svn commit: r431021 - in /incubator/ofbiz/trunk: applications/accounting/webapp
Locked
svn commit: r431021 - in /incubator/ofbiz/trunk: applications/accounting/webapp
 
|
Author: jonesde
Date: Sat Aug 12 05:12:18 2006 New Revision: 431021 URL: http://svn.apache.org/viewvc?rev=431021&view=rev Log: Moved the more core login methods from LoginEvents to LoginWorker as they don't depend on the applications stuff but are used by the framework stuff; also updated various text references to the new locations Modified: incubator/ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/controller.xml incubator/ofbiz/trunk/applications/content/webapp/content/WEB-INF/controller.xml incubator/ofbiz/trunk/applications/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml incubator/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/WEB-INF/controller.xml incubator/ofbiz/trunk/applications/manufacturing/webapp/manufacturing/WEB-INF/controller.xml incubator/ofbiz/trunk/applications/marketing/webapp/marketing/WEB-INF/controller.xml incubator/ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/controller.xml incubator/ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/controller.xml incubator/ofbiz/trunk/applications/product/webapp/catalog/WEB-INF/controller.xml incubator/ofbiz/trunk/applications/product/webapp/facility/WEB-INF/controller.xml incubator/ofbiz/trunk/applications/securityext/config/SecurityextUiLabels.properties incubator/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java incubator/ofbiz/trunk/applications/workeffort/webapp/workeffort/WEB-INF/controller.xml incubator/ofbiz/trunk/framework/example/webapp/example/WEB-INF/controller.xml incubator/ofbiz/trunk/framework/shark/webapp/shark/WEB-INF/controller.xml incubator/ofbiz/trunk/framework/webapp/config/WebappUiLabels.properties incubator/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java incubator/ofbiz/trunk/framework/webtools/webapp/webtools/WEB-INF/controller.xml Modified: incubator/ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/controller.xml URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/controller.xml?rev=431021&r1=431020&r2=431021&view=diff ============================================================================== --- incubator/ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/controller.xml (original) +++ incubator/ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/controller.xml Sat Aug 12 05:12:18 2006 @@ -40,7 +40,7 @@ <preprocessor> <!-- Events to run on every request before security (chains exempt) --> <!-- <event type="java" path="org.ofbiz.webapp.event.TestEvent" invoke="test"/> --> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkExternalLoginKey"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkExternalLoginKey"/> </preprocessor> <postprocessor> <!-- Events to run on every request after all other processing (chains exempt) --> @@ -51,21 +51,21 @@ <request-map uri="checkLogin" edit="false"> <description>Verify a user is logged in.</description> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkLogin" /> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkLogin" /> <response name="success" type="view" value="main" /> <response name="error" type="view" value="login" /> </request-map> <request-map uri="login"> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="login"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="login"/> <response name="success" type="view" value="main"/> <response name="error" type="view" value="login"/> </request-map> <request-map uri="logout"> <security https="true" auth="true"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="logout"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="logout"/> <response name="success" type="request" value="checkLogin"/> <response name="error" type="view" value="main"/> </request-map> Modified: incubator/ofbiz/trunk/applications/content/webapp/content/WEB-INF/controller.xml URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/content/webapp/content/WEB-INF/controller.xml?rev=431021&r1=431020&r2=431021&view=diff ============================================================================== --- incubator/ofbiz/trunk/applications/content/webapp/content/WEB-INF/controller.xml (original) +++ incubator/ofbiz/trunk/applications/content/webapp/content/WEB-INF/controller.xml Sat Aug 12 05:12:18 2006 @@ -36,7 +36,7 @@ <preprocessor> <!-- Events to run on every request before security (chains exempt) --> <!-- <event type="java" path="org.ofbiz.webapp.event.TestEvent" invoke="test"/> --> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkExternalLoginKey"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkExternalLoginKey"/> </preprocessor> <postprocessor> <!-- Events to run on every request after all other processing (chains exempt) --> @@ -47,21 +47,21 @@ <request-map uri="checkLogin" edit="false"> <description>Verify a user is logged in.