package it.valueteam.dbcgo.action; import it.valueteam.dbcgo.actionform.LoginActionForm; import it.valueteam.dbcgo.business.MenuProfiloBusiness; import it.valueteam.dbcgo.common.ActionLogMapping; import it.valueteam.dbcgo.common.IniFile; import it.valueteam.dbcgo.common.Keys; import it.valueteam.dbcgo.common.MenuNode; import it.valueteam.dbcgo.common.User; import it.valueteam.dbcgo.common.Util; import it.valueteam.logging.Azione; import it.valueteam.logging.SessionInfo; import it.valueteam.logging.Tracer; import java.net.InetAddress; import java.util.Iterator; import java.util.List; import java.util.Vector; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import mnp.crontab.ejb.LoginBeanDTO; import mnp.crontab.objects.ui.LoginRetCodeIF; import org.apache.log4j.Logger; import org.apache.struts.action.Action; import org.apache.struts.action.ActionForm; import org.apache.struts.action.ActionForward; import org.apache.struts.action.ActionMapping; import org.apache.struts.action.ActionMessage; import org.apache.struts.action.ActionMessages; import org.apache.struts.util.MessageResources; public class LoginAction extends Action { static Logger log = Logger.getLogger(LoginAction.class.getName()); IniFile iniFile; public LoginAction() { } public ActionForward execute(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest servletRequest, HttpServletResponse servletResponse) { //INIT LoginActionForm af = (LoginActionForm) actionForm; //LOGIN if (actionMapping.getParameter().equals("login")) return doLogin(af, actionMapping, servletRequest); //SETCLIENTINFO if (actionMapping.getParameter().equals("setClientInfo")) return doSetClientInfo(af, actionMapping, servletRequest); //LOGOUT else if (actionMapping.getParameter().equals("logout")) return doLogout(af, actionMapping, servletRequest); //logLoginAction(servletRequest, null, af.getUsername(), "", false); return actionMapping.findForward("success"); } private ActionForward doLogin(LoginActionForm af, ActionMapping am, HttpServletRequest request) { log.info("doLogin"); String forward = "failed"; //Security log String profiloUtente = ""; ActionMessages msg = new ActionMessages(); User user = null; String usernameLog ="Utente="; SessionInfo sessionInfo = null; try { sessionInfo = new SessionInfo( InetAddress.getLocalHost().getHostAddress(), InetAddress.getLocalHost().getHostName(), null, ActionLogMapping.LOG_CLIENT_APP_NAME, null, null, null, null, request.getRemoteAddr() ); //get header params //header could be null --> Exception String headerParamUser=null; String headerParamProfile=null; try{ headerParamUser=request.getHeader(Util.getAppProperty("pcs.header.param.user", this.getServlet().getServletContext())); log.debug("headerParamUser "+headerParamUser); headerParamProfile=request.getHeader(Util.getAppProperty("pcs.header.param.profile", this.getServlet().getServletContext())); log.debug("headerParamProfile "+headerParamProfile); //Mock per sviluppo //TODO ABILITARE SOLO PER SVILUPPO if(headerParamUser==null) { String userMockSviluppo=getUserMockSviluppo(request); headerParamUser=userMockSviluppo; headerParamProfile=userMockSviluppo; } } catch(Exception e){ log.info(e,e); e.printStackTrace(); } //if some param not set -- > error page if(headerParamUser==null || headerParamUser.trim().length() == 0 || headerParamProfile==null || headerParamProfile.trim().length() == 0) msg.add("error", new ActionMessage("errors.login.noheaderparams")); else { user = new User(headerParamUser, headerParamProfile, request.getSession()); usernameLog+=headerParamUser; sessionInfo = user.getSessionInfo(); String ipAddress = request.getRemoteAddr(); log.debug("username: " + headerParamUser); log.debug("profile: " + headerParamProfile); log.debug("ip: " + ipAddress); // stacco la dipendenza dall'ejb di mnp LoginBeanDTO loginBeanDTO = user.login(headerParamUser, headerParamProfile, ipAddress, false, af.getClientIPAddress(), af.getClientHostname(), af.getClientUsername()); if (loginBeanDTO.getProfilo() != null) profiloUtente = loginBeanDTO.getProfilo(); int loginCode = loginBeanDTO.getRetCode(); log.debug("login ret code: " + loginCode); //check error code switch (loginCode) { case LoginRetCodeIF.PROFILO_KO: msg.add("error", new ActionMessage("errors.login.profileko")); break; case LoginRetCodeIF.LOGIN_OK: forward = "success"; break; default: msg.add("error", new ActionMessage("errors.generic")); } } MessageResources mr = this.getResources(request); if ("failed".equals(forward)) { this.saveErrors(request, msg); Iterator it = msg.get(); while (it.hasNext()) { log.error(mr.getMessage( ( (ActionMessage) it.next()).getKey())); } //log Login failed Azione azione = new Azione(ActionLogMapping.Login, null, ActionLogMapping.LOG_RESULT_CODE_DETAIL_KO, usernameLog, ActionLogMapping.LOG_RESULT_CODE_KO); Tracer.log(sessionInfo, azione); } else { //creazione menu //cablo //String profilo = "GG"; List listaItemMenu = MenuProfiloBusiness.creaMenu(headerParamProfile); request.getSession().setAttribute("listaItemMenu", listaItemMenu); List listaItemFunzioniProfilo = MenuProfiloBusiness.caricaFunzioni(headerParamProfile); request.getSession().setAttribute("listaFunzioniItemMenu", listaItemFunzioniProfilo); //creazione menu /*List l = new Vector(0); for (int i = 0; i < Keys.MENU.length; i++) { l.add(Keys.MENU[i]); } MenuNode menuNode = new MenuNode(); menuNode.getFromList(l, 0, 4, 0, ""); menuNode.setVisibility(user); String menuStr = menuNode.getHTML("menu", 1, mr); //log.debug("menuStr "+ menuStr); request.getSession().setAttribute(Keys.ATT_MENU_STRING, menuStr); */ //construct message page request.setAttribute(Keys.ATT_MSG_BUTTON,"on"); request.setAttribute(Keys.ATT_MSG_BUTTON_TYPE,Keys.ATT_MSG_BUTTON_TYPE_JS); request.setAttribute(Keys.ATT_MSG_CONFIRMACTION,"sendClientInfo()"); msg.add("warning", new ActionMessage("getclientinfo.msg")); } } catch (Exception e) { log.error(e, e); e.printStackTrace(); msg.add("error", new ActionMessage("errors.generic")); this.saveErrors(request, msg); //log Login failed Azione azione = new Azione(ActionLogMapping.Login, null, ActionLogMapping.LOG_RESULT_CODE_DETAIL_KO, usernameLog, ActionLogMapping.LOG_RESULT_CODE_KO); Tracer.log(sessionInfo, azione); return am.findForward("failed"); } //todo log Login success? //oppure log solo dopo setClientInfo? log.debug("forward to: " + forward); this.saveMessages(request, msg); return am.findForward(forward); } //TODO COMMENTARE METODO PER BYPASSARE HEADER SOLO PER SVILUPPO private String getUserMockSviluppo(HttpServletRequest request) { return request.getParameter("USER"); } private ActionForward doSetClientInfo(LoginActionForm af, ActionMapping am,HttpServletRequest request) { log.info("doSetClientInfo"); ActionMessages msg = new ActionMessages(); HttpSession s = request.getSession(); User user = (User) s.getAttribute(Keys.ATT_USER); String usernameLog = "Utente="+user.getName(); try { boolean isTL=Util.isTightLogin(this.getServlet().getServletContext()); log.debug("tight login: " + isTL); log.debug("client IP address: " + af.getClientIPAddress()); if (isTL && (af.getClientIPAddress() == null || af.getClientIPAddress().length() == 0)) { log.debug("any client info received"); msg.add("error", new ActionMessage("errors.login.wrongtightlogin")); this.saveErrors(request, msg); //log Login failed Azione azione = new Azione(ActionLogMapping.Login, null, ActionLogMapping.LOG_RESULT_CODE_DETAIL_KO, usernameLog, ActionLogMapping.LOG_RESULT_CODE_KO); Tracer.log(user.getSessionInfo(), azione); return am.findForward("failed"); } //update user info user.setClientInfo(af.getClientIPAddress(),af.getClientHostname(),af.getClientUsername(),request.getRemoteAddr()); //log Login success? Azione azione = new Azione(ActionLogMapping.Login, null, ActionLogMapping.LOG_RESULT_CODE_DETAIL_OK, usernameLog, ActionLogMapping.LOG_RESULT_CODE_OK); Tracer.log(user.getSessionInfo(), azione); return am.findForward("success"); } catch (Exception e) { log.error(e, e); e.printStackTrace(); msg.add("error", new ActionMessage("errors.generic")); this.saveErrors(request, msg); //log Login failed Azione azione = new Azione(ActionLogMapping.Login, null, ActionLogMapping.LOG_RESULT_CODE_DETAIL_KO, usernameLog, ActionLogMapping.LOG_RESULT_CODE_KO); Tracer.log(user.getSessionInfo(), azione); return am.findForward("failed"); } } private ActionForward doLogout(LoginActionForm af, ActionMapping am, HttpServletRequest request) { ActionMessages msg = new ActionMessages(); try { // CarloM - 20/09/2006 : eliminata la logout di user � gi� a carico del SessionManager // e lo stesso perde l'accesso allo user se viene effettuata prima // la logout! //User user = (User)request.getSession().getAttribute(Keys.ATT_USER); //user.logout(); request.getSession().invalidate(); //construct message page msg.add("warning", new ActionMessage("logout.msg")); this.saveMessages(request, msg); } catch (Exception e) { log.error(e, e); e.printStackTrace(); msg = new ActionMessages(); msg.add("error", new ActionMessage("errors.generic")); this.saveErrors(request, msg); } return am.findForward("success"); } private void creaMenu(String profilo){ } }