📄 onlineusermanager.java
字号:
if (passwordEncoded) {
encodedPassword = memberPassword;
user = ManagerFactory.getOnlineUserFactory().getAuthenticatedUser(request, null, memberName, encodedPassword, true);
} else {
encodedPassword = ManagerFactory.getOnlineUserFactory().getEncodedPassword(memberName, memberPassword);
//user = ManagerFactory.getOnlineUserFactory().getAuthenticatedUser(request, response, memberName, memberPassword, false);
user = ManagerFactory.getOnlineUserFactory().getAuthenticatedUser(request, null, memberName, encodedPassword, true);
}
String sessionID = request.getSessionId();
setOnlineUser(sessionID, user);
// now save the login info in the session only if we support
// encoded passwords
/*if (null != encodedPassword) {
session.setAttribute(MVNFORUM_SESSION_USERNAME, memberName);
session.setAttribute(MVNFORUM_SESSION_PASSWORD, encodedPassword);
}*/
/*
boolean fromLoginPage = ParamUtil.getParameterBoolean(request, "FromLoginPage");
if ( fromLoginPage && (response != null) ) {
manageAutoLogin(memberName, encodedPassword, request, response);
}*/
// Now call the postLogin method, in the default implementation, the default folder
// is checked and created if not existed
ManagerFactory.getOnlineUserFactory().postLogin(null, null, user);
return user;
}
protected void manageAutoLogin(String memberName, String encodedPassword,
HttpServletRequest request, HttpServletResponse response) {
boolean autoLogin = ParamUtil.getParameterBoolean(request, "AutoLogin");
if (autoLogin) {
int autoLoginExpire = (60 * 60 * 24) * 1; // 1 day
try {
autoLoginExpire = ParamUtil.getParameterInt(request, "AutoLoginExpire");
} catch (Exception ex) {
// do nothing
}
Cookie nameCookie = new Cookie(MVNFORUM_COOKIE_USERNAME, Encoder.encodeURL(memberName));
nameCookie.setMaxAge(autoLoginExpire);
nameCookie.setPath(MVNFORUM_COOKIE_PATH);
Cookie passwordCookie = new Cookie(MVNFORUM_COOKIE_PASSWORD, encodedPassword);
passwordCookie.setMaxAge(autoLoginExpire);
passwordCookie.setPath(MVNFORUM_COOKIE_PATH);
response.addCookie(nameCookie);
response.addCookie(passwordCookie);
}
}
public void logout(HttpServletRequest request, HttpServletResponse response)
throws DatabaseException, AssertionException, AuthenticationException {
GenericRequest genericRequest = new GenericRequestServletImpl(request);
GenericResponse genericResponse = new GenericResponseServletImpl(response);
logout(genericRequest, genericResponse);
}
public void logout(GenericRequest request, GenericResponse response)
throws DatabaseException, AssertionException, AuthenticationException {
String sessionID = request.getSessionId();
OnlineUser oldUser = getOnlineUser(request);
String cssPath = oldUser.getCssPath();
String logoPath = oldUser.getLogoPath();
OnlineUser user = null;
if (authenticator == null) {
// temporary hack, if no authenticator has been set,
// then we use the old method
// @todo: more thought on this later
user = ManagerFactory.getOnlineUserFactory().getAnonymousUser(request);
user.setCssPath(cssPath);
user.setLogoPath(logoPath);
}
// remove current user, then set new user is a guest
setOnlineUser(sessionID, user);
ManagerFactory.getOnlineUserFactory().logout(request, response);
// now always clear the session information
request.setSessionAttribute(MVNFORUM_SESSION_USERNAME, null);
request.setSessionAttribute(MVNFORUM_SESSION_PASSWORD, null);
}
public void deleteCookie(HttpServletRequest request, HttpServletResponse response) {
Cookie nameCookie = new Cookie(MVNFORUM_COOKIE_USERNAME, "");
nameCookie.setPath(MVNFORUM_COOKIE_PATH);
nameCookie.setMaxAge(0);// delete this cookie
Cookie passwordCookie = new Cookie(MVNFORUM_COOKIE_PASSWORD, "");
passwordCookie.setPath(MVNFORUM_COOKIE_PATH);
passwordCookie.setMaxAge(0);// delete this cookie
response.addCookie(nameCookie);
response.addCookie(passwordCookie);
}
public OnlineUser getOnlineUser(GenericRequest request)
throws AuthenticationException, AssertionException, DatabaseException {
if (request.isServletRequest()) {
return getOnlineUser(request.getServletRequest());
}
String sessionID = request.getSessionId();
OnlineUser user = getOnlineUser(sessionID);
// When logged in as remote or customization, the remote user is logged out
// and mvnForum still have the old non-guest users, then we should logout this user
// in OnlineUser too.
