/**
* @param request
* @param tableCategoryId
* @paqram includeAction if true, will load webactions also
* @return elements are Table or WebAction
*/
public List getChildrenOfTableCategory(
HttpServletRequest request, int tableCategoryId, boolean includeAction) {
TableManager manager = TableManager.getInstance();
WebAction action;
ArrayList cats = new ArrayList();
Connection conn = null;
HashMap webActionEnv = null;
Table table;
UserWebImpl userWeb =
((UserWebImpl)
WebUtils.getSessionContextManager(request.getSession())
.getActor(nds.util.WebKeys.USER));
TableCategory tc = manager.getTableCategory(tableCategoryId);
List children = tc.children();
ArrayList catschild = new ArrayList();
try {
if (includeAction) {
conn = QueryEngine.getInstance().getConnection();
webActionEnv = new HashMap();
webActionEnv.put("connection", conn);
webActionEnv.put("httpservletrequest", request);
webActionEnv.put("userweb", userWeb);
}
for (int j = 0; j < children.size(); j++) {
if (children.get(j) instanceof Table) {
table = (Table) children.get(j);
if (!table.isMenuObject()) {
continue;
}
try {
WebUtils.checkTableQueryPermission(table.getName(), request);
} catch (NDSSecurityException e) {
continue;
}
// table is ok for current user to list
catschild.add(table);
} else if (children.get(j) instanceof WebAction) {
if (includeAction) {
action = (WebAction) children.get(j);
if (action.canDisplay(webActionEnv)) catschild.add(action);
}
} else {
throw new NDSRuntimeException(
"Unsupported element in TableCategory children:" + children.get(j).getClass());
}
}
} catch (Throwable t) {
logger.error("Fail to load subsystem tree", t);
} finally {
try {
if (conn != null) conn.close();
} catch (Throwable e) {
}
}
return catschild;
}
private void handleSignupPost(Request request, HttpServletResponse httpServletResponse)
throws Exception {
String userId = request.getParameter(PARAM_USER_ID);
String userName = request.getParameter(PARAM_USER_NAME);
String email = request.getParameter(PARAM_EMAIL);
String stringPassword = request.getParameter(PARAM_PASSWORD);
String stringPasswordConfirm = request.getParameter(PARAM_PASSWORD_CONFIRM);
if (!stringPassword.equals(stringPasswordConfirm)) {
WebUtils.redirectToError(
"Mismatch between password and password confirmation", request, httpServletResponse);
return;
}
SecureRandom secureRandom = new SecureRandom();
String salt = "" + secureRandom.nextLong();
byte[] password = User.computeHashedPassword(stringPassword, salt);
User user = userDb.get(userId);
if (user != null) {
WebUtils.redirectToError(
"There already exists a user with the ID " + userId, request, httpServletResponse);
return;
}
user =
new User(
userId,
userName,
password,
salt,
email,
new ArrayList<String>(),
Config.getConfig().activateAccountsAtCreation,
false);
// ttt2 add confirmation by email, captcha, ...
List<String> fieldErrors = user.checkFields();
if (!fieldErrors.isEmpty()) {
StringBuilder bld =
new StringBuilder("Invalid values when trying to create user with ID ")
.append(userId)
.append("<br/>");
for (String s : fieldErrors) {
bld.append(s).append("<br/>");
}
WebUtils.redirectToError(bld.toString(), request, httpServletResponse);
return;
}
// ttt2 2 clients can add the same userId simultaneously
userDb.add(user);
httpServletResponse.sendRedirect("/");
}
/**
* MU_FAVORITE
*
* @throws Exception cyl
* @param request
* @return elements are Table or WebAction and menu list
* @paqram includeAction if true?not now
*/
public List getSubSystemsOfmufavorite(HttpServletRequest request) throws Exception {
ArrayList mufavorite = new ArrayList();
TableManager manager = TableManager.getInstance();
// Table table;
try {
UserWebImpl userWeb =
((UserWebImpl)
WebUtils.getSessionContextManager(request.getSession())
.getActor(nds.util.WebKeys.USER));
int userid = userWeb.getUserId();
List al =