</description> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkLogin" /> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkLogin" /> <response name="success" type="view" value="main" /> <response name="error" type="view" value="login" /> </request-map> <request-map uri="login"> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="login"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="login"/> <response name="success" type="request" value="checkLogin"/> <response name="error" type="view" value="login"/> </request-map> <request-map uri="logout"> <security https="true" auth="true"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="logout"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="logout"/> <response name="success" type="request" value="checkLogin"/> <response name="error" type="view" value="main"/> </request-map> Modified: incubator/ofbiz/trunk/applications/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml?rev=431021&r1=431020&r2=431021&view=diff ============================================================================== --- incubator/ofbiz/trunk/applications/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml (original) +++ incubator/ofbiz/trunk/applications/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml Sat Aug 12 05:12:18 2006 @@ -388,8 +388,8 @@ <!-- now finished, log in the user and set the cart's partyId to that of the newly created customer ... --> <if-compare field-name="allowPassword" operator="equals" value="Y"> <call-bsh><![CDATA[ - org.ofbiz.securityext.login.LoginEvents.doBasicLogin(createdUserLogin, request); - org.ofbiz.securityext.login.LoginEvents.autoLoginSet(request, response); + org.ofbiz.webapp.control.LoginWorker.doBasicLogin(createdUserLogin, request); + org.ofbiz.webapp.control.LoginWorker.autoLoginSet(request, response); session = request.getSession(); cart = session.getAttribute("shoppingCart"); if (cart != null) { Modified: incubator/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/WEB-INF/controller.xml URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/WEB-INF/controller.xml?rev=431021&r1=431020&r2=431021&view=diff ============================================================================== --- incubator/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/WEB-INF/controller.xml (original) +++ incubator/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/WEB-INF/controller.xml Sat Aug 12 05:12:18 2006 @@ -35,7 +35,7 @@ <!-- Events run from here for the first hit in a visit --> <firstvisit> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="autoLoginCheck"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="autoLoginCheck"/> <event type="java" path="org.ofbiz.marketing.tracking.TrackingCodeEvents" invoke="checkTrackingCodeCookies"/> <event type="java" path="org.ofbiz.product.product.ProductEvents" invoke="setDefaultStoreSettings"/> </firstvisit> @@ -43,7 +43,7 @@ <!-- Events to run on every request before security (chains exempt) --> <preprocessor> <!-- This event allows affilate/distributor entry on any page --> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkExternalLoginKey"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkExternalLoginKey"/> <event type="java" path="org.ofbiz.ecommerce.misc.ThirdPartyEvents" invoke="setAssociationId"/> <event type="java" path="org.ofbiz.marketing.tracking.TrackingCodeEvents" invoke="checkTrackingCodeUrlParam"/> <event type="java" path="org.ofbiz.marketing.tracking.TrackingCodeEvents" invoke="checkPartnerTrackingCodeUrlParam"/> @@ -83,13 +83,13 @@ </request-map> <request-map uri="logout"> <security https="true" auth="true"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="logout"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="logout"/> <response name="success" type="request" value="checkLogin"/> <response name="error" type="view" value="main"/> </request-map> <request-map uri="autoLogout"> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="autoLoginRemove"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="autoLoginRemove"/> <response name="success" type="request" value="checkLogin"/> <response name="error" type="view" value="main"/> </request-map> Modified: incubator/ofbiz/trunk/applications/manufacturing/webapp/manufacturing/WEB-INF/controller.xml URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/manufacturing/webapp/manufacturing/WEB-INF/controller.xml?rev=431021&r1=431020&r2=431021&view=diff ============================================================================== --- incubator/ofbiz/trunk/applications/manufacturing/webapp/manufacturing/WEB-INF/controller.xml (original) +++ incubator/ofbiz/trunk/applications/manufacturing/webapp/manufacturing/WEB-INF/controller.xml Sat Aug 12 05:12:18 2006 @@ -42,7 +42,7 @@ <preprocessor> <!-- Events to run on every request before security (chains exempt) --> <!-- <event type="java" path="org.ofbiz.webapp.event.TestEvent" invoke="test"/> --> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkExternalLoginKey"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkExternalLoginKey"/> </preprocessor> <postprocessor> <!