LoginAction.java

/**
 * Copyright (c) 2009--2014 Red Hat, Inc.
 *
 * This software is licensed to you under the GNU General Public License,
 * version 2 (GPLv2). There is NO WARRANTY for this software, express or
 * implied, including the implied warranties of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
 * along with this software; if not, see
 * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
 *
 * Red Hat trademarks are not licensed under GPLv2. No permission is
 * granted to use or replicate Red Hat trademarks that are incorporated
 * in this software or its documentation.
 */
package com.redhat.rhn.frontend.action;

import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.struts.action.ActionErrors;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.action.ActionMessage;
import org.apache.struts.action.ActionMessages;
import org.apache.struts.action.DynaActionForm;

import com.redhat.rhn.domain.user.User;
import com.redhat.rhn.frontend.struts.RhnAction;
import com.redhat.rhn.frontend.struts.RhnValidationHelper;
import com.redhat.rhn.manager.user.UserManager;

/**
 * LoginAction
 */
public class LoginAction extends RhnAction {

    private static Logger log = Logger.getLogger(LoginAction.class);
    public static final String DEFAULT_URL_BOUNCE = "/rhn/YourRhn.do";

    /** {@inheritDoc} */
    @Override
    public ActionForward execute(ActionMapping mapping,
            ActionForm form, HttpServletRequest request,
            HttpServletResponse response) {

        ActionForward ret = null;
        DynaActionForm f = (DynaActionForm)form;

        // Validate the form
        ActionErrors errors = RhnValidationHelper.validateDynaActionForm(this, f);
        if (!errors.isEmpty()) {
            addErrors(request, errors);
            return mapping.findForward("failure");
        }

        ActionMessages messages = new ActionMessages();
        User user = LoginHelper.checkExternalAuthentication(request, messages, errors);
        // save stores msgs into the session (works for redirect)
        saveMessages(request, messages);
        addErrors(request, errors);
        errors.clear();

        // External-auth didn't return a user - try local-auth
        if (user == null) {
            user = loginUser(f.getString("username"), f.getString("password"),
                    request, response, errors);
            if (errors.isEmpty()) {
                // No errors, log success
                log.info("LOCAL AUTH SUCCESS: [" + user.getLogin() + "]");
            }
            else {
                // Errors, log failure
                log.info("LOCAL AUTH FAILURE: [" + f.getString("username") + "]");
            }
        }
        // External-auth returned a user and no errors
        else if (errors.isEmpty()) {
            log.info("EXTERNAL AUTH SUCCESS: [" + user.getLogin() + "]");
        }

        if (errors.isEmpty()) {
            LoginHelper.successfulLogin(request, response, user);
        }
        else {
            addErrors(request, errors);

            ret = mapping.findForward("failure");
        }

        return ret;
    }

    /**
     * update url_bounce
     * @param urlBounce url_bounce
     * @param requestMethod request method
     * @return updated url_bounce
     */
    public static String updateUrlBounce(String urlBounce, String requestMethod) {
        if (StringUtils.isBlank(urlBounce)) {
            urlBounce = DEFAULT_URL_BOUNCE;
        }
        else {
            String urlBounceTrimmed = urlBounce.trim();
            if (urlBounceTrimmed.equals("/rhn/") ||
                    urlBounceTrimmed.endsWith("Logout.do") ||
                    !urlBounceTrimmed.startsWith("/")) {
                urlBounce = DEFAULT_URL_BOUNCE;
            }
        }
        if (requestMethod != null && requestMethod.equals("POST")) {
            urlBounce = DEFAULT_URL_BOUNCE;
        }
        return urlBounce;
    }

    /**
     * Log a user into the site and create the user's session.
     * @param username User's login name.
     * @param password User's unencrypted password.
     * @param request HttpServletRequest for this action.
     * @param response HttpServletResponse for this action.
     * @return Any action error messages that may have occurred.
     */
    private User loginUser(String username,
                                   String password,
                                   HttpServletRequest request,
                                   HttpServletResponse response,
                                   ActionErrors e) {

        User user = null;

        try {
            user = UserManager.loginUser(username, password);
        }
        catch (LoginException ex) {
            e.add(ActionMessages.GLOBAL_MESSAGE,
                    new ActionMessage(ex.getMessage()));
        }

        return user;
    }
}