QueryEngine.getInstance()
.doQueryList(
"select t.ad_table_id,t.fa_menu,t.menu_re,t.IS_REPORT from MU_FAVORITE t where t.ownerid="
+ String.valueOf(userid)
+ " group by t.ad_table_id,t.menu_no,t.fa_menu,t.menu_re,t.IS_REPORT,t.creationdate order by t.menu_no,t.creationdate asc");
logger.debug("MU_FAVORITE size is " + String.valueOf(al.size()));
if (al.size() > 0) {
for (int i = 0; i < al.size(); i++) {
// ArrayList catschild= new ArrayList();
List als = (List) al.get(i);
String fa_menu = (String) als.get(1);
String menu_re = (String) als.get(2);
String isreport = (String) als.get(3);
int table_id = Tools.getInt(als.get(0), -1);
Table table = manager.getTable(table_id);
logger.debug(table.getName());
/*
if(!table.isMenuObject()){
continue;
//because many table is webaction not ismenuobject
}*/
try {
WebUtils.checkTableQueryPermission(table.getName(), request);
} catch (NDSSecurityException e) {
continue;
}
logger.debug("add_table ->" + table.getName());
ArrayList row = new ArrayList();
row.add(fa_menu);
row.add(menu_re);
row.add(isreport);
row.add(table);
mufavorite.add(row);
}
}
} catch (Throwable t) {
logger.error("Fail to load mufavorite", t);
}
return mufavorite;
}
private void handleChangePasswordPost(Request request, HttpServletResponse httpServletResponse)
throws Exception {
LoginInfo loginInfo = userHelpers.getLoginInfo(request);
if (loginInfo == null) {
WebUtils.redirectToError("Couldn't determine the current user", request, httpServletResponse);
return;
}
String userId = loginInfo.userId;
String stringCrtPassword = request.getParameter(PARAM_CURRENT_PASSWORD);
String stringNewPassword = request.getParameter(PARAM_PASSWORD);
String stringNewPasswordConfirm = request.getParameter(PARAM_PASSWORD_CONFIRM);
if (!stringNewPassword.equals(stringNewPasswordConfirm)) {
showResult(
"Mismatch between password and password confirmation",
PATH_SETTINGS,
request,
httpServletResponse);
return;
}
User user =
userDb.get(
userId); // ttt1 crashes for wrong ID; 2013.07.20 - no longer have an idea what this is
// about
if (user == null) {
WebUtils.redirectToError("Couldn't find the current user", request, httpServletResponse);
return;
}
if (!user.checkPassword(stringCrtPassword)) {
showResult("Incorrect current password", PATH_SETTINGS, request, httpServletResponse);
return;
}
SecureRandom secureRandom = new SecureRandom();
String salt = "" + secureRandom.nextLong();
byte[] password = User.computeHashedPassword(stringNewPassword, salt);
user.salt = salt;
user.password = password;
// ttt3 2 clients can change the password simultaneously
userDb.add(user);
// httpServletResponse.sendRedirect(PATH_SETTINGS);
showResult("Password changed", PATH_SETTINGS, request, httpServletResponse);
}
/**
* @param request
* @param subSystemId
* @return
*/
private boolean containsViewableActions(HttpServletRequest request, SubSystem ss) {
List<WebAction> list = ss.getWebActions();
Connection conn = null;
try {
UserWebImpl userWeb =
((UserWebImpl)
WebUtils.getSessionContextManager(request.getSession())
.getActor(nds.util.WebKeys.USER));
conn = QueryEngine.getInstance().getConnection();
HashMap webActionEnv = new HashMap();
webActionEnv.put("connection", conn);
webActionEnv.put("httpservletrequest", request);
webActionEnv.put("userweb", userWeb);
for (int i = 0; i < list.size(); i++) {
WebAction wa = list.get(i);
if (wa.canDisplay(webActionEnv)) {
return true;
}
}
} catch (Throwable t) {
logger.error("Fail to load subsystem webaction", t);
} finally {
try {
if (conn != null) conn.close();
} catch (Throwable te) {
}
}
return false;
}
private void handleChangeSettingsPost(Request request, HttpServletResponse httpServletResponse)
throws Exception {
LoginInfo loginInfo = userHelpers.getLoginInfo(request);
if (loginInfo == null) {
WebUtils.redirectToError("Couldn't determine the current user", request, httpServletResponse);
