public String create() throws Exception {
setHeaderResources();
if (!validatePasswordNoSpaces(user.getNewPassword())) {
addFieldError("newPassword", getText("admin.user.changePassword.NoSpaces"));
return INPUT;
}
String checkResult = checkSubmit(user);
if (checkResult != null) {
return checkResult;
}
String userName = user.getName();
// add both a subject and a principal as normal
log.trace("creating subject [" + userName + "]");
Integer sessionId = RequestUtils.getSessionId(getServletRequest());
AuthzSubject checkUser = authzBoss.findSubjectByName(sessionId, userName);
if (checkUser != null) {
log.error("User name '" + userName + "' already exists");
String msg = getText("exception.user.alreadyExists");
this.addFieldError("name", msg);
return INPUT;
}
authzBoss.createSubject(
sessionId,
user.getName(),
"yes".equals(user.getEnableLogin()),
HQConstants.ApplicationName,
user.getDepartment(),
user.getEmailAddress(),
user.getFirstName(),
user.getLastName(),
user.getPhoneNumber(),
user.getSmsAddress(),
user.isHtmlEmail());
log.trace("adding user [" + userName + "]");
authBoss.addUser(sessionId.intValue(), userName, user.getNewPassword());
log.trace("finding subject [" + userName + "]");
AuthzSubject newUser = authzBoss.findSubjectByName(sessionId, userName);
getServletRequest().setAttribute(Constants.USER_PARAM, newUser.getId());
ActionContext.getContext().put(Constants.USER_PARAM, newUser.getId());
userId = newUser.getId().toString();
return "showCreated";
}
@RequestMapping(value = "/login", method = RequestMethod.GET)
public ModelAndView login(
HttpServletRequest request, HttpServletResponse response, HttpSession session) {
final boolean debug = log.isDebugEnabled();
ModelAndView result = new ModelAndView();
// ...first check for an authentication object, if one exists we are already logged in...
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null
&& !(authentication instanceof AnonymousAuthenticationToken)
&& authentication.isAuthenticated()) {
try {
if (debug) log.debug("User has already been authenticated. Redirecting to dashboard.");
// Redirect to Dashboard.action for struts2 support
response.sendRedirect("Dashboard.action");
return result;
} catch (IOException e) {
log.warn(
"Could not perform the redirect for an authenticated user, displaying login page instead");
}
}
// ...we're dealing with an unauthenticated user, we're going to show the login form...
AuthzSubject guestUser = authzSubjectManager.getSubjectById(AuthzConstants.guestId);
// ...before we return, check for an error message...
boolean loginError = request.getParameter("authfailed") != null;
if (loginError) {
if (session != null) {
AuthenticationException ex =
(AuthenticationException)
session.getAttribute(
AbstractAuthenticationProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY);
if (ex != null) {
result.addObject("errorMessage", RequestUtils.message(request, ex.getMessage()));
}
}
}
result.addObject("guestUsername", (guestUser != null) ? guestUser.getName() : "guest");
result.addObject("guestEnabled", (guestUser != null && guestUser.getActive()));
// ...set a response header so we can identify the login page explicitly...
response.setHeader("hq-requires-auth", "1");
return result;
}
public boolean equals(Object o) {
if (o == this) return true;
if (o == null || o instanceof UserDashboardConfig == false) return false;
UserDashboardConfig oe = (UserDashboardConfig) o;
if (!super.equals(oe)) return false;
return _user.equals(oe.getUser());
}
public int hashCode() {
int hash = super.hashCode();
hash = hash * 37 + _user.hashCode();
return hash;
}