/**
* Validates the login. Writes the isValid flag into the session along with the current user.
*
* @return true if OK, false if there's a problem
*/
private boolean validateLogin(
HttpSession session, HttpServletRequest req, HttpServletResponse res) throws Exception {
// Creates a user database access bean.
UserManager userManager = new UserManager();
// (no setSession() here, since user may not exist yet)
// Validates the login
String username = req.getParameter("Username");
String password = req.getParameter("Password");
boolean isValid = userManager.isValidUser(username, password);
boolean isAdmin = userManager.isAdmin(username);
// To allow bootstrapping the system, if there are no users
// yet, set this session valid, and grant admin privileges.
if (userManager.getRecords().isEmpty()) {
isValid = true;
isAdmin = true;
}
if (isValid) {
// Writes User object and validity flag to the session
session.setAttribute("user", new User(username, password, isAdmin));
session.setAttribute("isValid", new Boolean(isValid));
} else {
Util.putMessagePage(res, "Invalid user or password");
return false;
}
return isValid;
}
/**
* Creates a db connecton.
*
* @return true if OK, false if there's a problem
*/
private boolean createDbConnection(
HttpSession session, HttpServletRequest req, HttpServletResponse res) throws Exception {
// At this point a driver and connection may already be set
// up. So here it first tests if a connection can be made.
// If not, set params up, and test the setup.
if (ConnManager.getConn() == null) {
ConnManager.getInstance()
.setLoginParams(
session.getAttribute("dbtDbDriver"),
session.getAttribute("dbtDbUrl"),
session.getAttribute("dbtDbUser"),
session.getAttribute("dbtDbPassword"));
if (ConnManager.getConn() == null) {
Util.putMessagePage(res, "Cannot login to DBT database");
// Invalidates the session in case connection is "stuck" in error
session.invalidate();
return false;
}
}
return true;
}
/** Cracks the command and invokes the appropriate next screen */
public void doPost(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
try {
// Sets up session tracking
ServletContext context = getServletContext();
HttpSession session = req.getSession();
// Gets command, which says what button was pressed
String command = req.getParameter("command");
if (command == null) {
Util.putMessagePage(res, "Please go back and use a button");
return;
}
// "Exit" invalidates the session
if (command.equals("Exit")) {
Util.exitSession(session, res);
return;
}
// "Relogin" invalidates the session and starts over
if (command.equals("Relogin")) {
session.invalidate();
RequestDispatcher dispatcher = context.getRequestDispatcher(Util.BASE + "index.jsp");
dispatcher.forward(req, res);
return;
}
// At this point the session may be new, or may be already
// validated. If session is not valid, or if a login was
// specified, do a dbt database login, and validate the
// user's login.
if (!Util.isSessionValid(session, null) || req.getParameter("Username") != null) {
if (!createDbConnection(session, req, res)) return;
if (!validateLogin(session, req, res)) return;
}
// Shows the DBT_DB records
if (command.indexOf("Databases") > -1) {
RequestDispatcher dispatcher = context.getRequestDispatcher(Util.BASE + "ShowDbs.jsp");
dispatcher.forward(req, res);
return;
}
// Displays all the history records
if (command.indexOf("History") > -1) {
RequestDispatcher dispatcher = context.getRequestDispatcher(Util.BASE + "ShowHistory.jsp");
dispatcher.forward(req, res);
return;
}
// Changes the user's password
if (command.indexOf("Password") > -1) {
RequestDispatcher dispatcher =
context.getRequestDispatcher(Util.BASE + "ChangePassword.jsp");
dispatcher.forward(req, res);
return;
}
// Performs admin functions
if (command.indexOf("Admin") > -1) {
RequestDispatcher dispatcher = context.getRequestDispatcher(Util.BASE + "AdminFnc.jsp");
dispatcher.forward(req, res);
return;
}
Util.putMessagePage(
res, "<p>Dbtracker internal error<p>Unknown command in " + getServletInfo());
} catch (ServletException e) {
throw e;
} catch (IOException e) {
throw e;
} catch (Throwable t) {
Util.putExceptionPage(res, t);
}
}