return;
}
String stringItemsPerPage = request.getParameter(PARAM_ITEMS_PER_PAGE);
try {
loginInfo.itemsPerPage = Integer.parseInt(stringItemsPerPage);
} catch (Exception e) {
showResult(
"Error trying to set the items per page. Expected integer value but got "
+ stringItemsPerPage,
PATH_SETTINGS,
request,
httpServletResponse);
return;
}
loginInfo.style = request.getParameter(PARAM_STYLE);
loginInfo.feedDateFormat =
request.getParameter(PARAM_FEED_DATE_FORMAT); // ttt2 validate, better in JSP
loginInfoDb.add(loginInfo);
// httpServletResponse.sendRedirect(PATH_SETTINGS);
showResult("Settings changed", "/", request, httpServletResponse);
}
private void handleOpenArticle(
Request request, HttpServletResponse httpServletResponse, String target) throws Exception {
try {
int k1 = target.indexOf('/', 1);
int k2 = target.indexOf('/', k1 + 1);
String feedId = target.substring(k1 + 1, k2);
String strSeq = target.substring(k2 + 1);
int seq = Integer.parseInt(strSeq);
Article article = articleDb.get(feedId, seq);
LoginInfo loginInfo = userHelpers.getLoginInfo(request);
// ttt2 using the link from a non-authenticated browser causes a NPE; maybe do something
// better, e.g. sign up
ReadArticlesColl readArticlesColl = readArticlesCollDb.get(loginInfo.userId, feedId);
if (readArticlesColl == null) {
readArticlesColl = new ReadArticlesColl(loginInfo.userId, feedId);
}
if (!readArticlesColl.isRead(seq)) {
readArticlesColl.markRead(seq, Config.getConfig().maxSizeForReadArticles);
readArticlesCollDb.add(readArticlesColl);
}
String s =
URIUtil.encodePath(article.url)
.replace("%3F", "?")
.replace("%23", "#"); // ttt2 see how to do this right
httpServletResponse.sendRedirect(s);
} catch (Exception e) {
WebUtils.showResult(
String.format("Failed to get article for path %s. %s", target, e),
"/",
request,
httpServletResponse);
}
}
/**
* Get viewable subsystem list
*
* @param request
* @return never null, elements are nds.schema.SubSystem
*/
public List getSubSystems(HttpServletRequest request) {
UserWebImpl userWeb =
((UserWebImpl)
WebUtils.getSessionContextManager(request.getSession())
.getActor(nds.util.WebKeys.USER));
ArrayList subs = new ArrayList();
if (userWeb.getUserId() == userWeb.GUEST_ID) {
return subs;
}
List al = (List) userWeb.getProperty("subsystems"); // elements are subystem.id
TableManager manager = TableManager.getInstance();
if (al != null) {
for (int i = 0; i < al.size(); i++) {
int sid = ((Integer) al.get(i)).intValue();
SubSystem ss = manager.getSubSystem(sid);
if (ss != null) subs.add(ss);
}
} else {
// search all tablecategoris for subsystem
// add users subsystems param
al = new ArrayList();
String[] sub_list;
try {
String subsystems =
(String)
QueryEngine.getInstance()
.doQueryOne("SELECT subsystems from users where id=" + userWeb.getUserId());
if (Validator.isNotNull(subsystems)) {
sub_list = subsystems.split(",");
for (int m = 0; m < sub_list.length; m++) {
SubSystem usersub = manager.getSubSystem(sub_list[m].trim());
if (usersub != null) {
if (usersub.getId() == 10) continue;
al.add(new Integer(usersub.getId()));
subs.add(usersub);
}
}
userWeb.setProperty("subsystems", al);
return subs;
}
} catch (QueryException e) {
logger.error("Fail to load subsystems from users", e);
}
for (int i = 0; i < manager.getSubSystems().size(); i++) {
SubSystem ss = (SubSystem) manager.getSubSystems().get(i);
if (containsViewableChildren(request, ss)) {
al.add(new Integer(ss.getId()));
subs.add(ss);
}
}
userWeb.setProperty("subsystems", al);
}
return subs;
}
/**
* Return table categories and table that user has view permission
*
* @param request
* @param subSystemId
* @return never null, elements are List, containing 2 elements: 1)when first element is
* nds.schema.TableCategory, then second will be java.util.List (nds.schema.Table or
* nds.schema.WebAction) 2) when first element is nds.schema.WebAction, then second is null
*/
public List getTableCategories(
HttpServletRequest request, int subSystemId, boolean includeActions) {
// Create categories and their tables in hashtable
TableManager manager = TableManager.getInstance();
// Iterator tables = manager.getAllTables().iterator();
// Hashtable categories = new Hashtable(50,20); // key:Integer(category id), values :List of
// table
SubSystem ss;
Integer tableCategoryId;
Table table;
WebAction action;
ArrayList cats = new ArrayList();
Connection conn = null;
HashMap webActionEnv = null;
try {
UserWebImpl userWeb =
((UserWebImpl)
WebUtils.getSessionContextManager(request.getSession())
.getActor(nds.util.WebKeys.USER));
if (includeActions) {
conn = QueryEngine.getInstance().getConnection();
webActionEnv = new HashMap();
webActionEnv.put("connection", conn);
webActionEnv.put("httpservletrequest", request);
webActionEnv.put("userweb", userWeb);
}
List categories = manager.getSubSystem(subSystemId).children();
for (int i = 0; i < categories.size(); i++) {
Object o = categories.get(i); // TableCategory or WebAction
if (o instanceof TableCategory) {
TableCategory tc = (TableCategory) o;
List children = tc.children();
ArrayList catschild = new ArrayList();
for (int j = 0; j < children.size(); j++) {
if (children.get(j) instanceof Table) {
table = (Table) children.get(j);
if (!table.isMenuObject()) {
continue;
}
try {
WebUtils.checkTableQueryPermission(table.getName(), request);
} catch (NDSSecurityException e) {
continue;
}
// table is ok for current user to list
catschild.add(table);
} else if (children.get(j) instanceof WebAction) {
if (includeActions) {
action = (WebAction) children.get(j);
if (action.canDisplay(webActionEnv)) catschild.add(action);
}
} else {
throw new NDSRuntimeException(
"Unsupported element in TableCategory children:" + children.get(j).getClass());
}
}
if (catschild.size() > 0) {
// show this category
ArrayList row = new ArrayList();
row.add(tc);
row.add(catschild);
cats.add(row);
}
} else if (o instanceof WebAction) {
if (includeActions && ((WebAction) o).canDisplay(webActionEnv)) {
ArrayList row = new ArrayList();
row.add(o);
row.add(Collections.EMPTY_LIST);
cats.add(row);
}
} else {
throw new NDSException(
"Unexpected class in subsystem (id=" + subSystemId + "), class is " + o.getClass());
}
}
} catch (Throwable t) {
logger.error("Fail to load subsystem tree", t);
} finally {
try {
if (conn != null) conn.close();
} catch (Throwable e) {
}
}
return cats;
}
/**
* menu action
*
* @throws Exception cyl
* @param request
* @param tableCategoryId desgin menu list
* @paqram includeAction if true, will load webactions also
* @return elements are Table or WebAction and menu list
*/
public List getChildrenOfTableCategorybymenu(
HttpServletRequest request, int tableCategoryId, boolean includeAction) throws Exception {
TableManager manager = TableManager.getInstance();
WebAction action;
ArrayList cats = new ArrayList();
List children = new ArrayList();
Connection conn = null;
HashMap webActionEnv = null;
Table table;
List al =
QueryEngine.getInstance()
.doQueryList(
"select e.id,e.name from ad_table g,AD_ACCORDION e where g.AD_ACCORDION_id=e.id and g.ad_tablecategory_id="
+ tableCategoryId
+ " group by e.id,e.name,e.orderno order by e.orderno asc");
UserWebImpl userWeb =
((UserWebImpl)
WebUtils.getSessionContextManager(request.getSession())
.getActor(nds.util.WebKeys.USER));
TableCategory tc = manager.getTableCategory(tableCategoryId);
if (tc != null) children = tc.children();
// ArrayList prow= new ArrayList();
if (al.size() > 0) {
for (int i = 0; i < al.size(); i++) {
List als = (List) al.get(i);
int ACCORDION = Tools.getInt(als.get(0), -1);
logger.debug("ACCORDION~~~~~~~~~~" + String.valueOf(ACCORDION));
ArrayList catschild = new ArrayList();
String ACCORDION_name = (String) als.get(1);
