@Action( value = "/loginSubmit", results = { @Result(name = "input", location = "/login.jsp"), @Result( name = "change_password", location = "/admin/userSettings.action", type = "redirect"), @Result(name = "otp", location = "/admin/viewOTP.action", type = "redirect"), @Result(name = "success", location = "/admin/menu.action", type = "redirect") }) public String loginSubmit() { String retVal = SUCCESS; String authToken = AuthDB.login(auth); if (authToken != null) { User user = AuthDB.getUserByAuthToken(authToken); if (user != null) { String sharedSecret = null; if (otpEnabled) { sharedSecret = AuthDB.getSharedSecret(user.getId()); if (StringUtils.isNotEmpty(sharedSecret) && (auth.getOtpToken() == null || !OTPUtil.verifyToken(sharedSecret, auth.getOtpToken()))) { addActionError(AUTH_ERROR); return INPUT; } } // check to see if admin has any assigned profiles if (!User.MANAGER.equals(user.getUserType()) && (user.getProfileList() == null || user.getProfileList().size() <= 0)) { addActionError("Authentication Failed : There are no profiles assigned to this account"); return INPUT; } AuthUtil.setAuthToken(servletRequest.getSession(), authToken); AuthUtil.setUserId(servletRequest.getSession(), user.getId()); AuthUtil.setAuthType(servletRequest.getSession(), user.getAuthType()); AuthUtil.setTimeout(servletRequest.getSession()); // for first time login redirect to set OTP if (otpEnabled && StringUtils.isEmpty(sharedSecret)) { return "otp"; } else if ("changeme".equals(auth.getPassword()) && Auth.AUTH_BASIC.equals(user.getAuthType())) { retVal = "change_password"; } } } else { addActionError(AUTH_ERROR); retVal = INPUT; } return retVal; }
@Action( value = "/logout", results = {@Result(name = "success", location = "/login.action", type = "redirect")}) public String logout() { AuthUtil.deleteAllSession(servletRequest.getSession()); return SUCCESS; }