[]{ maxWrongLogins });
throw new FloodException(localizedMessage);
}
}
/**
* NOTE: This method MUST be the only way to authenticate a user
* NOTE: the parameter response can be equals null
*/
protected OnlineUser login(HttpServletRequest request, HttpServletResponse response,
String memberName, String memberPassword, boolean passwordEncoded)
throws AuthenticationException, DatabaseException, AssertionException {
try {
StringUtil.checkGoodName(memberName);
} catch (Exception ex) {
throw new AuthenticationException(ex.getMessage(), NotLoginException.WRONG_NAME);
}
String encodedPassword;
OnlineUser user;
if (passwordEncoded) {
encodedPassword = memberPassword;
user = ManagerFactory.getOnlineUserFactory().getAuthenticatedUser(request, response, memberName, encodedPassword, true);
} else {
encodedPassword = ManagerFactory.getOnlineUserFactory().getEncodedPassword(memberName, memberPassword);
//user = ManagerFactory.getOnlineUserFactory().getAuthenticatedUser(request, response, memberName, memberPassword, false);
user = ManagerFactory.getOnlineUserFactory().getAuthenticatedUser(request, response, memberName, encodedPassword, true);
}
HttpSession session = request.getSession();
String sessionID = session.getId();
setOnlineUser(sessionID, user);
// now save the login info in the session only if we support
// encoded passwords
if (null != encodedPassword) {
session.setAttribute(MVNFORUM_SESSION_USERNAME, memberName);
session.setAttribute(MVNFORUM_SESSION_PASSWORD, encodedPassword);
}
boolean fromLoginPage = ParamUtil.getParameterBoolean(request, "FromLoginPage");
if ( fromLoginPage && (response != null) ) {
manageAutoLogin(memberName, encodedPassword, request, response);
}
// Now call the postLogin method, in the default implementation, the default folder
// is checked and created if not existed
ManagerFactory.getOnlineUserFactory().postLogin(request, response, user);
return user;
}
protected OnlineUser login(GenericRequest request, GenericResponse response,
String memberName, String memberPassword, boolean passwordEncoded)
throws AuthenticationException, DatabaseException, AssertionException {
try {
StringUtil.checkGoodName(memberName);
} catch (Exception ex) {
throw new AuthenticationException(ex.getMessage(), NotLoginException.WRONG_NAME);
}
String encodedPassword;
OnlineUser user;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -