public void testUpdateExisting() throws Exception { long pk = nextLong(); UserTracker newUserTracker = _persistence.create(pk); newUserTracker.setCompanyId(nextLong()); newUserTracker.setUserId(nextLong()); newUserTracker.setModifiedDate(nextDate()); newUserTracker.setSessionId(randomString()); newUserTracker.setRemoteAddr(randomString()); newUserTracker.setRemoteHost(randomString()); newUserTracker.setUserAgent(randomString()); _persistence.update(newUserTracker, false); UserTracker existingUserTracker = _persistence.findByPrimaryKey(newUserTracker.getPrimaryKey()); assertEquals(existingUserTracker.getUserTrackerId(), newUserTracker.getUserTrackerId()); assertEquals(existingUserTracker.getCompanyId(), newUserTracker.getCompanyId()); assertEquals(existingUserTracker.getUserId(), newUserTracker.getUserId()); assertEquals( Time.getShortTimestamp(existingUserTracker.getModifiedDate()), Time.getShortTimestamp(newUserTracker.getModifiedDate())); assertEquals(existingUserTracker.getSessionId(), newUserTracker.getSessionId()); assertEquals(existingUserTracker.getRemoteAddr(), newUserTracker.getRemoteAddr()); assertEquals(existingUserTracker.getRemoteHost(), newUserTracker.getRemoteHost()); assertEquals(existingUserTracker.getUserAgent(), newUserTracker.getUserAgent()); }
public static void login( HttpServletRequest request, HttpServletResponse response, String login, String password, boolean rememberMe, String authType) throws Exception { CookieKeys.validateSupportCookie(request); HttpSession session = request.getSession(); Company company = PortalUtil.getCompany(request); long userId = getAuthenticatedUserId(request, login, password, authType); if (!PropsValues.AUTH_SIMULTANEOUS_LOGINS) { Map<String, UserTracker> sessionUsers = LiveUsers.getSessionUsers(company.getCompanyId()); List<UserTracker> userTrackers = new ArrayList<UserTracker>(sessionUsers.values()); for (UserTracker userTracker : userTrackers) { if (userId == userTracker.getUserId()) { HttpSession userTrackerSession = PortalSessionContext.get(userTracker.getSessionId()); if (userTrackerSession != null) { userTrackerSession.invalidate(); } } } } if (PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) { // Invalidate the previous session to prevent phishing String[] protectedAttributeNames = PropsValues.SESSION_PHISHING_PROTECTED_ATTRIBUTES; Map<String, Object> protectedAttributes = new HashMap<String, Object>(); for (String protectedAttributeName : protectedAttributeNames) { Object protectedAttributeValue = session.getAttribute(protectedAttributeName); if (protectedAttributeValue == null) { continue; } protectedAttributes.put(protectedAttributeName, protectedAttributeValue); } try { session.invalidate(); } catch (IllegalStateException ise) { // This only happens in Geronimo if (_log.isWarnEnabled()) { _log.warn(ise.getMessage()); } } session = request.getSession(true); for (String protectedAttributeName : protectedAttributeNames) { Object protectedAttributeValue = protectedAttributes.get(protectedAttributeName); if (protectedAttributeValue == null) { continue; } session.setAttribute(protectedAttributeName, protectedAttributeValue); } } // Set cookies String domain = CookieKeys.getDomain(request); User user = UserLocalServiceUtil.getUserById(userId); String userIdString = String.valueOf(userId); session.setAttribute("j_username", userIdString); session.setAttribute("j_password", user.getPassword()); session.setAttribute("j_remoteuser", userIdString); if (PropsValues.SESSION_STORE_PASSWORD) { session.setAttribute(WebKeys.USER_PASSWORD, password); } Cookie companyIdCookie = new Cookie(CookieKeys.COMPANY_ID, String.valueOf(company.getCompanyId())); if (Validator.isNotNull(domain)) { companyIdCookie.setDomain(domain); } companyIdCookie.setPath(StringPool.SLASH); Cookie idCookie = new Cookie(CookieKeys.ID, Encryptor.encrypt(company.getKeyObj(), userIdString)); if (Validator.isNotNull(domain)) { idCookie.setDomain(domain); } idCookie.setPath(StringPool.SLASH); Cookie passwordCookie = new Cookie(CookieKeys.PASSWORD, Encryptor.encrypt(company.getKeyObj(), password)); if (Validator.isNotNull(domain)) { passwordCookie.setDomain(domain); } passwordCookie.setPath(StringPool.SLASH); Cookie rememberMeCookie = new Cookie(CookieKeys.REMEMBER_ME, Boolean.TRUE.toString()); if (Validator.isNotNull(domain)) { rememberMeCookie.setDomain(domain); } rememberMeCookie.setPath(StringPool.SLASH); int loginMaxAge = PropsValues.COMPANY_SECURITY_AUTO_LOGIN_MAX_AGE; if (PropsValues.SESSION_DISABLED) { rememberMe = true; } if (rememberMe) { companyIdCookie.setMaxAge(loginMaxAge); idCookie.setMaxAge(loginMaxAge); passwordCookie.setMaxAge(loginMaxAge); rememberMeCookie.setMaxAge(loginMaxAge); } else { // This was explicitly changed from 0 to -1 so that the cookie lasts // as long as the browser. This allows an external servlet wrapped // in AutoLoginFilter to work throughout the client connection. The // cookies ARE removed on an actual logout, so there is no security // issue. See LEP-4678 and LEP-5177. companyIdCookie.setMaxAge(-1); idCookie.setMaxAge(-1); passwordCookie.setMaxAge(-1); rememberMeCookie.setMaxAge(0); } Cookie loginCookie = new Cookie(CookieKeys.LOGIN, login); if (Validator.isNotNull(domain)) { loginCookie.setDomain(domain); } loginCookie.setMaxAge(loginMaxAge); loginCookie.setPath(StringPool.SLASH); Cookie screenNameCookie = new Cookie( CookieKeys.SCREEN_NAME, Encryptor.encrypt(company.getKeyObj(), user.getScreenName())); if (Validator.isNotNull(domain)) { screenNameCookie.setDomain(domain); } screenNameCookie.setMaxAge(loginMaxAge); screenNameCookie.setPath(StringPool.SLASH); boolean secure = request.isSecure(); if (secure) { Boolean httpsInitial = (Boolean) session.getAttribute(WebKeys.HTTPS_INITIAL); if ((httpsInitial == null) || !httpsInitial.booleanValue()) { secure = false; } } CookieKeys.addCookie(request, response, companyIdCookie, secure); CookieKeys.addCookie(request, response, idCookie, secure); if (rememberMe) { CookieKeys.addCookie(request, response, passwordCookie, secure); CookieKeys.addCookie(request, response, rememberMeCookie, secure); CookieKeys.addCookie(request, response, loginCookie, secure); CookieKeys.addCookie(request, response, screenNameCookie, secure); } }