/**
* Creates a ROle object.
*
* @param roleName rolename
* @param privileges set of privileges
* @throws SMException
*/
public void createRole(String roleName, Set<String> privileges) throws SMException {
PrivilegeUtility privilegeUtility = new PrivilegeUtility();
Role role = null;
try {
role = privilegeUtility.getRole(roleName);
} catch (Exception e) {
role = new Role();
role.setName(roleName);
role.setDesc("Dynamically created role");
role.setApplication(
privilegeUtility.getApplication(
SecurityManagerPropertiesLocator.getInstance().getApplicationCtxName()));
Set<Privilege> privilegeList = new HashSet<Privilege>();
try {
for (String privilegeId : privileges) {
Privilege privilege =
privilegeUtility.getUserProvisioningManager().getPrivilegeById(privilegeId);
privilegeList.add(privilege);
}
role.setPrivileges(privilegeList);
UserProvisioningManager userProvisioningManager =
privilegeUtility.getUserProvisioningManager();
userProvisioningManager.createRole(role);
} catch (CSObjectNotFoundException e1) {
Utility.getInstance().throwSMException(e1, e1.getMessage(), "sm.operation.error");
} catch (CSTransactionException e2) {
Utility.getInstance().throwSMException(e2, e2.getMessage(), "sm.operation.error");
}
}
}
public ActionForward execute(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response) {
ActionErrors errors = new ActionErrors();
AuthenticationManager authenticationManager = null;
AuthorizationManager authorizationManager = null;
UserProvisioningManager userProvisioningManager = null;
boolean loginSuccessful = false;
boolean hasPermission = false;
String uptContextName = DisplayConstants.UPT_CONTEXT_NAME;
Application application = null;
String serverInfoPathPort =
(request.isSecure() ? "https://" : "http://")
+ request.getServerName()
+ ":"
+ request.getServerPort();
ObjectFactory.initialize("upt-beans.xml");
UPTProperties uptProperties = null;
String urlContextForLoginApp = "";
String centralUPTConfiguration = "";
try {
uptProperties = (UPTProperties) ObjectFactory.getObject("UPTProperties");
urlContextForLoginApp =
uptProperties.getBackwardsCompatibilityInformation().getLoginApplicationContextName();
if (!StringUtils.isBlank(urlContextForLoginApp)) {
serverInfoPathPort = serverInfoPathPort + "/" + urlContextForLoginApp + "/";
} else {
serverInfoPathPort =
serverInfoPathPort + "/" + DisplayConstants.LOGIN_APPLICATION_CONTEXT_NAME + "/";
}
centralUPTConfiguration =
uptProperties.getBackwardsCompatibilityInformation().getCentralUPTConfiguration();
if ("true".equalsIgnoreCase(centralUPTConfiguration)) {
uptContextName = DisplayConstants.UPT_AUTHENTICATION_CONTEXT_NAME;
}
} catch (UPTConfigurationException e) {
serverInfoPathPort =
serverInfoPathPort + "/" + DisplayConstants.LOGIN_APPLICATION_CONTEXT_NAME + "/";
}
// System.out.println("centralUPTConfiguration: "+centralUPTConfiguration);
// System.out.println("urlContextForLoginApp: "+urlContextForLoginApp);
// System.out.println("serverInfoPathPort: "+serverInfoPathPort);
LoginForm loginForm = (LoginForm) form;
if (StringUtils.isBlank(loginForm.getApplicationContextName())
|| StringUtils.isBlank(loginForm.getLoginId())
|| StringUtils.isBlank(loginForm.getPassword())) {
ActionForward newActionForward = new ActionForward();
newActionForward.setPath(serverInfoPathPort);
newActionForward.setRedirect(true);
return newActionForward;
}
UserInfoHelper.setUserInfo(loginForm.getLoginId(), request.getSession().getId());
errors.clear();
try {
// System.out.println("uptContextName1: "+uptContextName);
authorizationManager = SecurityServiceProvider.getAuthorizationManager(uptContextName);
if (null == authorizationManager) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
"Unable to initialize Authorization Manager for the given application context using new configuration"));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Unable to instantiate Authorization Manager for UPT application using new configuration||");
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
} catch (CSException cse) {
authorizationManager = null;
}
if (null == authorizationManager) {
try {
if (null == uptContextName || uptContextName.equalsIgnoreCase("")) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
"Unable to read the UPT Context Name from Security Config File"));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Unable to read the UPT Context Name from Security Config File");
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
} catch (Exception ex) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
org.apache.commons.lang.StringEscapeUtils.escapeHtml(ex.getMessage())));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Unable to read the UPT Context Name from Security Config File||");
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
}
try {
authenticationManager =
SecurityServiceProvider.getAuthenticationManager(
DisplayConstants.UPT_AUTHENTICATION_CONTEXT_NAME);
if (null == authenticationManager) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
"Unable to initialize Authentication Manager for the given application context"));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Unable to instantiate AuthenticationManager for UPT application||");
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
} catch (CSException cse) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Unable to instantiate AuthenticationManager for UPT application|"
+ loginForm.toString()
+ "|"
+ cse.getMessage());
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
try {
loginSuccessful =
authenticationManager.login(loginForm.getLoginId(), loginForm.getPassword());
} catch (CSCredentialExpiredException cse) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Password Expired for user name "
+ loginForm.getLoginId()
+ " and"
+ loginForm.getApplicationContextName()
+ " application|"
+ loginForm.toString()
+ "|"
+ cse.getMessage());
return mapping.findForward(ForwardConstants.EXPIRED_PASSWORD);
} catch (CSFirstTimeLoginException cse) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Password Expired for user name "
+ loginForm.getLoginId()
+ " and"
+ loginForm.getApplicationContextName()
