예제 #1
0
  @ModelAttribute
  @RequestMapping(method = {RequestMethod.GET, RequestMethod.POST})
  protected User showForm(HttpServletRequest request, HttpServletResponse response)
      throws Exception {
    // If not an administrator, make sure user is not trying to add or edit another user
    if (!request.isUserInRole(Constants.ADMIN_ROLE) && !isFormSubmission(request)) {
      if (isAdd(request) || request.getParameter("id") != null) {
        response.sendError(HttpServletResponse.SC_FORBIDDEN);
        log.warn(
            "User '"
                + request.getRemoteUser()
                + "' is trying to edit user with id '"
                + request.getParameter("id")
                + "'");

        throw new AccessDeniedException("You do not have permission to modify other users.");
      }
    }

    if (!isFormSubmission(request)) {
      String userId = request.getParameter("id");

      // if user logged in with remember me, display a warning that they can't change passwords
      log.debug("checking for remember me login...");

      AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl();
      SecurityContext ctx = SecurityContextHolder.getContext();

      if (ctx.getAuthentication() != null) {
        Authentication auth = ctx.getAuthentication();

        if (resolver.isRememberMe(auth)) {
          request.getSession().setAttribute("cookieLogin", "true");

          // add warning message
          saveMessage(request, getText("userProfile.cookieLogin", request.getLocale()));
        }
      }

      User user;
      if (userId == null && !isAdd(request)) {
        user = getUserManager().getUserByUsername(request.getRemoteUser());
      } else if (!StringUtils.isBlank(userId) && !"".equals(request.getParameter("version"))) {
        user = getUserManager().getUser(userId);

      } else {
        user = new User();
        user.addRole(new Role(Constants.USER_ROLE));
      }

      List<ClpbEstacion> estaciones = getUserManager().obtenerEstaciones();
      request.getSession().setAttribute("estaciones", estaciones);

      List<LabelValue> roles = lookupManager.getAllRoles();
      request.getSession().setAttribute(Constants.AVAILABLE_ROLES, roles);

      List<BNEmpresaAfiliadora> empresas =
          empresaAfiliadoraService.listarTodasLasEmpresasAfiliadoras();
      request.getSession().setAttribute("empresas", empresas);

      return user;
    } else {
      // populate user object from database, so all fields don't need to be hidden fields in form
      return getUserManager().getUser(request.getParameter("id"));
    }
  }
예제 #2
0
  @RequestMapping(method = RequestMethod.POST)
  public String onSubmit(
      User user, BindingResult errors, HttpServletRequest request, HttpServletResponse response)
      throws Exception {
    if (request.getParameter("cancel") != null) {
      if (!StringUtils.equals(request.getParameter("from"), "list")) {
        return getCancelView();
      } else {
        return getSuccessView();
      }
    }

    if (validator != null) { // validator is null during testing
      validator.validate(user, errors);

      if (errors.hasErrors()
          && request.getParameter("delete") == null) { // don't validate when deleting
        return "/userform";
      }
    }

    log.debug("entering 'onSubmit' method...");

    Locale locale = request.getLocale();

    if (request.getParameter("delete") != null) {
      getUserManager().removeUser(user.getId().toString());
      saveMessage(request, getText("user.deleted", user.getFullName(), locale));
      return getSuccessView();
    } else {

      // only attempt to change roles if user is admin for other users,
      // showForm() method will handle populating
      if (request.isUserInRole(Constants.ADMIN_ROLE)) {
        String[] userRoles = request.getParameterValues("userRoles");

        if (userRoles != null) {
          user.getRoles().clear();
          for (String roleName : userRoles) {
            user.addRole(roleManager.getRole(roleName));
          }
        }
      }

      Integer originalVersion = user.getVersion();

      try {
        User userx = roleManager.getUserByUsername(user.getUsername());
        if (userx != null) {
          if (!userx.getPassword().equals(user.getPassword())) {
            user.setPassword(AeSimpleSHA1.SHA1(user.getPassword()));
          }
        } else {
          user.setPassword(AeSimpleSHA1.SHA1(user.getPassword()));
        }
        // user.setOriginalPassword(user.getOriginalPassword());//new
        // String pass = AeSimpleSHA1.SHA1(user.getOriginalPassword()); //new
        // user.setPassword(pass);//new
        getUserManager().saveUser(user);
      } catch (AccessDeniedException ade) {
        // thrown by UserSecurityAdvice configured in aop:advisor userManagerSecurity
        log.warn(ade.getMessage());
        response.sendError(HttpServletResponse.SC_FORBIDDEN);
        return null;
      } catch (UserExistsException e) {
        errors.rejectValue(
            "username",
            "errors.existing.user",
            new Object[] {user.getUsername(), user.getEmail()},
            "duplicate user");

        // reset the version # to what was passed in
        user.setVersion(originalVersion);

        return "/userform";
      }

      if (!StringUtils.equals(request.getParameter("from"), "list")) {
        saveMessage(request, getText("user.saved", user.getFullName(), locale));

        // return to main Menu
        return getCancelView();
      } else {
        if (StringUtils.isBlank(request.getParameter("version"))) {
          saveMessage(request, getText("user.added", user.getFullName(), locale));

          // Send an account information e-mail
          // Aun no podemos enviar correos :(
          //                    message.setSubject(getText("signup.email.subject", locale));

          //                    try {
          //                        sendUserMessage(user, getText("newuser.email.message",
          // user.getFullName(), locale),
          //                                        RequestUtil.getAppURL(request));
          //                    } catch (MailException me) {
          //                        saveError(request, me.getCause().getLocalizedMessage());
          //                    }

          return getSuccessView();
        } else {
          saveMessage(request, getText("user.updated.byAdmin", user.getFullName(), locale));
        }
      }
    }

    return getSuccessView();
  }