-- Events to run on every request after all other processing (chains exempt) --> @@ -53,21 +53,21 @@ <request-map uri="checkLogin" edit="false"> <description>Verify a user is logged in.</description> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkLogin" /> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkLogin" /> <response name="success" type="view" value="main" /> <response name="error" type="view" value="login" /> </request-map> <request-map uri="login"> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="login"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="login"/> <response name="success" type="view" value="main"/> <response name="error" type="view" value="login"/> </request-map> <request-map uri="logout"> <security https="true" auth="true"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="logout"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="logout"/> <response name="success" type="request" value="checkLogin"/> <response name="error" type="view" value="main"/> </request-map> Modified: incubator/ofbiz/trunk/applications/marketing/webapp/marketing/WEB-INF/controller.xml URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/marketing/webapp/marketing/WEB-INF/controller.xml?rev=431021&r1=431020&r2=431021&view=diff ============================================================================== --- incubator/ofbiz/trunk/applications/marketing/webapp/marketing/WEB-INF/controller.xml (original) +++ incubator/ofbiz/trunk/applications/marketing/webapp/marketing/WEB-INF/controller.xml Sat Aug 12 05:12:18 2006 @@ -37,7 +37,7 @@ <preprocessor> <!-- Events to run on every request before security (chains exempt) --> <!-- <event type="java" path="org.ofbiz.webapp.event.TestEvent" invoke="test"/> --> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkExternalLoginKey"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkExternalLoginKey"/> </preprocessor> <postprocessor> <!-- Events to run on every request after all other processing (chains exempt) --> @@ -48,7 +48,7 @@ <request-map uri="checkLogin" edit="false"> <description>Verify a user is logged in.</description> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkLogin" /> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkLogin" /> <response name="success" type="view" value="main" /> <response name="error" type="view" value="login" /> </request-map> @@ -60,14 +60,14 @@ <request-map uri="login"> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="login"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="login"/> <response name="success" type="view" value="main"/> <response name="error" type="view" value="login"/> </request-map> <request-map uri="logout"> <security https="true" auth="true"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="logout"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="logout"/> <response name="success" type="request" value="checkLogin"/> <response name="error" type="view" value="main"/> </request-map> Modified: incubator/ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/controller.xml URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/controller.xml?rev=431021&r1=431020&r2=431021&view=diff ============================================================================== --- incubator/ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/controller.xml (original) +++ incubator/ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/controller.xml Sat Aug 12 05:12:18 2006 @@ -43,7 +43,7 @@ <preprocessor> <!-- Events to run on every request before security (chains exempt) --> <!-- <event type="java" path="org.ofbiz.webapp.event.TestEvent" invoke="test"/> --> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkExternalLoginKey"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkExternalLoginKey"/> </preprocessor> <postprocessor> <!-- Events to run on every request after all other processing (chains exempt) --> @@ -54,21 +54,21 @@ <request-map uri="checkLogin" edit="false"> <description>Verify a user is logged in.</description> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkLogin" /> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkLogin" /> <response name="success" type="view" value="main" /> <response name="error" type="view" value="login" /> </request-map> <request-map uri="login"> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="login"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="login"/> <response name="success" type="view" value="main"/> <response name="error" type="view" value="login"/> </request-map> <request-map uri="logout"> <security https="true" auth="true"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="logout"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="logout"/> <response name="success" type="request" value="checkLogin"/> <response name="error" type="view" value="main"/> </request-map> Modified: incubator/ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/controller.xml URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/controller.xml?rev=431021&r1=431020&r2=431021&view=diff ============================================================================== --- incubator/ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/controller.xml (original) +++ incubator/ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/controller.xml Sat Aug 12 05:12:18 2006 @@ -36,7 +36,7 @@ <preprocessor> <!