try {
if (includeAction) {
conn = QueryEngine.getInstance().getConnection();
webActionEnv = new HashMap();
webActionEnv.put("connection", conn);
webActionEnv.put("httpservletrequest", request);
webActionEnv.put("userweb", userWeb);
}
for (int j = 0; j < children.size(); j++) {
if (children.get(j) instanceof Table) {
table = (Table) children.get(j);
// logger.debug("getAccordid~~~~~~~~~~"+String.valueOf(table.getAccordid()));
if (!table.isMenuObject()) {
continue;
} else if (ACCORDION != table.getAccordid()) {
// logger.debug(String.valueOf(ACCORDION)+"!="+String.valueOf(table.getAccordid()));
continue;
}
try {
WebUtils.checkTableQueryPermission(table.getName(), request);
} catch (NDSSecurityException e) {
continue;
}
// table is ok for current user to list
logger.debug(String.valueOf(ACCORDION) + "&&" + String.valueOf(table.getAccordid()));
catschild.add(table);
} else if (children.get(j) instanceof WebAction) {
if (includeAction) {
action = (WebAction) children.get(j);
if (action.canDisplay(webActionEnv) && (action.getAcordionId() == ACCORDION)) {
logger.debug("add action" + String.valueOf(ACCORDION));
// System.out.print("add action"+String.valueOf(ACCORDION));
// System.out.print("action name"+String.valueOf(action.getName()));
// System.out.print("ACCORDION name"+String.valueOf(ACCORDION));
// System.out.print("action
// name"+String.valueOf(action.getAcordionId()));
catschild.add(action);
}
}
} else {
throw new NDSRuntimeException(
"Unsupported element in TableCategory children:" + children.get(j).getClass());
}
}
} catch (Throwable t) {
logger.error("Fail to load subsystem tree", t);
} finally {
try {
if (conn != null) conn.close();
} catch (Throwable e) {
}
}
if (catschild.size() > 0) {
// show this category
ArrayList row = new ArrayList();
row.add(ACCORDION_name);
row.add(catschild);
cats.add(row);
}
}
return cats;
} else {
ArrayList catschild1 = new ArrayList();
try {
if (includeAction) {
conn = QueryEngine.getInstance().getConnection();
webActionEnv = new HashMap();
webActionEnv.put("connection", conn);
webActionEnv.put("httpservletrequest", request);
webActionEnv.put("userweb", userWeb);
}
for (int j = 0; j < children.size(); j++) {
if (children.get(j) instanceof Table) {
table = (Table) children.get(j);
if (!table.isMenuObject()) {
continue;
}
try {
WebUtils.checkTableQueryPermission(table.getName(), request);
} catch (NDSSecurityException e) {
continue;
}
// table is ok for current user to list
catschild1.add(table);
} else if (children.get(j) instanceof WebAction) {
if (includeAction) {
action = (WebAction) children.get(j);
if (action.canDisplay(webActionEnv)) catschild1.add(action);
}
} else {
throw new NDSRuntimeException(
"Unsupported element in TableCategory children:" + children.get(j).getClass());
}
}
} catch (Throwable t) {
logger.error("Fail to load subsystem tree", t);
} finally {
try {
if (conn != null) conn.close();
} catch (Throwable e) {
}
}
if (catschild1.size() > 0) {
// show this category
ArrayList row = new ArrayList();
row.add(tc.getName());
row.add(catschild1);
cats.add(row);
}
}
return cats;
}
/**
* @param request
* @param permissionType PERMISSION_VIEWABLE, PERMISSION_NO_PERM or PERMISSION_NO_LICENSE
* @return never null, elements are nds.schema.SubSystem
*/
public List<SubSystem> getSubSystems(HttpServletRequest request, int permissionType)
throws Exception {
if (permissionType == PERMISSION_VIEWABLE) return getSubSystems(request);
UserWebImpl userWeb =
((UserWebImpl)
WebUtils.getSessionContextManager(request.getSession())
.getActor(nds.util.WebKeys.USER));
String subsystems =
(String)
QueryEngine.getInstance()
.doQueryOne("SELECT subsystems from users where id=" + userWeb.getUserId());
if (Validator.isNotNull(subsystems)) {
return Collections.EMPTY_LIST;
}
TableManager manager = TableManager.getInstance();
