[ofbiz-framework] branch trunk updated: Improved: Enforce noninstantiability to LoginWorker class. (#175)
Locked
 
|
This is an automated email from the ASF dual-hosted git repository.
surajk pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git The following commit(s) were added to refs/heads/trunk by this push: new c00e61a Improved: Enforce noninstantiability to LoginWorker class. (#175) c00e61a is described below commit c00e61aa1804988d3153c3a5debab2d421d85567 Author: Suraj Khurana <[hidden email]> AuthorDate: Sun Jun 7 10:55:06 2020 +0530 Improved: Enforce noninstantiability to LoginWorker class. (#175) (OFBIZ-11747) Made class as final, added private constructor and made static variables as private. --- .../apache/ofbiz/webapp/control/LoginWorker.java | 67 +++++++++++----------- 1 file changed, 32 insertions(+), 35 deletions(-) diff --git a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java index c4c1db9..7e7ecd0 100644 --- a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java +++ b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java @@ -91,25 +91,22 @@ import org.apache.ofbiz.widget.model.ThemeFactory; /** * Common Workers */ -public class LoginWorker { +public final class LoginWorker { - public final static String MODULE = LoginWorker.class.getName(); - public static final String resourceWebapp = "SecurityextUiLabels"; + private static final String MODULE = LoginWorker.class.getName(); + private static final String RESOURCE = "SecurityextUiLabels"; + private static final String SEC_PROPERTIES = "security.properties"; + private static final String KEY_VALUE = UtilProperties.getPropertyValue(SEC_PROPERTIES, "login.secret_key_string"); + private static final WebAppCache WEBAPPS = WebAppCache.getShared(); - public static final String X509_CERT_ATTR = "SSLx509Cert"; - public static final String securityProperties = "security.properties"; - - private static final String keyValue = UtilProperties.getPropertyValue(securityProperties, "login.secret_key_string"); - private static final WebAppCache webapps = WebAppCache.getShared(); + protected LoginWorker() { } public static StringWrapper makeLoginUrl(PageContext pageContext) { return makeLoginUrl(pageContext, "checkLogin"); } - public static StringWrapper makeLoginUrl(HttpServletRequest request) { return makeLoginUrl(request, "checkLogin"); } - public static StringWrapper makeLoginUrl(PageContext pageContext, String requestName) { return makeLoginUrl((HttpServletRequest) pageContext.getRequest(), requestName); } @@ -260,7 +257,7 @@ public class LoginWorker { } HashMap<String, Object> messageMap = new HashMap<>(); messageMap.putAll(userLoginHistory.getAllFields()); - String errMsg = UtilProperties.getMessage(resourceWebapp, "loginevents.impersonation_in_process", messageMap, UtilHttp.getLocale(request)); + String errMsg = UtilProperties.getMessage(RESOURCE, "loginevents.impersonation_in_process", messageMap, UtilHttp.getLocale(request)); errorMessageList.add(errMsg); } return userLoginHistory; @@ -417,7 +414,7 @@ public class LoginWorker { if(entityDeCrypto != null && "true".equals(forgotPwdFlag)) { try { - Object decryptedPwd = entityDeCrypto.decrypt(keyValue, ModelField.EncryptMethod.TRUE, password); + Object decryptedPwd = entityDeCrypto.decrypt(KEY_VALUE, ModelField.EncryptMethod.TRUE, password); password = decryptedPwd.toString(); } catch (GeneralException e) { Debug.logError(e, "Current Password Decryption failed", MODULE); @@ -441,10 +438,10 @@ public class LoginWorker { List<String> unpwErrMsgList = new LinkedList<>(); if (UtilValidate.isEmpty(username)) { - unpwErrMsgList.add(UtilProperties.getMessage(resourceWebapp, "loginevents.username_was_empty_reenter", UtilHttp.getLocale(request))); + unpwErrMsgList.add(UtilProperties.getMessage(RESOURCE, "loginevents.username_was_empty_reenter", UtilHttp.getLocale(request))); } if (UtilValidate.isEmpty(password) && UtilValidate.isEmpty(token)) { - unpwErrMsgList.add(UtilProperties.getMessage(resourceWebapp, "loginevents.password_was_empty_reenter", UtilHttp.getLocale(request))); + unpwErrMsgList.add(UtilProperties.getMessage(RESOURCE, "loginevents.password_was_empty_reenter", UtilHttp.getLocale(request))); } boolean requirePasswordChange = "Y".equals(request.getParameter("requirePasswordChange")); if (!unpwErrMsgList.isEmpty()) { @@ -483,7 +480,7 @@ public class LoginWorker { } catch (NullPointerException e) { Debug.logError(e, "Error getting tenant delegator", MODULE); Map<String, String> messageMap = UtilMisc.toMap("errorMessage", "Tenant [" + tenantId + "] not found..."); - String errMsg = UtilProperties.getMessage(resourceWebapp, "loginevents.following_error_occurred_during_login", messageMap, UtilHttp.getLocale(request)); + String errMsg = UtilProperties.getMessage(RESOURCE, "loginevents.following_error_occurred_during_login", messageMap, UtilHttp.getLocale(request)); request.setAttribute("_ERROR_MESSAGE_", errMsg); return "error"; } @@ -504,7 +501,7 @@ public class LoginWorker { } catch (NullPointerException e) { Debug.logError(e, "Error getting default delegator", MODULE); Map<String, String> messageMap = UtilMisc.toMap("errorMessage", "Error getting default delegator"); - String errMsg = UtilProperties.getMessage(resourceWebapp, "loginevents.following_error_occurred_during_login", messageMap, UtilHttp.getLocale(request)); + String errMsg = UtilProperties.getMessage(RESOURCE, "loginevents.following_error_occurred_during_login", messageMap, UtilHttp.getLocale(request)); request.setAttribute("_ERROR_MESSAGE_", errMsg); return "error"; } @@ -525,7 +522,7 @@ public class LoginWorker { } catch (GenericServiceException e) { Debug.logError(e, "Error calling userLogin service", MODULE); Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage()); - String errMsg = UtilProperties.getMessage(resourceWebapp, "loginevents.following_error_occurred_during_login", messageMap, UtilHttp.getLocale(request)); + String errMsg = UtilProperties.getMessage(RESOURCE, "loginevents.following_error_occurred_during_login", messageMap, UtilHttp.getLocale(request)); request.setAttribute("_ERROR_MESSAGE_", errMsg); return "error"; } @@ -548,7 +545,7 @@ public class LoginWorker { } catch (GenericServiceException e) { Debug.logError(e, "Error calling updatePassword service", MODULE); Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage()); - String errMsg = UtilProperties.getMessage(resourceWebapp, "loginevents.following_error_occurred_during_login", messageMap, UtilHttp.getLocale(request)); + String errMsg = UtilProperties.getMessage(RESOURCE, "loginevents.following_error_occurred_during_login", messageMap, UtilHttp.getLocale(request)); request.setAttribute("_ERROR_MESSAGE_", errMsg); return "requirePasswordChange"; } @@ -556,7 +553,7 @@ public class LoginWorker { String errorMessage = (String) resultPasswordChange.get(ModelService.ERROR_MESSAGE); if (UtilValidate.isNotEmpty(errorMessage)) { Map<String, String> messageMap = UtilMisc.toMap("errorMessage", errorMessage); - String errMsg = UtilProperties.getMessage(resourceWebapp, "loginevents.following_error_occurred_during_login", messageMap, UtilHttp.getLocale(request)); + String errMsg = UtilProperties.getMessage(RESOURCE, "loginevents.following_error_occurred_during_login", messageMap, UtilHttp.getLocale(request)); request.setAttribute("_ERROR_MESSAGE_", errMsg); } request.setAttribute("_ERROR_MESSAGE_LIST_", resultPasswordChange.get(ModelService.ERROR_MESSAGE_LIST)); @@ -568,7 +565,7 @@ public class LoginWorker { catch (GenericEntityException e) { Debug.logError(e, "Error refreshing userLogin value", MODULE); Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage()); - String errMsg = UtilProperties.getMessage(resourceWebapp, "loginevents.following_error_occurred_during_login", messageMap, UtilHttp.getLocale(request)); + String errMsg = UtilProperties.getMessage(RESOURCE, "loginevents.following_error_occurred_during_login", messageMap, UtilHttp.getLocale(request)); request.setAttribute("_ERROR_MESSAGE_", errMsg); return "requirePasswordChange"; } @@ -605,7 +602,7 @@ public class LoginWorker { return doMainLogin(request, response, userLogin, userLoginSession); } else { Map<String, String> messageMap = UtilMisc.toMap("errorMessage", (String) result.get(ModelService.ERROR_MESSAGE)); - String errMsg = UtilProperties.getMessage(resourceWebapp, "loginevents.following_error_occurred_during_login", messageMap, UtilHttp.getLocale(request)); + String errMsg = UtilProperties.getMessage(RESOURCE, "loginevents.following_error_occurred_during_login", messageMap, UtilHttp.getLocale(request)); request.setAttribute("_ERROR_MESSAGE_", errMsg); return requirePasswordChange ? "requirePasswordChange" : "error"; } @@ -627,7 +624,7 @@ public class LoginWorker { LocalDispatcher dispatcher; if (UtilProperties.getPropertyAsBoolean("security","security.disable.impersonation", true)) { - String errMsg = UtilProperties.getMessage(resourceWebapp, "loginevents.impersonation_disabled", UtilHttp.getLocale(request)); + String errMsg = UtilProperties.getMessage(RESOURCE, "loginevents.impersonation_disabled", UtilHttp.getLocale(request)); request.setAttribute("_ERROR_MESSAGE_", errMsg); return "error"; } @@ -635,23 +632,23 @@ public class LoginWorker { //Check if user has impersonate permission Security security = (Security) request.getAttribute("security"); if (!security.hasEntityPermission("IMPERSONATE", "_ADMIN", userLogin)) { - String errMsg = UtilProperties.getMessage(resourceWebapp, "loginevents.unable_to_login_this_application", UtilHttp.getLocale(request)); + String errMsg = UtilProperties.getMessage(RESOURCE, "loginevents.unable_to_login_this_application", UtilHttp.getLocale(request)); request.setAttribute("_ERROR_MESSAGE_", errMsg); return "error"; } List<String> errMsgList = new LinkedList<>(); if (UtilValidate.isNotEmpty(session.getAttribute("originUserLogin"))) { - errMsgList.add(UtilProperties.getMessage(resourceWebapp, "loginevents.origin_username_is_present", UtilHttp.getLocale(request))); + errMsgList.add(UtilProperties.getMessage(RESOURCE, "loginevents.origin_username_is_present", UtilHttp.getLocale(request))); } if (UtilValidate.isEmpty(userLoginIdToImpersonate)) { - errMsgList.add(UtilProperties.getMessage(resourceWebapp, "loginevents.username_was_empty_reenter", UtilHttp.getLocale(request))); + errMsgList.add(UtilProperties.getMessage(RESOURCE, "loginevents.username_was_empty_reenter", UtilHttp.getLocale(request))); } try { GenericValue userLoginToImpersonate = delegator.findOne("UserLogin", false, "userLoginId", userLoginIdToImpersonate); if (!hasBasePermission(userLoginToImpersonate, request)) { - errMsgList.add(UtilProperties.getMessage(resourceWebapp, "loginevents.unable_to_login_this_application", UtilHttp.getLocale(request))); + errMsgList.add(UtilProperties.getMessage(RESOURCE, "loginevents.unable_to_login_this_application", UtilHttp.getLocale(request))); } } catch (GenericEntityException e) { String errMsg ="Error impersonating the userLoginId" + userLoginIdToImpersonate; @@ -682,7 +679,7 @@ public class LoginWorker { } catch (GenericServiceException e) { Debug.logError(e, "Error calling userImpersonate service", MODULE); Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage()); - String errMsg = UtilProperties.getMessage(resourceWebapp, "loginevents.following_error_occurred_during_login", messageMap, UtilHttp.getLocale(request)); + String errMsg = UtilProperties.getMessage(RESOURCE, "loginevents.following_error_occurred_during_login", messageMap, UtilHttp.getLocale(request)); request.setAttribute("_ERROR_MESSAGE_", errMsg); return "error"; } @@ -711,7 +708,7 @@ public class LoginWorker { return doMainLogin(request, response, userLogin, userLoginSession); } else { Map<String, String> messageMap = UtilMisc.toMap("errorMessage", result.get(ModelService.ERROR_MESSAGE)); - String errMsg = UtilProperties.getMessage(resourceWebapp, "loginevents.following_error_occurred_during_login", messageMap, UtilHttp.getLocale(request)); + String errMsg = UtilProperties.getMessage(RESOURCE, "loginevents.following_error_occurred_during_login", messageMap, UtilHttp.getLocale(request)); request.setAttribute("_ERROR_MESSAGE_", errMsg); return "error"; } @@ -732,7 +729,7 @@ public class LoginWorker { List<String> errMsgList = new LinkedList<>(); if (null == originUserLogin) { - errMsgList.add(UtilProperties.getMessage(resourceWebapp, "loginevents.username_was_empty_reenter", UtilHttp.getLocale(request))); + errMsgList.add(UtilProperties.getMessage(RESOURCE, "loginevents.username_was_empty_reenter", UtilHttp.getLocale(request))); } if (!errMsgList.isEmpty()) { request.setAttribute("_ERROR_MESSAGE_LIST_", errMsgList); @@ -748,7 +745,7 @@ public class LoginWorker { try { //check impersonation process existence to avoid depersonation abuse if (EntityQuery.use(originUserLogin.getDelegator()).from("UserLoginHistory").where(conditions).queryCount() == 0) { - String errMsg = UtilProperties.getMessage(resourceWebapp, "loginevents.impersonate_NotInProcess", UtilHttp.getLocale(request)); + String errMsg = UtilProperties.getMessage(RESOURCE, "loginevents.impersonate_NotInProcess", UtilHttp.getLocale(request)); request.setAttribute("_ERROR_MESSAGE_", errMsg); return "error"; } @@ -800,7 +797,7 @@ public class LoginWorker { if (userLogin != null && hasBasePermission(userLogin, request)) { doBasicLogin(userLogin, request); } else { - String errMsg = UtilProperties.getMessage(resourceWebapp, "loginevents.unable_to_login_this_application", UtilHttp.getLocale(request)); + String errMsg = UtilProperties.getMessage(RESOURCE, "loginevents.unable_to_login_this_application", UtilHttp.getLocale(request)); request.setAttribute("_ERROR_MESSAGE_", errMsg); return "error"; } @@ -952,7 +949,7 @@ public class LoginWorker { GenericValue userLogin = (GenericValue) session.getAttribute("userLogin"); String serverId = (String) request.getServletContext().getAttribute("_serverId"); String applicationName = UtilHttp.getApplicationName(request); - Optional<WebappInfo> webappInfo = webapps.getWebappInfo(serverId, applicationName); + Optional<WebappInfo> webappInfo = WEBAPPS.getWebappInfo(serverId, applicationName); if (userLogin != null && // When using an empty mountpoint, ie using root as mountpoint. Beware: works only for 1 webapp! @@ -1396,7 +1393,7 @@ public class LoginWorker { * user is authorized to access */ public static Collection<ComponentConfig.WebappInfo> getAppBarWebInfos(Security security, GenericValue userLogin, String serverName, String menuName) { - Collection<ComponentConfig.WebappInfo> allInfos = webapps.getAppBarWebInfos(serverName, menuName); + Collection<ComponentConfig.WebappInfo> allInfos = WEBAPPS.getAppBarWebInfos(serverName, menuName); Collection<ComponentConfig.WebappInfo> allowedInfos = new ArrayList<>(allInfos.size()); for (ComponentConfig.WebappInfo info : allInfos) { if (hasApplicationPermission(info, security, userLogin)) { @@ -1451,12 +1448,12 @@ public class LoginWorker { if (now.after(startNotificationFromDate)) { if (now.after(passwordExpirationDate)) { Map<String, String> messageMap = UtilMisc.toMap("passwordExpirationDate", passwordExpirationDate.toString()); - String errMsg = UtilProperties.getMessage(resourceWebapp, "loginevents.password_expired_message", messageMap, UtilHttp.getLocale(request)); + String errMsg = UtilProperties.getMessage(RESOURCE, "loginevents.password_expired_message", messageMap, UtilHttp.getLocale(request)); request.setAttribute("_ERROR_MESSAGE_", errMsg); return "requirePasswordChange"; } else { Map<String, String> messageMap = UtilMisc.toMap("passwordExpirationDate", passwordExpirationDate.toString()); - String errMsg = UtilProperties.getMessage(resourceWebapp, "loginevents.password_expiration_alert", messageMap, UtilHttp.getLocale(request)); + String errMsg = UtilProperties.getMessage(RESOURCE, "loginevents.password_expiration_alert", messageMap, UtilHttp.getLocale(request)); request.setAttribute("_EVENT_MESSAGE_", errMsg); return "success"; } |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |