Пример #1
0
  /**
   * An HTTP WebEvent handler that logs out a userLogin by clearing the session.
   *
   * @param request The HTTP request object for the current request.
   * @param response The HTTP response object for the current request.
   * @return Return a boolean which specifies whether or not the calling request should generate its
   *     own content. This allows an event to override the default content.
   */
  public static String logout(HttpServletRequest request, HttpServletResponse response) {
    // run the before-logout events
    RequestHandler rh = RequestHandler.getRequestHandler(request.getSession().getServletContext());
    rh.runBeforeLogoutEvents(request, response);

    // invalidate the security group list cache
    GenericValue userLogin = (GenericValue) request.getSession().getAttribute("userLogin");

    doBasicLogout(userLogin, request, response);

    Element rootElement = getRootElement(request);

    String result = "error";
    if (rootElement != null) {
      String className =
          UtilXml.childElementValue(
              rootElement,
              "AuthenticationHandler",
              "org.ofbiz.ldap.openldap.OFBizLdapAuthenticationHandler");
      try {
        Class<?> handlerClass = Class.forName(className);
        InterfaceOFBizAuthenticationHandler authenticationHandler =
            (InterfaceOFBizAuthenticationHandler) handlerClass.newInstance();
        result = authenticationHandler.logout(request, response, rootElement);
      } catch (ClassNotFoundException e) {
        Debug.logError(e, "Error calling userLogin service", module);
        Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
        String errMsg =
            UtilProperties.getMessage(
                resourceWebapp,
                "loginevents.following_error_occurred_during_login",
                messageMap,
                UtilHttp.getLocale(request));
        request.setAttribute("_ERROR_MESSAGE_", errMsg);
      } catch (InstantiationException e) {
        Debug.logError(e, "Error calling userLogin service", module);
        Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
        String errMsg =
            UtilProperties.getMessage(
                resourceWebapp,
                "loginevents.following_error_occurred_during_login",
                messageMap,
                UtilHttp.getLocale(request));
        request.setAttribute("_ERROR_MESSAGE_", errMsg);
      } catch (IllegalAccessException e) {
        Debug.logError(e, "Error calling userLogin service", module);
        Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
        String errMsg =
            UtilProperties.getMessage(
                resourceWebapp,
                "loginevents.following_error_occurred_during_login",
                messageMap,
                UtilHttp.getLocale(request));
        request.setAttribute("_ERROR_MESSAGE_", errMsg);
      } catch (Exception e) {
        Debug.logError(e, "Error calling userLogin service", module);
        Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
        String errMsg =
            UtilProperties.getMessage(
                resourceWebapp,
                "loginevents.following_error_occurred_during_login",
                messageMap,
                UtilHttp.getLocale(request));
        request.setAttribute("_ERROR_MESSAGE_", errMsg);
      }
    }

    if (request.getAttribute("_AUTO_LOGIN_LOGOUT_") == null) {
      return autoLoginCheck(request, response);
    }
    return result;
  }
Пример #2
0
  /**
   * An HTTP WebEvent handler that checks to see is a userLogin is logged in. If not, the user is
   * forwarded to the login page.
   *
   * @param request The HTTP request object for the current JSP or Servlet request.
   * @param response The HTTP response object for the current JSP or Servlet request.
   * @return String
   */
  public static String checkLogin(HttpServletRequest request, HttpServletResponse response) {
    GenericValue userLogin = (GenericValue) request.getSession().getAttribute("userLogin");
    // anonymous shoppers are not logged in
    if (userLogin != null && "anonymous".equals(userLogin.getString("userLoginId"))) {
      userLogin = null;
    }

    // user is logged in; check to see if they have globally logged out if not
    // check if they have permission for this login attempt; if not log them out
    if (userLogin != null) {
      Element rootElement = getRootElement(request);
      boolean hasLdapLoggedOut = false;
      if (rootElement != null) {
        String className =
            UtilXml.childElementValue(
                rootElement,
                "AuthenticationHandler",
                "org.ofbiz.ldap.openldap.OFBizLdapAuthenticationHandler");
        try {
          Class<?> handlerClass = Class.forName(className);
          InterfaceOFBizAuthenticationHandler authenticationHandler =
              (InterfaceOFBizAuthenticationHandler) handlerClass.newInstance();
          hasLdapLoggedOut = authenticationHandler.hasLdapLoggedOut(request, response, rootElement);
        } catch (ClassNotFoundException e) {
          Debug.logError(e, "Error calling checkLogin service", module);
          Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
          String errMsg =
              UtilProperties.getMessage(
                  resourceWebapp,
                  "loginevents.following_error_occurred_during_login",
                  messageMap,
                  UtilHttp.getLocale(request));
          request.setAttribute("_ERROR_MESSAGE_", errMsg);
        } catch (InstantiationException e) {
          Debug.logError(e, "Error calling checkLogin service", module);
          Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
          String errMsg =
              UtilProperties.getMessage(
                  resourceWebapp,
                  "loginevents.following_error_occurred_during_login",
                  messageMap,
                  UtilHttp.getLocale(request));
          request.setAttribute("_ERROR_MESSAGE_", errMsg);
        } catch (IllegalAccessException e) {
          Debug.logError(e, "Error calling checkLogin service", module);
          Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
          String errMsg =
              UtilProperties.getMessage(
                  resourceWebapp,
                  "loginevents.following_error_occurred_during_login",
                  messageMap,
                  UtilHttp.getLocale(request));
          request.setAttribute("_ERROR_MESSAGE_", errMsg);
        } catch (Exception e) {
          Debug.logError(e, "Error calling checkLogin service", module);
          Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
          String errMsg =
              UtilProperties.getMessage(
                  resourceWebapp,
                  "loginevents.following_error_occurred_during_login",
                  messageMap,
                  UtilHttp.getLocale(request));
          request.setAttribute("_ERROR_MESSAGE_", errMsg);
        }
      }

      if (!hasBasePermission(userLogin, request)
          || isFlaggedLoggedOut(userLogin)
          || hasLdapLoggedOut) {
        Debug.logInfo("User does not have permission or is flagged as logged out", module);
        doBasicLogout(userLogin, request, response);
        userLogin = null;
      }
    }

    if (userLogin == null) {
      return login(request, response);
    }

    return "success";
  }
Пример #3
0
  /**
   * An HTTP WebEvent handler that logs in a userLogin. This should run before the security check.
   *
   * @param request The HTTP request object for the current JSP or Servlet request.
   * @param response The HTTP response object for the current JSP or Servlet request.
   * @return Return a boolean which specifies whether or not the calling Servlet or JSP should
   *     generate its own content. This allows an event to override the default content.
   */
  public static String login(HttpServletRequest request, HttpServletResponse response) {

    Element rootElement = getRootElement(request);
    String result = "error";
    if (rootElement != null) {
      String className =
          UtilXml.childElementValue(
              rootElement,
              "AuthenticationHandler",
              "org.ofbiz.ldap.openldap.OFBizLdapAuthenticationHandler");
      try {
        Class<?> handlerClass = Class.forName(className);
        InterfaceOFBizAuthenticationHandler authenticationHandler =
            (InterfaceOFBizAuthenticationHandler) handlerClass.newInstance();
        result = authenticationHandler.login(request, response, rootElement);
      } catch (ClassNotFoundException e) {
        Debug.logError(e, "Error calling userLogin service", module);
        Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
        String errMsg =
            UtilProperties.getMessage(
                resourceWebapp,
                "loginevents.following_error_occurred_during_login",
                messageMap,
                UtilHttp.getLocale(request));
        request.setAttribute("_ERROR_MESSAGE_", errMsg);
      } catch (InstantiationException e) {
        Debug.logError(e, "Error calling userLogin service", module);
        Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
        String errMsg =
            UtilProperties.getMessage(
                resourceWebapp,
                "loginevents.following_error_occurred_during_login",
                messageMap,
                UtilHttp.getLocale(request));
        request.setAttribute("_ERROR_MESSAGE_", errMsg);
      } catch (IllegalAccessException e) {
        Debug.logError(e, "Error calling userLogin service", module);
        Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
        String errMsg =
            UtilProperties.getMessage(
                resourceWebapp,
                "loginevents.following_error_occurred_during_login",
                messageMap,
                UtilHttp.getLocale(request));
        request.setAttribute("_ERROR_MESSAGE_", errMsg);
      } catch (NamingException e) {
        Debug.logError(e, "Error calling userLogin service", module);
        Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
        String errMsg =
            UtilProperties.getMessage(
                resourceWebapp,
                "loginevents.following_error_occurred_during_login",
                messageMap,
                UtilHttp.getLocale(request));
        request.setAttribute("_ERROR_MESSAGE_", errMsg);
      } catch (Exception e) {
        Debug.logError(e, "Error calling userLogin service", module);
        Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
        String errMsg =
            UtilProperties.getMessage(
                resourceWebapp,
                "loginevents.following_error_occurred_during_login",
                messageMap,
                UtilHttp.getLocale(request));
        request.setAttribute("_ERROR_MESSAGE_", errMsg);
      }
    }

    if (result.equals("error")) {
      boolean useOFBizLoginWhenFail =
          Boolean.getBoolean(
              UtilXml.childElementValue(rootElement, "UseOFBizLoginWhenLDAPFail", "false"));
      if (useOFBizLoginWhenFail) {
        return LoginWorker.login(request, response);
      }
    }
    return result;
  }