loginportlet.java

GridSphere 门户 提供一个基于 portlet 的高级开放源代码门户。GridSphere 是在欧盟提供基金的 GridLab 项目下开发的

        List<PortalFilter> portalFilters = portalFilterService.getPortalFilters();
        for (PortalFilter filter : portalFilters) {
            filter.doAfterLogin((HttpServletRequest) req, (HttpServletResponse) res);
        }

        log.debug("in login redirecting to portal: " + realuri.toString());
        try {
            if (req.getParameter("ajax") != null) {
                //res.setContentType("text/html");
                //res.getWriter().print(realuri.toString());
            } else {
                res.sendRedirect(realuri.toString());
            }
        } catch (IOException e) {
            log.error("Unable to perform a redirect!", e);
        }
    }


    public User login(PortletRequest req)
            throws AuthenticationException, AuthorizationException {

        String loginName = req.getParameter("username");
        String loginPassword = req.getParameter("password");
        String certificate = null;

        X509Certificate[] certs = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate");
        if (certs != null && certs.length > 0) {
            certificate = certificateTransform(certs[0].getSubjectDN().toString());
        }

        User user = null;

        // if using client certificate, then don't use login modules
        if (certificate == null) {
            if ((loginName == null) || (loginPassword == null)) {
                throw new AuthorizationException(getLocalizedText(req, "LOGIN_AUTH_BLANK"));
            }
            // first get user
            Boolean useUserName = Boolean.valueOf(portalConfigService.getProperty(PortalConfigService.USE_USERNAME_FOR_LOGIN));
            if (useUserName) {

                user = userManagerService.getUserByUserName(loginName);
            } else {
                user = userManagerService.getUserByEmail(loginName);
            }

        } else {

            log.debug("Using certificate for login :" + certificate);
            List userList = userManagerService.getUsersByAttribute("certificate", certificate, null);
            if (!userList.isEmpty()) {
                user = (User) userList.get(0);
            }
        }

        if (user == null) throw new AuthorizationException(getLocalizedText(req, "LOGIN_AUTH_NOUSER"));

        // tried one to many times using same name
        int defaultNumTries = Integer.valueOf(portalConfigService.getProperty(PortalConfigService.LOGIN_NUMTRIES)).intValue();
        int numTriesInt;
        String numTries = (String) user.getAttribute(PortalConfigService.LOGIN_NUMTRIES);
        if (numTries == null) {
            numTriesInt = 1;
        } else {
            numTriesInt = Integer.valueOf(numTries).intValue();
        }
        System.err.println("num tries = " + numTriesInt);
        if ((defaultNumTries != -1) && (numTriesInt >= defaultNumTries)) {
            disableAccount(req);
            throw new AuthorizationException(getLocalizedText(req, "LOGIN_TOOMANY_ATTEMPTS"));
        }

        String accountStatus = (String) user.getAttribute(User.DISABLED);
        if ((accountStatus != null) && ("TRUE".equalsIgnoreCase(accountStatus)))
            throw new AuthorizationException(getLocalizedText(req, "LOGIN_AUTH_DISABLED"));

        // If authorized via certificates no other authorization needed
        if (certificate != null) return user;

        // second invoke the appropriate auth module
        List<LoginAuthModule> modules = authModuleService.getActiveAuthModules();

        Collections.sort(modules);
        AuthenticationException authEx = null;

        Iterator it = modules.iterator();
        log.debug("in login: Active modules are: ");
        boolean success = false;
        while (it.hasNext()) {
            success = false;
            LoginAuthModule mod = (LoginAuthModule) it.next();
            log.debug(mod.getModuleName());
            try {
                mod.checkAuthentication(user, loginPassword);
                success = true;
            } catch (AuthenticationException e) {
                String errMsg = mod.getModuleError(e.getMessage(), req.getLocale());
                if (errMsg != null) {
                    authEx = new AuthenticationException(errMsg);
                } else {
                    authEx = e;
                }
            }
            if (success) break;
        }
        if (!success) {

            numTriesInt++;
            user.setAttribute(PortalConfigService.LOGIN_NUMTRIES, String.valueOf(numTriesInt));
            userManagerService.saveUser(user);

            throw authEx;
        }

        return user;
    }

    /**
     * Transform certificate subject from :
     * CN=Engbert Heupers, O=sara, O=users, O=dutchgrid
     * to :
     * /O=dutchgrid/O=users/O=sara/CN=Engbert Heupers
     *
     * @param certificate string
     * @return certificate string
     */
    private String certificateTransform(String certificate) {
        String ls[] = certificate.split(", ");
        StringBuffer res = new StringBuffer();
        for (int i = ls.length - 1; i >= 0; i--) {
            res.append("/");
            res.append(ls[i]);
        }
        return res.toString();
    }

    protected String getLocalizedText(HttpServletRequest req, String key) {
        Locale locale = req.getLocale();
        ResourceBundle bundle = ResourceBundle.getBundle("gridsphere.resources.Portlet", locale);
        return bundle.getString(key);
    }

    public void disableAccount(PortletRequest req) {
        //PortletRequest req = event.getRenderRequest();
        String loginName = req.getParameter("username");
        User user = userManagerService.getUserByUserName(loginName);
        if (user != null) {
            user.setAttribute(User.DISABLED, "true");
            userManagerService.saveUser(user);

