Example #1
0
  @Action(
      value = "/loginSubmit",
      results = {
        @Result(name = "input", location = "/login.jsp"),
        @Result(
            name = "change_password",
            location = "/admin/userSettings.action",
            type = "redirect"),
        @Result(name = "otp", location = "/admin/viewOTP.action", type = "redirect"),
        @Result(name = "success", location = "/admin/menu.action", type = "redirect")
      })
  public String loginSubmit() {
    String retVal = SUCCESS;

    String authToken = AuthDB.login(auth);
    if (authToken != null) {

      User user = AuthDB.getUserByAuthToken(authToken);
      if (user != null) {
        String sharedSecret = null;
        if (otpEnabled) {
          sharedSecret = AuthDB.getSharedSecret(user.getId());
          if (StringUtils.isNotEmpty(sharedSecret)
              && (auth.getOtpToken() == null
                  || !OTPUtil.verifyToken(sharedSecret, auth.getOtpToken()))) {
            addActionError(AUTH_ERROR);
            return INPUT;
          }
        }
        // check to see if admin has any assigned profiles
        if (!User.MANAGER.equals(user.getUserType())
            && (user.getProfileList() == null || user.getProfileList().size() <= 0)) {
          addActionError("Authentication Failed : There are no profiles assigned to this account");
          return INPUT;
        }

        AuthUtil.setAuthToken(servletRequest.getSession(), authToken);
        AuthUtil.setUserId(servletRequest.getSession(), user.getId());
        AuthUtil.setAuthType(servletRequest.getSession(), user.getAuthType());
        AuthUtil.setTimeout(servletRequest.getSession());

        // for first time login redirect to set OTP
        if (otpEnabled && StringUtils.isEmpty(sharedSecret)) {
          return "otp";
        } else if ("changeme".equals(auth.getPassword())
            && Auth.AUTH_BASIC.equals(user.getAuthType())) {
          retVal = "change_password";
        }
      }

    } else {
      addActionError(AUTH_ERROR);
      retVal = INPUT;
    }

    return retVal;
  }
Example #2
0
 @Action(
     value = "/logout",
     results = {@Result(name = "success", location = "/login.action", type = "redirect")})
 public String logout() {
   AuthUtil.deleteAllSession(servletRequest.getSession());
   return SUCCESS;
 }