/** * @param username user name * @return boolean */ public boolean isAuthorized(String username) { boolean authorized = false; try { AuthorizationManager authManager = SecurityServiceProvider.getAuthorizationManager(CsmHelper.SUITE_APPLICATION_NAME); if (authManager != null) { User user = authorizationManager.getUser(username); if (user == null) { LOG.error("Username: "******" is not a CSM user"); } else { authorized = true; } } } catch (CSConfigurationException e) { LOG.error("Error during authorization check", e); } catch (CSException e) { LOG.error("Error during authorization check", e); } return authorized; }
public ActionForward execute( ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) { ActionErrors errors = new ActionErrors(); AuthenticationManager authenticationManager = null; AuthorizationManager authorizationManager = null; UserProvisioningManager userProvisioningManager = null; boolean loginSuccessful = false; boolean hasPermission = false; String uptContextName = DisplayConstants.UPT_CONTEXT_NAME; Application application = null; String serverInfoPathPort = (request.isSecure() ? "https://" : "http://") + request.getServerName() + ":" + request.getServerPort(); ObjectFactory.initialize("upt-beans.xml"); UPTProperties uptProperties = null; String urlContextForLoginApp = ""; String centralUPTConfiguration = ""; try { uptProperties = (UPTProperties) ObjectFactory.getObject("UPTProperties"); urlContextForLoginApp = uptProperties.getBackwardsCompatibilityInformation().getLoginApplicationContextName(); if (!StringUtils.isBlank(urlContextForLoginApp)) { serverInfoPathPort = serverInfoPathPort + "/" + urlContextForLoginApp + "/"; } else { serverInfoPathPort = serverInfoPathPort + "/" + DisplayConstants.LOGIN_APPLICATION_CONTEXT_NAME + "/"; } centralUPTConfiguration = uptProperties.getBackwardsCompatibilityInformation().getCentralUPTConfiguration(); if ("true".equalsIgnoreCase(centralUPTConfiguration)) { uptContextName = DisplayConstants.UPT_AUTHENTICATION_CONTEXT_NAME; } } catch (UPTConfigurationException e) { serverInfoPathPort = serverInfoPathPort + "/" + DisplayConstants.LOGIN_APPLICATION_CONTEXT_NAME + "/"; } // System.out.println("centralUPTConfiguration: "+centralUPTConfiguration); // System.out.println("urlContextForLoginApp: "+urlContextForLoginApp); // System.out.println("serverInfoPathPort: "+serverInfoPathPort); LoginForm loginForm = (LoginForm) form; if (StringUtils.isBlank(loginForm.getApplicationContextName()) || StringUtils.isBlank(loginForm.getLoginId()) || StringUtils.isBlank(loginForm.getPassword())) { ActionForward newActionForward = new ActionForward(); newActionForward.setPath(serverInfoPathPort); newActionForward.setRedirect(true); return newActionForward; } UserInfoHelper.setUserInfo(loginForm.getLoginId(), request.getSession().getId()); errors.clear(); try { // System.out.println("uptContextName1: "+uptContextName); authorizationManager = SecurityServiceProvider.getAuthorizationManager(uptContextName); if (null == authorizationManager) { errors.add( ActionErrors.GLOBAL_ERROR, new ActionError( DisplayConstants.ERROR_ID, "Unable to initialize Authorization Manager for the given application context using new configuration")); saveErrors(request, errors); if (log.isDebugEnabled()) log.debug( "|" + loginForm.getLoginId() + "||Login|Failure|Unable to instantiate Authorization Manager for UPT application using new configuration||"); return mapping.findForward(ForwardConstants.LOGIN_FAILURE); } } catch (CSException cse) { authorizationManager = null; } if (null == authorizationManager) { try { if (null == uptContextName || uptContextName.equalsIgnoreCase("")) { errors.add( ActionErrors.GLOBAL_ERROR, new ActionError( DisplayConstants.ERROR_ID, "Unable to read the UPT Context Name from Security Config File")); saveErrors(request, errors); if (log.isDebugEnabled()) log.debug( "|" + loginForm.getLoginId() + "||Login|Failure|Unable to read the UPT Context Name from Security Config File"); return mapping.findForward(ForwardConstants.LOGIN_FAILURE); } } catch (Exception ex) { errors.add( ActionErrors.GLOBAL_ERROR, new ActionError( DisplayConstants.ERROR_ID, org.apache.commons.lang.StringEscapeUtils.escapeHtml(ex.getMessage()))); saveErrors(request, errors); if (log.isDebugEnabled()) log.debug( "|" + loginForm.getLoginId() + "||Login|Failure|Unable to read the UPT Context Name from Security Config File||"); return mapping.findForward(ForwardConstants.LOGIN_FAILURE); } } try { authenticationManager = SecurityServiceProvider.getAuthenticationManager( DisplayConstants.UPT_AUTHENTICATION_CONTEXT_NAME); if (null == authenticationManager) { errors.add( ActionErrors.GLOBAL_ERROR, new ActionError( DisplayConstants.ERROR_ID, "Unable