            MailMessage mailToUser = new MailMessage();
            StringBuffer body = new StringBuffer();
            body.append(getLocalizedText(req, "LOGIN_DISABLED_MSG1")).append(" ").append(getLocalizedText(req, "LOGIN_DISABLED_MSG2")).append("\n\n");
            mailToUser.setBody(body.toString());
            mailToUser.setSubject(getLocalizedText(req, "LOGIN_DISABLED_SUBJECT"));
            mailToUser.setEmailAddress(user.getEmailAddress());

            MailMessage mailToAdmin = new MailMessage();
            StringBuffer body2 = new StringBuffer();
            body2.append(getLocalizedText(req, "LOGIN_DISABLED_ADMIN_MSG")).append(" ").append(user.getUserName());
            mailToAdmin.setBody(body2.toString());
            mailToAdmin.setSubject(getLocalizedText(req, "LOGIN_DISABLED_SUBJECT") + " " + user.getUserName());
            String portalAdminEmail = portalConfigService.getProperty(PortalConfigService.PORTAL_ADMIN_EMAIL);
            mailToAdmin.setEmailAddress(portalAdminEmail);

            try {
                mailService.sendMail(mailToUser);
                mailService.sendMail(mailToAdmin);
            } catch (PortletServiceException e) {
                log.error("Unable to send mail message!", e);
                //createErrorMessage(event, this.getLocalizedText(req, "LOGIN_FAILURE_MAIL"));
            }
        }
    }

    public void displayForgotPassword(RenderFormEvent event) {
        boolean sendMail = Boolean.valueOf(portalConfigService.getProperty(PortalConfigService.SEND_USER_FORGET_PASSWORD)).booleanValue();
        if (sendMail) {
            PortletRequest req = event.getRenderRequest();
            setNextState(req, DO_FORGOT_PASSWORD);
        }
    }


    public void newpassword(ActionFormEvent evt) {
        PortletRequest req = evt.getActionRequest();
        String id = req.getParameter("reqid");
        Request request = requestService.getRequest(id, FORGOT_PASSWORD_LABEL);
        if (request != null) {
            HiddenFieldBean reqid = evt.getHiddenFieldBean("reqid");
            reqid.setValue(id);
            setNextState(req, DO_NEW_PASSWORD);
        } else {
            setNextState(req, DEFAULT_VIEW_PAGE);
        }
    }

    public void doSavePass(ActionFormEvent event) {

        PortletRequest req = event.getActionRequest();

        HiddenFieldBean reqid = event.getHiddenFieldBean("reqid");
        String id = reqid.getValue();
        Request request = requestService.getRequest(id, FORGOT_PASSWORD_LABEL);
        if (request != null) {
            String uid = request.getUserID();
            User user = userManagerService.getUser(uid);
            passwordManagerService.editPassword(user);
            String passwordValue = event.getPasswordBean("password").getValue();
            String confirmPasswordValue = event.getPasswordBean("confirmPassword").getValue();

            if (passwordValue == null) {
                createErrorMessage(event, this.getLocalizedText(req, "USER_PASSWORD_NOTSET"));
                setNextState(req, DO_NEW_PASSWORD);
                return;
            }

            // Otherwise, password must match confirmation
            if (!passwordValue.equals(confirmPasswordValue)) {
                createErrorMessage(event, this.getLocalizedText(req, "USER_PASSWORD_MISMATCH"));
                setNextState(req, DO_NEW_PASSWORD);
                // If they do match, then validate password with our service
            } else {
                if (passwordValue.length() == 0) {
                    createErrorMessage(event, this.getLocalizedText(req, "USER_PASSWORD_BLANK"));
                    setNextState(req, DO_NEW_PASSWORD);
                } else if (passwordValue.length() < 5) {
                    System.err.println("length < 5 password= " + passwordValue);
                    createErrorMessage(event, this.getLocalizedText(req, "USER_PASSWORD_TOOSHORT"));
                    setNextState(req, DO_NEW_PASSWORD);
                } else {
                    // save password
                    //System.err.println("saving password= " + passwordValue);
                    PasswordEditor editPasswd = passwordManagerService.editPassword(user);
                    editPasswd.setValue(passwordValue);
                    editPasswd.setDateLastModified(Calendar.getInstance().getTime());
                    passwordManagerService.savePassword(editPasswd);
                    createSuccessMessage(event, this.getLocalizedText(req, "USER_PASSWORD_SUCCESS"));
                    requestService.deleteRequest(request);
                }
            }
        }
    }

}