if (permissionType == PERMISSION_NO_PERM) {
ArrayList subs = new ArrayList();
List al = (List) userWeb.getProperty("subsystems"); // elements are subystem.id
if (al == null) {
getSubSystems(request);
al = (List) userWeb.getProperty("subsystems");
}
// no perm
List ss = manager.getSubSystems();
for (int i = 0; i < ss.size(); i++) {
SubSystem sa = (SubSystem) ss.get(i);
boolean found = false;
for (int j = 0; j < al.size(); j++) {
if (((Integer) al.get(j)).intValue() == sa.getId()) {
found = true;
break;
}
}
if (!found) subs.add(sa);
}
return subs;
} // else{
// no license
if (subSystemNoLicense == null) {
subSystemNoLicense = new ArrayList<SubSystem>();
List al =
QueryEngine.getInstance()
.doQueryList(
"select id, name, orderno, iconurl,url from ad_subsystem s where exists(select 1 from ad_tablecategory c where c.ad_subsystem_id=s.id) order by orderno asc");
for (int i = 0; i < al.size(); i++) {
List als = (List) al.get(i);
if (manager.getSubSystem(Tools.getInt(als.get(0), -1)) == null) {
SubSystem ss = new SubSystem();
ss.setId(Tools.getInt(als.get(0), -1));
ss.setName((String) als.get(1));
ss.setOrderno(Tools.getInt(als.get(2), -1));
ss.setIconURL((String) als.get(3));
ss.setPageURL((String) als.get(4));
subSystemNoLicense.add(ss);
}
}
}
return subSystemNoLicense;
// }
}
/**
* 事实表和关联报表属于当前传入数组的交叉报表
*
* @param request
* @param tables elements are table.id
* @return elements are ArrayList, first is cxtab id, second is cxtab name
*/
public List getCxtabs(HttpServletRequest request, List<Integer> tables) {
TableManager manager = TableManager.getInstance();
UserWebImpl userWeb =
((UserWebImpl)
WebUtils.getSessionContextManager(request.getSession())
.getActor(nds.util.WebKeys.USER));
StringBuffer sb = new StringBuffer();
for (int i = 0; i < tables.size(); i++) {
// Table t= tables.get(i);
if (i > 0) sb.append(",");
sb.append(tables.get(i));
}
String ts = sb.toString();
try {
Table cxtabTable = manager.getTable("AD_CXTAB");
QueryRequestImpl queryData;
// only pk,dk will be selected, order by ak asc
queryData = QueryEngine.getInstance().createRequest(userWeb.getSession());
queryData.setMainTable(cxtabTable.getId());
queryData.addSelection(cxtabTable.getPrimaryKey().getId());
queryData.addSelection(cxtabTable.getDisplayKey().getId());
Column colOrderNo = cxtabTable.getColumn("orderno");
queryData.setOrderBy(new int[] {colOrderNo.getId()}, true);
queryData.setRange(0, Integer.MAX_VALUE);
Expression expr =
new Expression(
null,
"(AD_CXTAB.AD_TABLE_ID in ("
+ ts
+ ") or exists (select 1 from ad_cxtab_reftable r where r.ad_cxtab_id=AD_CXTAB.id and r.ad_table_id in ("
+ ts
+ ")))",
null);
// set reporttype to "S"
expr =
expr.combine(
new Expression(new ColumnLink("AD_CXTAB.REPORTTYPE"), "=S", null),
SQLCombination.SQL_AND,
null);
expr =
expr.combine(
new Expression(new ColumnLink("AD_CXTAB.ISACTIVE"), "=Y", null),
SQLCombination.SQL_AND,
null);
expr =
expr.combine(
new Expression(new ColumnLink("AD_CXTAB.ISPUBLIC"), "=Y", null),
SQLCombination.SQL_AND,
null);
expr =
expr.combine(
userWeb.getSecurityFilter(cxtabTable.getName(), 1), SQLCombination.SQL_AND, null);
queryData.addParam(expr); // read permission
return QueryEngine.getInstance().doQueryList(queryData.toSQL());
} catch (Throwable t) {
logger.error(
"Fail to load reports for user " + userWeb.getUserId() + " with table ids: " + ts, t);
}
return Collections.EMPTY_LIST;
}
private void handleLoginPost(
Request request, HttpServletResponse httpServletResponse, boolean secured) throws Exception {
String userId = request.getParameter(PARAM_USER_ID);
String password = request.getParameter(PARAM_PASSWORD);
String rememberAccountStr = request.getParameter(PARAM_REMEMBER_ACCOUNT);
boolean rememberAccount = Boolean.parseBoolean(rememberAccountStr);
LoginInfo.SessionInfo sessionInfo = UserHelpers.getSessionInfo(request);
logOut(sessionInfo.browserId);
