LoginPage.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.wicket.security.examples.secureform.pages;

import org.apache.wicket.Application;
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.markup.html.form.CheckBox;
import org.apache.wicket.markup.html.form.FormComponent;
import org.apache.wicket.markup.html.form.PasswordTextField;
import org.apache.wicket.markup.html.form.StatelessForm;
import org.apache.wicket.markup.html.form.TextField;
import org.apache.wicket.markup.html.panel.FeedbackPanel;
import org.apache.wicket.model.CompoundPropertyModel;
import org.apache.wicket.model.PropertyModel;
import org.apache.wicket.security.WaspSession;
import org.apache.wicket.security.authentication.LoginException;
import org.apache.wicket.security.examples.secureform.MyLoginContext;
import org.apache.wicket.util.value.ValueMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * primary loginpage uses username and password.
 * 
 * @author marrink
 * @author Olger Warnier
 */
public class LoginPage extends WebPage
{
	private static final long serialVersionUID = 1L;

	private static final Logger log = LoggerFactory.getLogger(LoginPage.class);

	private static MyLoginContext loggedInUser;

	/**
	 * Constructor.
	 */
	public LoginPage()
	{
		// stateless so the login page will not throw a timeout exception
		// note that is only a hint we need to have stateless components on the
		// page for this to work, like a statelessform
		setStatelessHint(true);
		add(new FeedbackPanel("feedback")
		{
			private static final long serialVersionUID = 1L;

			/**
			 * @see org.apache.wicket.Component#isVisible()
			 */
			@Override
			public boolean isVisible()
			{
				return anyMessage();
			}
		});

		add(new SignInForm("signInForm")
		{
			private static final long serialVersionUID = 1L;

			@Override
			public boolean signIn(String username, String password)
			{
				WaspSession secureSession = (WaspSession) getSession();

				if (secureSession.isUserAuthenticated() && getLoggedInUser() != null)
				{
					secureSession.logoff(getLoggedInUser());
					secureSession.invalidateNow();
				}

				MyLoginContext userContext = new MyLoginContext(username, password);

				try
				{
					secureSession.login(userContext);
					setLoggedInUser(userContext);
				}
				catch (LoginException e)
				{
					log.error("Could not login " + username, e);
					error(getLocalizer().getString("exception.login", this, e.getMessage()));
					return false;
				}
				return true;
			}
		}).setOutputMarkupId(false);

	}

	private static void setLoggedInUser(MyLoginContext user)
	{
		loggedInUser = user;

	}

	private static MyLoginContext getLoggedInUser()
	{
		return loggedInUser;
	}

	public abstract class SignInForm extends StatelessForm<ValueMap>
	{
		private static final long serialVersionUID = 1L;

		/**
		 * remember username
		 */
		private boolean rememberMe = true;

		/**
		 * Constructor.
		 * 
		 * @param id
		 *            id of the form component
		 */
		public SignInForm(final String id)
		{
			// sets a compound model on this form, every component without an
			// explicit model will use this model too
			super(id, new CompoundPropertyModel<ValueMap>(new ValueMap()));

			// only remember username, not passwords
			add(new TextField<String>("username").setPersistent(rememberMe)
				.setOutputMarkupId(false));
			add(new PasswordTextField("password").setOutputMarkupId(false));
			add(new CheckBox("rememberMe", new PropertyModel<Boolean>(this, "rememberMe")));
		}

		/**
		 * 
		 * @see org.apache.wicket.Component#getMarkupId()
		 */
		@Override
		public String getMarkupId()
		{
			// fix javascript id
			return getId();
		}

		/**
		 * 
		 * @see org.apache.wicket.markup.html.form.Form#onSubmit()
		 */
		@Override
		public final void onSubmit()
		{
			if (!rememberMe)
			{
				// delete persistent data
				getPage().removePersistedFormData(SignInForm.class, true);
			}

			ValueMap values = getModelObject();
			String username = values.getString("username");
			String password = values.getString("password");

			if (signIn(username, password))
			{
				// continue or homepage?
				if (!getPage().continueToOriginalDestination())
				{
					setResponsePage(Application.get().getHomePage());
				}
			}
			else
			{
				// Try the component based localizer first. If not found try the
				// application localizer. Else use the default
				error(getLocalizer().getString("exception.login", this,
					"Illegal username password combo"));
			}
		}

		/**
		 * @return true if formdata should be made persistent (cookie) for later logins.
		 */
		public boolean getRememberMe()
		{
			return rememberMe;
		}

		/**
		 * Remember form values for later logins?.
		 * 
		 * @param rememberMe
		 *            true if formdata should be remembered
		 */
		public void setRememberMe(boolean rememberMe)
		{
			this.rememberMe = rememberMe;
			((FormComponent< ? >) get("username")).setPersistent(rememberMe);
		}

		/**
		 * Implement this method in your extension class in order to actually login a
		 * user.
		 * 
		 * @param username
		 * @param password
		 * @return true for a succesfull login, false for a failed login
		 */
		public abstract boolean signIn(String username, String password);
	}

}