if ( (user != null) && (user.isGuest() == false) ) {
if (user.getAuthenticationType() == OnlineUser.AUTHENTICATION_TYPE_REALM){
String currentRemoteUser = request.getRemoteUser();
if (currentRemoteUser == null) {
logout(request, null /*response*/);
} else if (currentRemoteUser.equalsIgnoreCase(user.getMemberName()) == false) {
throw new AssertionException("ASSERTION: Current remote user should equals the current member in OnlineUser: Remote User: " + currentRemoteUser + ". But forum user is " + user.getMemberName() +". Please report bug to mvnForum developers.");
}
} else if (user.getAuthenticationType() == OnlineUser.AUTHENTICATION_TYPE_CUSTOMIZATION) {
String currentRemoteUser = StringUtil.getEmptyStringIfNull(authenticator.getRemoteUser(request));
if (currentRemoteUser.equals("")) {
logout(request, null /*response*/);
} else if (currentRemoteUser.equalsIgnoreCase(user.getMemberName()) == false) {
throw new AssertionException("ASSERTION: Current remote user should equals the current member in OnlineUser: Remote User: " + currentRemoteUser + ". But forum user is " + user.getMemberName() +". Please report bug to mvnForum developers.");
}
}
}
// end of checking
// re-get the online user to continue
user = getOnlineUser(sessionID);
boolean enableLoginInfoInRealm = MVNForumConfig.getEnableLoginInfoInRealm();
if (user == null) {
// when authencator is null
user = ManagerFactory.getOnlineUserFactory().getAnonymousUser(request);
setOnlineUser(sessionID, user);
}
if (user.isGuest() && enableLoginInfoInRealm && (null != request.getRemoteUser())) {
String memberName = StringUtil.getEmptyStringIfNull(request.getRemoteUser());
if ( memberName.length() > 0 ) {
try {
DAOFactory.getMemberDAO().findByAlternateKey_MemberName(memberName);
user = login(request, null, memberName, PASSWORD_OF_METHOD_REALM, true);
((OnlineUserImpl)user).setAuthenticationType(OnlineUser.AUTHENTICATION_TYPE_REALM);
} catch (ObjectNotFoundException oe) {
// ignore
}
}
}
// now we have the user, check if it is a Guest and we can login in CUSTOM
boolean enableLoginInfoInCustomization = MVNForumConfig.getEnableLoginInfoInCustomization();
if (authenticator == null) {
authenticator = ManagerFactory.getAuthenticator();
}
if (authenticator != null) {
if (user.isGuest() && enableLoginInfoInCustomization && (null != authenticator.getRemoteUser(request))) {
String memberName = StringUtil.getEmptyStringIfNull(authenticator.getRemoteUser(request));
if (memberName.length() > 0) {
try {
DAOFactory.getMemberDAO().findByAlternateKey_MemberName(memberName);
user = login(request, null, memberName, PASSWORD_OF_METHOD_CUSTOMIZATION, true);
( (OnlineUserImpl) user).setAuthenticationType(OnlineUser.AUTHENTICATION_TYPE_CUSTOMIZATION);
} catch (ObjectNotFoundException oe) {
// ignore, the implementation of Authenticator should create the member in database first
}
}
}
}
user.getOnlineUserAction().updateLastRequestTime();
return user;
}
public OnlineUser getOnlineUser(HttpServletRequest request)
throws AuthenticationException, AssertionException, DatabaseException {
long currentTime = System.currentTimeMillis();
if (currentTime - timeOfLastRemoveAction > REMOVE_INTERVAL) {//update every minute
removeTimeoutUsers();
// update MostOnline here
int currentOnlineUserCount = userMap.size();
fireDataChanged(new OnlineUserEvent(this, currentOnlineUserCount));
}
HttpSession session = request.getSession();
String sessionID = session.getId();
OnlineUser user = getOnlineUser(sessionID);
// When logged in as remote or customization, the remote user is logged out
// and mvnForum still have the old non-guest users, then we should logout this user
// in OnlineUser too.
if ( (user != null) && (user.isGuest() == false) ) {
if (user.getAuthenticationType() == OnlineUser.AUTHENTICATION_TYPE_REALM){
String currentRemoteUser = request.getRemoteUser();
if (currentRemoteUser == null) {
logout(request, null /*response*/);
} else if (currentRemoteUser.equalsIgnoreCase(user.getMemberName()) == false) {
throw new AssertionException("ASSERTION: Current remote user should equals the current member in OnlineUser. Please report bug to mvnForum developers.");
}
} else if (user.getAuthenticationType() == OnlineUser.AUTHENTICATION_TYPE_CUSTOMIZATION) {
String currentRemoteUser = StringUtil.getEmptyStringIfNull(authenticator.getRemoteUser(request));
if (currentRemoteUser.equals("")) {
logout(request, null /*response*/);
} else if (currentRemoteUser.equalsIgnoreCase(user.getMemberName()) == false) {
throw new AssertionException("ASSERTION: Current remote user should equals the current member in OnlineUser. Please report bug to mvnForum developers.");
}
}
}
// end of checking
// re-get the online user to continue
user = getOnlineUser(sessionID);
if (user == null) {
boolean enableLoginInfoInCookie = MVNForumConfig.getEnableLoginInfoInCookie();
boolean enableLoginInfoInSession = MVNForumConfig.getEnableLoginInfoInSession();
boolean enableLoginInfoInRealm = MVNForumConfig.getEnableLoginInfoInRealm();
boolean enableLoginInfoInCustomization = MVNForumConfig.getEnableLoginInfoInCustomization();
if ((user == null) && enableLoginInfoInSession) {
String memberName = ParamUtil.getAttribute(session, MVNFORUM_SESSION_USERNAME);
String encodedPassword = ParamUtil.getAttribute(session, MVNFORUM_SESSION_PASSWORD);
if ( (memberName.length() > 0) && (encodedPassword.length() > 0)) {
try {
user = login(request, null, memberName, encodedPassword, true);
((OnlineUserImpl) user).setAuthenticationType(OnlineUser.AUTHENTICATION_TYPE_SESSION);
} catch (AuthenticationException e) {
// do nothing, some time the login info in the session
// is not correct, we dont consider this case as error
}
}
}
if ((user == null) && enableLoginInfoInCookie) {
String memberName = "";
String encodedPassword = "";
Cookie[] cookies = request.getCookies();
if (cookies != null) {
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -