/**
* Validates the login. Writes the isValid flag into the session along with the current user.
*
* @return true if OK, false if there's a problem
*/
private boolean validateLogin(
HttpSession session, HttpServletRequest req, HttpServletResponse res) throws Exception {
// Creates a user database access bean.
UserManager userManager = new UserManager();
// (no setSession() here, since user may not exist yet)
// Validates the login
String username = req.getParameter("Username");
String password = req.getParameter("Password");
boolean isValid = userManager.isValidUser(username, password);
boolean isAdmin = userManager.isAdmin(username);
// To allow bootstrapping the system, if there are no users
// yet, set this session valid, and grant admin privileges.
if (userManager.getRecords().isEmpty()) {
isValid = true;
isAdmin = true;
}
if (isValid) {
// Writes User object and validity flag to the session
session.setAttribute("user", new User(username, password, isAdmin));
session.setAttribute("isValid", new Boolean(isValid));
} else {
Util.putMessagePage(res, "Invalid user or password");
return false;
}
return isValid;
}