to initialize Authentication Manager for the given application context")); saveErrors(request, errors); if (log.isDebugEnabled()) log.debug( "|" + loginForm.getLoginId() + "||Login|Failure|Unable to instantiate AuthenticationManager for UPT application||"); return mapping.findForward(ForwardConstants.LOGIN_FAILURE); } } catch (CSException cse) { errors.add( ActionErrors.GLOBAL_ERROR, new ActionError( DisplayConstants.ERROR_ID, org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage()))); saveErrors(request, errors); if (log.isDebugEnabled()) log.debug( "|" + loginForm.getLoginId() + "||Login|Failure|Unable to instantiate AuthenticationManager for UPT application|" + loginForm.toString() + "|" + cse.getMessage()); return mapping.findForward(ForwardConstants.LOGIN_FAILURE); } try { loginSuccessful = authenticationManager.login(loginForm.getLoginId(), loginForm.getPassword()); } catch (CSCredentialExpiredException cse) { errors.add( ActionErrors.GLOBAL_ERROR, new ActionError( DisplayConstants.ERROR_ID, org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage()))); saveErrors(request, errors); if (log.isDebugEnabled()) log.debug( "|" + loginForm.getLoginId() + "||Login|Failure|Password Expired for user name " + loginForm.getLoginId() + " and" + loginForm.getApplicationContextName() + " application|" + loginForm.toString() + "|" + cse.getMessage()); return mapping.findForward(ForwardConstants.EXPIRED_PASSWORD); } catch (CSFirstTimeLoginException cse) { errors.add( ActionErrors.GLOBAL_ERROR, new ActionError( DisplayConstants.ERROR_ID, org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage()))); saveErrors(request, errors); if (log.isDebugEnabled()) log.debug( "|" + loginForm.getLoginId() + "||Login|Failure|Password Expired for user name " + loginForm.getLoginId() + " and" + loginForm.getApplicationContextName() + " application|" + loginForm.toString() + "|" + cse.getMessage()); return mapping.findForward(ForwardConstants.EXPIRED_PASSWORD); } catch (CSException cse) { errors.add( ActionErrors.GLOBAL_ERROR, new ActionError( DisplayConstants.ERROR_ID, org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage()))); saveErrors(request, errors); if (log.isDebugEnabled()) log.debug( "|" + loginForm.getLoginId() + "||Login|Failure|Login Failed for user name " + loginForm.getLoginId() + " and" + loginForm.getApplicationContextName() + " application|" + loginForm.toString() + "|" + cse.getMessage()); return mapping.findForward(ForwardConstants.LOGIN_FAILURE); } try { authorizationManager = SecurityServiceProvider.getAuthorizationManager(uptContextName); if (null == authorizationManager) { errors.add( ActionErrors.GLOBAL_ERROR, new ActionError( DisplayConstants.ERROR_ID, "Unable to initialize Authorization Manager for the given application context")); saveErrors(request, errors); if (log.isDebugEnabled()) log.debug( "|" + loginForm.getLoginId() + "||Login|Failure|Unable to instantiate Authorization Manager for UPT application||"); return mapping.findForward(ForwardConstants.LOGIN_FAILURE); } } catch (CSException cse) { errors.add( ActionErrors.GLOBAL_ERROR, new ActionError( DisplayConstants.ERROR_ID, org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage()))); saveErrors(request, errors); if (log.isDebugEnabled()) log.debug( "|" + loginForm.getLoginId() + "||Login|Failure|Unable to instantiate AuthorizationManager for UPT application|" + loginForm.toString() + "|" + cse.getMessage()); return mapping.findForward(ForwardConstants.LOGIN_FAILURE); } try { hasPermission = authorizationManager.checkPermission( loginForm.getLoginId(), loginForm.getApplicationContextName(), null); if (!hasPermission) { try { userProvisioningManager = getUserProvisioningManager( authorizationManager, loginForm.getApplicationContextName()); if (null == userProvisioningManager) { errors.add( ActionErrors.GLOBAL_ERROR, new ActionError( DisplayConstants.ERROR_ID, "Unable to initialize Authorization Manager for the given application context")); saveErrors(request, errors); if (log.isDebugEnabled()) log.debug( "|" + loginForm.getLoginId() + "||Login|Failure|Unable to instantiate User Provisioning Manager for " + loginForm.getApplicationContextName() + " application||"); return mapping.findForward(ForwardConstants.LOGIN_FAILURE); } } catch (CSException cse) { errors.add( ActionErrors.GLOBAL_ERROR, new ActionError( DisplayConstants.ERROR_ID, org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage()))); saveErrors(request, errors); if (log.isDebugEnabled()) log.debug( "|" + loginForm.getLoginId() + "||Login|Failure|Unable to instantiate User Provisioning Manager for |" + loginForm.toString() + "|" + cse.getMessage()); return mapping.findForward(ForwardConstants.LOGIN_FAILURE); } HttpSession session = request.getSession(true); session.setAttribute(DisplayConstants.USER_PROVISIONING_MANAGER, userProvisioningManager); session.setAttribute(DisplayConstants.LOGIN_OBJECT, form); session.setAttribute(DisplayConstants.CURRENT_TABLE_ID, DisplayConstants.HOME_ID); session.setAttribute( Constants.UPT_USER_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE, "false"); session.setAttribute( Constants.UPT_PROTECTION_ELEMENT_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE, "false"); session.setAttribute( Constants.UPT_PRIVILEGE_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE, "false"); session.setAttribute( Constants.UPT_GROUP_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE, "false"); session.setAttribute( Constants.UPT_PROTECTION_GROUP_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE, "false"); session.setAttribute( Constants.UPT_ROLE_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE, "false"); session.setAttribute( Constants.UPT_INSTANCE_LEVEL_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE, "false"); // errors.add(ActionErrors.GLOBAL_ERROR, new ActionError(DisplayConstants.ERROR_ID, // "Access permission denied for the application" )); // saveErrors( request,errors ); // if (log.isDebugEnabled()) // log.debug("|"+loginForm.getLoginId()+ // "||Login|Failure|User "+loginForm.getLoginId()+" doesnot have permission on // "+loginForm.getApplicationContextName()+" application||"); return mapping.findForward(ForwardConstants.LOGIN_SUCCESS); } } catch (CSException cse) { errors.add( ActionErrors.GLOBAL_ERROR, new ActionError( DisplayConstants.ERROR_ID, org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage()))); saveErrors(request, errors); if (log.isDebugEnabled()) log.debug( "|" + loginForm.getLoginId() + "||Login|Failure|Error in checking permission|" + loginForm.toString() + "|" + cse.getMessage()); return mapping.findForward(ForwardConstants.LOGIN_FAILURE); } try { // UserProvisioningManager upm = (UserProvisioningManager)authorizationManager; application = authorizationManager.getApplication(loginForm.getApplicationContextName()); userProvisioningManager = getUserProvisioningManager(authorizationManager, loginForm.getApplicationContextName()); if (null == userProvisioningManager) { errors.add( ActionErrors.GLOBAL_ERROR, new ActionError( DisplayConstants.ERROR_ID, "Unable to initialize Authorization Manager for the given application context")); saveErrors(request, errors); if (log.isDebugEnabled()) log.debug( "|" + loginForm.getLoginId() + "||Login|Failure|Unable to instantiate User Provisioning Manager for " + loginForm.getApplicationContextName() + " application||"); return mapping.findForward(ForwardConstants.LOGIN_FAILURE); } } catch (CSException cse) { errors.add( ActionErrors.GLOBAL_ERROR, new ActionError( DisplayConstants.ERROR_ID, org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage()))); saveErrors(request, errors); if (log.isDebugEnabled()) log.debug( "|" + loginForm.getLoginId() + "||Login|Failure|Unable to instantiate User Provisioning Manager for |" + loginForm.toString() + "|" + cse.getMessage()); return mapping.findForward(ForwardConstants.LOGIN_FAILURE); } HttpSession session = request.getSession(true); session.setAttribute(DisplayConstants.USER_PROVISIONING_MANAGER, userProvisioningManager); session.setAttribute(DisplayConstants.LOGIN_OBJECT, form); session.setAttribute(DisplayConstants.CURRENT_TABLE_ID, DisplayConstants.HOME_ID); authenticationManager = null; authorizationManager = null; try { processUptOperation( userProvisioningManager, loginForm.getLoginId(), application.getApplicationName(), session); } catch (CSTransactionException e) { // TODO Auto-generated catch block e.printStackTrace(); } if (((LoginForm) form).getApplicationContextName().equalsIgnoreCase(uptContextName)) { session.setAttribute(DisplayConstants.ADMIN_USER, DisplayConstants.ADMIN_USER); if (log.isDebugEnabled()) log.debug( session.getId() + "|" + ((LoginForm) session.getAttribute(DisplayConstants.LOGIN_OBJECT)).getLoginId() + "||Login|Success|Login Successful for user " + loginForm.getLoginId() + " and " + loginForm.getApplicationContextName() + " application, Forwarding to the Super Admin Home Page||"); return (mapping.findForward(ForwardConstants.ADMIN_LOGIN_SUCCESS)); } else { if (log.isDebugEnabled()) log.debug( session.getId() + "|" + ((LoginForm) session.getAttribute(DisplayConstants.LOGIN_OBJECT)).getLoginId() + "||Login|Success|Login Successful for user " + loginForm.getLoginId() + " and " + loginForm.getApplicationContextName() + " application, Forwarding to the Home Page||"); return (mapping.findForward(ForwardConstants.LOGIN_SUCCESS)); } }