-- Events to run on every request before security (chains exempt) --> <!-- <event type="java" path="org.ofbiz.webapp.event.TestEvent" invoke="test"/> --> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkExternalLoginKey"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkExternalLoginKey"/> </preprocessor> <postprocessor> <!-- Events to run on every request after all other processing (chains exempt) --> @@ -47,21 +47,21 @@ <request-map uri="checkLogin" edit="false"> <description>Verify a user is logged in.</description> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkLogin" /> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkLogin" /> <response name="success" type="view" value="main" /> <response name="error" type="view" value="login" /> </request-map> <request-map uri="login"> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="login"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="login"/> <response name="success" type="view" value="main"/> <response name="error" type="view" value="login"/> </request-map> <request-map uri="logout"> <security https="true" auth="true"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="logout"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="logout"/> <response name="success" type="request" value="checkLogin"/> <response name="error" type="view" value="main"/> </request-map> Modified: incubator/ofbiz/trunk/applications/product/webapp/catalog/WEB-INF/controller.xml URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/product/webapp/catalog/WEB-INF/controller.xml?rev=431021&r1=431020&r2=431021&view=diff ============================================================================== --- incubator/ofbiz/trunk/applications/product/webapp/catalog/WEB-INF/controller.xml (original) +++ incubator/ofbiz/trunk/applications/product/webapp/catalog/WEB-INF/controller.xml Sat Aug 12 05:12:18 2006 @@ -41,7 +41,7 @@ <preprocessor> <!-- Events to run on every request before security (chains exempt) --> <!-- <event type="java" path="org.ofbiz.webapp.event.TestEvent" invoke="test"/> --> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkExternalLoginKey"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkExternalLoginKey"/> </preprocessor> <postprocessor> <!-- Events to run on every request after all other processing (chains exempt) --> @@ -52,21 +52,21 @@ <request-map uri="checkLogin" edit="false"> <description>Verify a user is logged in.</description> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkLogin" /> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkLogin" /> <response name="success" type="view" value="main" /> <response name="error" type="view" value="login" /> </request-map> <request-map uri="login"> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="login"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="login"/> <response name="success" type="view" value="main"/> <response name="error" type="view" value="login"/> </request-map> <request-map uri="logout"> <security https="true" auth="true"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="logout"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="logout"/> <response name="success" type="request" value="checkLogin"/> <response name="error" type="view" value="main"/> </request-map> Modified: incubator/ofbiz/trunk/applications/product/webapp/facility/WEB-INF/controller.xml URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/product/webapp/facility/WEB-INF/controller.xml?rev=431021&r1=431020&r2=431021&view=diff ============================================================================== --- incubator/ofbiz/trunk/applications/product/webapp/facility/WEB-INF/controller.xml (original) +++ incubator/ofbiz/trunk/applications/product/webapp/facility/WEB-INF/controller.xml Sat Aug 12 05:12:18 2006 @@ -39,7 +39,7 @@ <preprocessor> <!-- Events to run on every request before security (chains exempt) --> <!-- <event type="java" path="org.ofbiz.webapp.event.TestEvent" invoke="test"/> --> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkExternalLoginKey"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkExternalLoginKey"/> </preprocessor> <postprocessor> <!-- Events to run on every request after all other processing (chains exempt) --> @@ -50,21 +50,21 @@ <request-map uri="checkLogin" edit="false"> <description>Verify a user is logged in.