+ " application|"
+ loginForm.toString()
+ "|"
+ cse.getMessage());
return mapping.findForward(ForwardConstants.EXPIRED_PASSWORD);
} catch (CSException cse) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Login Failed for user name "
+ loginForm.getLoginId()
+ " and"
+ loginForm.getApplicationContextName()
+ " application|"
+ loginForm.toString()
+ "|"
+ cse.getMessage());
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
try {
authorizationManager = SecurityServiceProvider.getAuthorizationManager(uptContextName);
if (null == authorizationManager) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
"Unable to initialize Authorization Manager for the given application context"));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Unable to instantiate Authorization Manager for UPT application||");
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
} catch (CSException cse) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Unable to instantiate AuthorizationManager for UPT application|"
+ loginForm.toString()
+ "|"
+ cse.getMessage());
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
try {
hasPermission =
authorizationManager.checkPermission(
loginForm.getLoginId(), loginForm.getApplicationContextName(), null);
if (!hasPermission) {
try {
userProvisioningManager =
getUserProvisioningManager(
authorizationManager, loginForm.getApplicationContextName());
if (null == userProvisioningManager) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
"Unable to initialize Authorization Manager for the given application context"));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Unable to instantiate User Provisioning Manager for "
+ loginForm.getApplicationContextName()
+ " application||");
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
} catch (CSException cse) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Unable to instantiate User Provisioning Manager for |"
+ loginForm.toString()
+ "|"
+ cse.getMessage());
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
HttpSession session = request.getSession(true);
session.setAttribute(DisplayConstants.USER_PROVISIONING_MANAGER, userProvisioningManager);
session.setAttribute(DisplayConstants.LOGIN_OBJECT, form);
session.setAttribute(DisplayConstants.CURRENT_TABLE_ID, DisplayConstants.HOME_ID);
session.setAttribute(
Constants.UPT_USER_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE, "false");
session.setAttribute(
Constants.UPT_PROTECTION_ELEMENT_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE,
"false");
session.setAttribute(
Constants.UPT_PRIVILEGE_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE, "false");
session.setAttribute(
Constants.UPT_GROUP_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE, "false");
session.setAttribute(
Constants.UPT_PROTECTION_GROUP_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE,
"false");
session.setAttribute(
Constants.UPT_ROLE_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE, "false");
session.setAttribute(
Constants.UPT_INSTANCE_LEVEL_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE, "false");
// errors.add(ActionErrors.GLOBAL_ERROR, new ActionError(DisplayConstants.ERROR_ID,
// "Access permission denied for the application" ));
// saveErrors( request,errors );
// if (log.isDebugEnabled())
// log.debug("|"+loginForm.getLoginId()+
// "||Login|Failure|User "+loginForm.getLoginId()+" doesnot have permission on
// "+loginForm.getApplicationContextName()+" application||");
return mapping.findForward(ForwardConstants.LOGIN_SUCCESS);
}
} catch (CSException cse) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Error in checking permission|"
+ loginForm.toString()
+ "|"
+ cse.getMessage());
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
try {
// UserProvisioningManager upm = (UserProvisioningManager)authorizationManager;
application = authorizationManager.getApplication(loginForm.getApplicationContextName());
userProvisioningManager =
getUserProvisioningManager(authorizationManager, loginForm.getApplicationContextName());
if (null == userProvisioningManager) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
"Unable to initialize Authorization Manager for the given application context"));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Unable to instantiate User Provisioning Manager for "
+ loginForm.getApplicationContextName()
+ " application||");
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
} catch (CSException cse) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Unable to instantiate User Provisioning Manager for |"
+ loginForm.toString()
+ "|"
+ cse.getMessage());
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
HttpSession session = request.getSession(true);
session.setAttribute(DisplayConstants.USER_PROVISIONING_MANAGER, userProvisioningManager);
session.setAttribute(DisplayConstants.LOGIN_OBJECT, form);
session.setAttribute(DisplayConstants.CURRENT_TABLE_ID, DisplayConstants.HOME_ID);
authenticationManager = null;
authorizationManager = null;
try {
processUptOperation(
userProvisioningManager,
loginForm.getLoginId(),
application.getApplicationName(),
session);
} catch (CSTransactionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
if (((LoginForm) form).getApplicationContextName().equalsIgnoreCase(uptContextName)) {
session.setAttribute(DisplayConstants.ADMIN_USER, DisplayConstants.ADMIN_USER);
if (log.isDebugEnabled())
log.debug(
session.getId()
+ "|"
+ ((LoginForm) session.getAttribute(DisplayConstants.LOGIN_OBJECT)).getLoginId()
+ "||Login|Success|Login Successful for user "
+ loginForm.getLoginId()
+ " and "
+ loginForm.getApplicationContextName()
+ " application, Forwarding to the Super Admin Home Page||");
return (mapping.findForward(ForwardConstants.ADMIN_LOGIN_SUCCESS));
} else {
if (log.isDebugEnabled())
log.debug(
session.getId()
+ "|"
+ ((LoginForm) session.getAttribute(DisplayConstants.LOGIN_OBJECT)).getLoginId()
+ "||Login|Success|Login Successful for user "
+ loginForm.getLoginId()
+ " and "
+ loginForm.getApplicationContextName()
+ " application, Forwarding to the Home Page||");
return (mapping.findForward(ForwardConstants.LOGIN_SUCCESS));
}
}