User user = userDb.get(userId);
if (user == null) {
WebUtils.redirectToError("User " + userId + " not found", request, httpServletResponse);
return;
}
if (!user.checkPassword(password)) {
WebUtils.redirectToError("Invalid password", request, httpServletResponse);
return;
}
if (!user.active) {
WebUtils.redirectToError(
"Account for User " + userId + " needs to be activated", request, httpServletResponse);
return;
}
LOG.info("Logged in user " + userId);
sessionInfo.sessionId = null;
if (sessionInfo.browserId == null) {
sessionInfo.browserId = getRandomId();
} else {
for (LoginInfo loginInfo : loginInfoDb.getLoginsForBrowser(sessionInfo.browserId)) {
if (userId.equals(loginInfo.userId)) {
sessionInfo.sessionId = loginInfo.sessionId;
break;
}
}
}
long expireOn = System.currentTimeMillis() + Config.getConfig().loginExpireInterval;
if (sessionInfo.sessionId == null) {
sessionInfo.sessionId = getRandomId();
Config config = Config.getConfig();
loginInfoDb.add(
new LoginInfo(
sessionInfo.browserId,
sessionInfo.sessionId,
userId,
expireOn,
rememberAccount,
config.defaultStyle,
config.defaultItemsPerPage,
config.defaultFeedDateFormat));
LOG.info(String.format("Logging in in a new session. User: %s", user));
} else {
loginInfoDb.updateExpireTime(sessionInfo.browserId, sessionInfo.sessionId, expireOn);
LOG.info(String.format("Logging in in an existing session. User: %s", user));
}
WebUtils.saveCookies(
httpServletResponse, secured, sessionInfo.browserId, sessionInfo.sessionId);
httpServletResponse.sendRedirect("/");
}
/**
* Normally sets the path and a few attributes that the JSPs are likely to need. Also verifies the
* login information. If necessary, just redirects to the login page.
*
* @param target
* @param request
* @param httpServletResponse
* @param secured
* @return true if the request is already handled so the .jsp shouldn't get called
* @throws Exception
*/
private boolean prepareForJspGet(
String target, Request request, HttpServletResponse httpServletResponse, boolean secured)
throws Exception {
LoginInfo.SessionInfo sessionInfo = UserHelpers.getSessionInfo(request);
LOG.info(
String.format(
"hndl - %s ; %s; %s ; %s",
target,
request.getPathInfo(),
request.getMethod(),
secured ? "secured" : "not secured"));
String path = request.getUri().getDecodedPath();
boolean redirectToLogin = path.equals(PATH_LOGOUT);
LoginInfo loginInfo = null;
if (sessionInfo.isNull()) {
redirectToLogin = true;
LOG.info("Null session info. Logging in again.");
} else {
loginInfo =
loginInfoDb.get(
sessionInfo.browserId,
sessionInfo.sessionId); // ttt2 use a cache, to avoid going to DB
if (loginInfo == null || loginInfo.expiresOn < System.currentTimeMillis()) {
LOG.info("Session has expired. Logging in again. Info: " + loginInfo);
redirectToLogin = true;
}
}
if (!path.equals(PATH_LOGIN) && !path.equals(PATH_SIGNUP) && !path.equals(PATH_ERROR)) {
if (redirectToLogin) {
// ttt2 perhaps store URI, to return to it after login
logOut(sessionInfo.browserId);
addLoginParams(request, loginInfo);
httpServletResponse.sendRedirect(PATH_LOGIN);
return true;
}
User user = userDb.get(loginInfo.userId);
if (user == null) {
WebUtils.redirectToError("Unknown user", request, httpServletResponse);
return true;
}
if (!user.active) {
WebUtils.redirectToError("Account is not active", request, httpServletResponse);
return true;
}
request.setAttribute(VAR_FEED_DB, feedDb);
request.setAttribute(VAR_USER_DB, userDb);
request.setAttribute(VAR_ARTICLE_DB, articleDb);
request.setAttribute(VAR_READ_ARTICLES_COLL_DB, readArticlesCollDb);
request.setAttribute(VAR_USER, user);
request.setAttribute(VAR_LOGIN_INFO, loginInfo);
MultiMap<String> params = new MultiMap<>();
params.put(PARAM_PATH, path);
request.setParameters(params);
}
if (path.equals(PATH_LOGIN)) {
addLoginParams(request, loginInfo);
}
return false;
}
