001    //$HeadURL: https://svn.wald.intevation.org/svn/deegree/base/branches/2.3_testing/src/org/deegree/portal/standard/security/control/LoginUserListener.java $
002    /*----------------------------------------------------------------------------
003     This file is part of deegree, http://deegree.org/
004     Copyright (C) 2001-2009 by:
005       Department of Geography, University of Bonn
006     and
007       lat/lon GmbH
008    
009     This library is free software; you can redistribute it and/or modify it under
010     the terms of the GNU Lesser General Public License as published by the Free
011     Software Foundation; either version 2.1 of the License, or (at your option)
012     any later version.
013     This library is distributed in the hope that it will be useful, but WITHOUT
014     ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015     FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016     details.
017     You should have received a copy of the GNU Lesser General Public License
018     along with this library; if not, write to the Free Software Foundation, Inc.,
019     59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020    
021     Contact information:
022    
023     lat/lon GmbH
024     Aennchenstr. 19, 53177 Bonn
025     Germany
026     http://lat-lon.de/
027    
028     Department of Geography, University of Bonn
029     Prof. Dr. Klaus Greve
030     Postfach 1147, 53001 Bonn
031     Germany
032     http://www.geographie.uni-bonn.de/deegree/
033    
034     e-mail: info@deegree.org
035    ----------------------------------------------------------------------------*/
036    package org.deegree.portal.standard.security.control;
037    
038    import javax.servlet.http.HttpServletRequest;
039    import javax.servlet.http.HttpSession;
040    
041    import org.deegree.enterprise.control.AbstractListener;
042    import org.deegree.enterprise.control.FormEvent;
043    import org.deegree.enterprise.control.RPCException;
044    import org.deegree.enterprise.control.RPCMethodCall;
045    import org.deegree.enterprise.control.RPCParameter;
046    import org.deegree.enterprise.control.RPCWebEvent;
047    import org.deegree.framework.log.ILogger;
048    import org.deegree.framework.log.LoggerFactory;
049    import org.deegree.i18n.Messages;
050    import org.deegree.security.drm.SecurityAccessManager;
051    import org.deegree.security.drm.UnknownException;
052    import org.deegree.security.drm.WrongCredentialsException;
053    import org.deegree.security.drm.model.User;
054    
055    /**
056     * This <code>Listener</code> reacts on RPC-LoginUser events, extracts the submitted username +
057     * password and tries to authenticate the user against the rights management subsystem.
058     *
059     * @author <a href="mschneider@lat-lon.de">Markus Schneider </a>
060     * @author last edited by: $Author: mschneider $
061     *
062     * @version $Revision: 18195 $, $Date: 2009-06-18 17:55:39 +0200 (Do, 18. Jun 2009) $
063     */
064    public class LoginUserListener extends AbstractListener {
065    
066        private static final ILogger LOG = LoggerFactory.getLogger( LoginUserListener.class );
067    
068        @Override
069        public void actionPerformed( FormEvent event ) {
070    
071            try {
072                RPCWebEvent ev = (RPCWebEvent) event;
073                RPCMethodCall rpcCall = ev.getRPCMethodCall();
074                RPCParameter[] params = rpcCall.getParameters();
075    
076                if ( params.length != 2 ) {
077                    throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_WRONG_PARAMS_NUM", "2" ) );
078                }
079                if ( params[0].getType() != String.class || params[1].getType() != String.class ) {
080                    throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_MISSING_STRING" ) );
081                }
082                String userName = (String) params[0].getValue();
083                String password = (String) params[1].getValue();
084    
085                // login user to SecurityAccessManager
086                SecurityAccessManager manager = SecurityAccessManager.getInstance();
087                User user = manager.getUserByName( userName );
088                user.authenticate( password );
089    
090                // set USERNAME and PASSWORD in HttpSession
091                HttpSession session = ( (HttpServletRequest) getRequest() ).getSession( true );
092                session.setAttribute( ClientHelper.KEY_USERNAME, userName );
093                session.setAttribute( ClientHelper.KEY_PASSWORD, password );
094            } catch ( UnknownException e ) {
095                getRequest().setAttribute( "SOURCE", this.getClass().getName() );
096                getRequest().setAttribute( "MESSAGE", Messages.getMessage( "IGEO_STD_SEC_WRONG_LOGIN" ) );
097                setNextPage( "index.jsp" );
098                LOG.logError( e.getMessage(), e );
099            } catch ( WrongCredentialsException e ) {
100                getRequest().setAttribute( "SOURCE", this.getClass().getName() );
101                getRequest().setAttribute( "MESSAGE", Messages.getMessage( "IGEO_STD_SEC_WRONG_LOGIN" ) );
102                setNextPage( "index.jsp" );
103                LOG.logError( e.getMessage(), e );
104            } catch ( Exception e ) {
105                getRequest().setAttribute( "SOURCE", this.getClass().getName() );
106                getRequest().setAttribute( "MESSAGE", Messages.getMessage( "IGEO_STD_SEC_FAIL_LOGIN", e.getMessage() ) );
107                setNextPage( "index.jsp" );
108                LOG.logError( e.getMessage(), e );
109            }
110        }
111    }