</description> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkLogin" /> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkLogin" /> <response name="success" type="view" value="main" /> <response name="error" type="view" value="login" /> </request-map> <request-map uri="login"> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="login"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="login"/> <response name="success" type="request" value="checkLogin"/> <response name="error" type="view" value="login"/> </request-map> <request-map uri="logout"> <security https="true" auth="true"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="logout"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="logout"/> <response name="success" type="request" value="checkLogin"/> <response name="error" type="view" value="main"/> </request-map> Modified: incubator/ofbiz/trunk/applications/securityext/config/SecurityextUiLabels.properties URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/securityext/config/SecurityextUiLabels.properties?rev=431021&r1=431020&r2=431021&view=diff ============================================================================== --- incubator/ofbiz/trunk/applications/securityext/config/SecurityextUiLabels.properties (original) +++ incubator/ofbiz/trunk/applications/securityext/config/SecurityextUiLabels.properties Sat Aug 12 05:12:18 2006 @@ -1,5 +1,4 @@ ##################################################################### -# # Copyright 2001-2006 The Apache Software Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); you may not @@ -48,11 +47,6 @@ loginevents.user_already_logged_in=This user is already logged in. -# ${errorMessage} = Error Description -loginevents.following_error_occurred_during_login=The following error occurred during login: ${errorMessage} -loginevents.unable_to_login_this_application=Login for this application couldn't be completed (required permissions missing). -loginevents.username_was_empty_reenter=The Username was empty, please re-enter. -loginevents.password_was_empty_reenter=The Password was empty, please re-enter. loginevents.username_not_found_reenter=The Username was not found, please re-enter. loginevents.no_password_hint_specified_try_password_emailed=No password hint was specified, try having the password emailed instead. # ${passwordHint} = Hint for specifying given password Modified: incubator/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java?rev=431021&r1=431020&r2=431021&view=diff ============================================================================== --- incubator/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java (original) +++ incubator/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java Sat Aug 12 05:12:18 2006 @@ -17,19 +17,14 @@ package org.ofbiz.securityext.login; import java.util.Iterator; -import java.util.List; import java.util.Map; -import javax.servlet.ServletContext; -import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import javolution.util.FastList; import javolution.util.FastMap; -import org.ofbiz.base.component.ComponentConfig; import org.ofbiz.base.util.Debug; import org.ofbiz.base.util.UtilFormatOut; import org.ofbiz.base.util.UtilHttp; @@ -42,23 +37,13 @@ import org.ofbiz.party.contact.ContactHelper; import org.ofbiz.product.product.ProductEvents; import org.ofbiz.product.store.ProductStoreWorker; -import org.ofbiz.security.Security; import org.ofbiz.service.GenericServiceException; import org.ofbiz.service.LocalDispatcher; import org.ofbiz.service.ModelService; import org.ofbiz.webapp.control.LoginWorker; -import org.ofbiz.webapp.control.RequestHandler; -import org.ofbiz.webapp.stats.VisitHandler; /** * LoginEvents - Events for UserLogin and Security handling. - * - * @author <a href="mailto:[hidden email]">Andy Zeneski</a> - * @author <a href="mailto:[hidden email]">David E. Jones</a> - * @author <a href="">Dustin Caldwell</a> - * @author <a href="mailto:[hidden email]">Tom Herrick</a> - * @version $Rev$ - * @since 2.0 */ public class LoginEvents { @@ -103,240 +88,6 @@ } /** - * An HTTP WebEvent handler that checks to see is a userLogin is logged in. - * If not, the user is forwarded to the login page. - * - * @param request The HTTP request object for the current JSP or Servlet request. - * @param response The HTTP response object for the current JSP or Servlet request. - * @return String - */ - public static String checkLogin(HttpServletRequest request, HttpServletResponse response) { - GenericValue userLogin = (GenericValue) request.getSession().getAttribute("userLogin"); - HttpSession session = request.getSession(); - - // anonymous shoppers are not logged in - if (userLogin != null && "anonymous".equals(userLogin.getString("userLoginId"))) { - userLogin = null; - } - - // user is logged in; check to see if they have globally logged out if not - // check if they have permission for this login attempt; if not log them out - if (userLogin != null) { - if (!hasBasePermission(userLogin, request) || isFlaggedLoggedOut(userLogin)) { - Debug.logInfo("User does not have permission or is flagged as logged out", module); - doBasicLogout(userLogin, request); - userLogin = null; - - // have to reget this because the old session object will be invalid - session = request.getSession(); - } - } - - String username = null; - String password = null; - - if (userLogin == null) { - // check parameters - if (username == null) username = request.getParameter("USERNAME"); - if (password == null) password = request.getParameter("PASSWORD"); - // check session attributes - if (username == null) username = (String) session.getAttribute("USERNAME"); - if (password == null) password = (String) session.getAttribute("PASSWORD"); - - if ((username != null) && ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "username.lowercase")))) { - username = username.toLowerCase(); - } - if ((password != null) && ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "password.lowercase")))) { - password = password.toLowerCase(); - } - - // in this condition log them in if not already; if not logged in or can't log in, save parameters and return error - if ((username == null) || (password == null) || ("error".equals(login(request, response)))) { - Map reqParams = UtilHttp.getParameterMap(request); - String queryString = UtilHttp.urlEncodeArgs(reqParams); - Debug.logInfo("reqParams Map: " + reqParams, module); - Debug.logInfo("queryString: " + queryString, module); - - session.setAttribute("_PREVIOUS_REQUEST_", request.getPathInfo()); - if (queryString != null && queryString.length() > 0) { - session.setAttribute("_PREVIOUS_PARAMS_", queryString); - } - - if (Debug.infoOn()) Debug.logInfo("checkLogin: queryString=" + queryString, module); - if (Debug.infoOn()) Debug.logInfo("checkLogin: PathInfo=" + request.getPathInfo(), module); - - return "error"; - } - } - - return "success"; - } - - /** - * An HTTP WebEvent handler that logs in a userLogin. This should run before the security check. - * - * @param request The HTTP request object for the current JSP or Servlet request. - * @param response The HTTP response object for the current JSP or Servlet request. - * @return Return a boolean which specifies whether or not the calling Servlet or - * JSP should generate its own content. This allows an event to override the default content. - */ - public static String login(HttpServletRequest request, HttpServletResponse response) { - HttpSession session = request.getSession(); - - String username = request.getParameter("USERNAME"); - String password = request.getParameter("PASSWORD"); - - if (username == null) username = (String) session.getAttribute("USERNAME"); - if (password == null) password = (String) session.getAttribute("PASSWORD"); - - // allow a username and/or password in a request attribute to override the request parameter or the session attribute; this way a preprocessor can play with these a bit... - if (UtilValidate.isNotEmpty((String) request.getAttribute("USERNAME"))) { - username = (String) request.getAttribute("USERNAME"); - } - if (UtilValidate.isNotEmpty((String) request.getAttribute("PASSWORD"))) { - password = (String) request.getAttribute("PASSWORD"); - } - - List unpwErrMsgList = FastList.newInstance(); - if (UtilValidate.isEmpty(username)) { - unpwErrMsgList.add(UtilProperties.getMessage(resource, "loginevents.username_was_empty_reenter", UtilHttp.getLocale(request))); - } - if (UtilValidate.isEmpty(password)) { - unpwErrMsgList.add(UtilProperties.getMessage(resource, "loginevents.password_was_empty_reenter", UtilHttp.getLocale(request))); - } - if (!unpwErrMsgList.isEmpty()) { - request.setAttribute("_ERROR_MESSAGE_LIST_", unpwErrMsgList); - return "error"; - } - - - if ((username != null) && ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "username.lowercase")))) { - username = username.toLowerCase(); - } - if ((password != null) && ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "password.lowercase")))) { - password = password.toLowerCase(); - } - - // get the visit id to pass to the userLogin for history - String visitId = VisitHandler.getVisitId(session); - - LocalDispatcher dispatcher = (LocalDispatcher) request.getAttribute("dispatcher"); - Map result = null; - - try { - result = dispatcher.runSync("userLogin", UtilMisc.toMap("login.username", username, "login.password", password, "visitId", visitId, "locale", UtilHttp.getLocale(request))); - } catch (GenericServiceException e) { - Debug.logError(e, "Error calling userLogin service", module); - Map messageMap = UtilMisc.toMap("errorMessage", e.getMessage()); - String errMsg = UtilProperties.getMessage(resource, "loginevents.following_error_occurred_during_login", messageMap, UtilHttp.getLocale(request)); - request.setAttribute("_ERROR_MESSAGE_", errMsg); - return "error"; - } - - if (ModelService.RESPOND_SUCCESS.equals(result.get(ModelService.RESPONSE_MESSAGE))) { - GenericValue userLogin = (GenericValue) result.get("userLogin"); - Map userLoginSession = (Map) result.get("userLoginSession"); - - if (userLogin != null && hasBasePermission(userLogin, request)) { - doBasicLogin(userLogin, request); - } else { - String errMsg = UtilProperties.getMessage(resource, "loginevents.unable_to_login_this_application", UtilHttp.getLocale(request)); - request.setAttribute("_ERROR_MESSAGE_", errMsg); - return "error"; - } - - if (userLoginSession != null) { - session.setAttribute("userLoginSession", userLoginSession); - } - } else { - Map messageMap = UtilMisc.toMap("errorMessage", (String) result.get(ModelService.ERROR_MESSAGE)); - String errMsg = UtilProperties.getMessage(resource, "loginevents.following_error_occurred_during_login", messageMap, UtilHttp.getLocale(request)); - request.setAttribute("_ERROR_MESSAGE_", errMsg); - return "error"; - } - - request.setAttribute("_LOGIN_PASSED_", "TRUE"); - - // run the after-login events - RequestHandler rh = RequestHandler.getRequestHandler(request.getSession().getServletContext()); - rh.runAfterLoginEvents(request, response); - - // make sure the autoUserLogin is set to the same and that the client cookie has the correct userLoginId - return autoLoginSet(request, response); - } - - public static void doBasicLogin(GenericValue userLogin, HttpServletRequest request) { - HttpSession session = request.getSession(); - session.setAttribute("userLogin", userLogin); - - try { - GenericValue person = userLogin.getRelatedOne("Person"); - GenericValue partyGroup = userLogin.getRelatedOne("PartyGroup"); - if (person != null) session.setAttribute("person", person); - if (partyGroup != null) session.setAttribute("partyGroup", partyGroup); - } catch (GenericEntityException e) { - Debug.logError(e, "Error getting person/partyGroup info for session, ignoring...", module); - } - - // let the visit know who the user is - VisitHandler.setUserLogin(session, userLogin, false); - } - - /** - * An HTTP WebEvent handler that logs out a userLogin by clearing the session. - * - * @param request The HTTP request object for the current request. - * @param response The HTTP response object for the current request. - * @return Return a boolean which specifies whether or not the calling request - * should generate its own content. This allows an event to override the default content. - */ - public static String logout(HttpServletRequest request, HttpServletResponse response) { - // run the before-logout events - RequestHandler rh = RequestHandler.getRequestHandler(request.getSession().getServletContext()); - rh.runBeforeLogoutEvents(request, response); - - - // invalidate the security group list cache - GenericValue userLogin = (GenericValue) request.getSession().getAttribute("userLogin"); - - doBasicLogout(userLogin, request); - - if (request.getAttribute("_AUTO_LOGIN_LOGOUT_") == null) { - return autoLoginCheck(request, response); - } - return "success"; - } - - public static void doBasicLogout(GenericValue userLogin, HttpServletRequest request) { - HttpSession session = request.getSession(); - - GenericDelegator delegator = (GenericDelegator) request.getAttribute("delegator"); - Security security = (Security) request.getAttribute("security"); - - if (security != null && userLogin != null) { - Security.userLoginSecurityGroupByUserLoginId.remove(userLogin.getString("userLoginId")); - } - - // set the logged out flag - LoginWorker.setLoggedOut(userLogin.getString("userLoginId"), delegator); - - // this is a setting we don't want to lose, although it would be good to have a more general solution here... - String currCatalog = (String) session.getAttribute("CURRENT_CATALOG_ID"); - // also make sure the delegatorName is preserved, especially so that a new Visit can be created - String delegatorName = (String) session.getAttribute("delegatorName"); - // also save the shopping cart if we have one - // DON'T save the cart, causes too many problems: security issues with things done in cart to easy to miss, especially bad on public systems; was put in here because of the "not me" link for auto-login stuff, but that is a small problem compared to what it causes - //ShoppingCart shoppingCart = (ShoppingCart) session.getAttribute("shoppingCart"); - - session.invalidate(); - session = request.getSession(true); - - if (currCatalog != null) session.setAttribute("CURRENT_CATALOG_ID", currCatalog); - if (delegatorName != null) session.setAttribute("delegatorName", delegatorName); - // DON'T save the cart, causes too many problems: if (shoppingCart != null) session.setAttribute("shoppingCart", new WebShoppingCart(shoppingCart, session)); - } - - /** * The user forgot his/her password. This will either call showPasswordHint or emailPassword. * * @param request The HTTPRequest object for the current request @@ -573,169 +324,8 @@ return "success"; } - protected static String getAutoLoginCookieName(HttpServletRequest request) { - return UtilHttp.getApplicationName(request) + ".autoUserLoginId"; - } - - public static String getAutoUserLoginId(HttpServletRequest request) { - String autoUserLoginId = null; - Cookie[] cookies = request.getCookies(); - if (Debug.verboseOn()) Debug.logVerbose("Cookies:" + cookies, module); - if (cookies != null) { - for (int i = 0; i < cookies.length; i++) { - if (cookies[i].getName().equals(getAutoLoginCookieName(request))) { - autoUserLoginId = cookies[i].getValue(); - break; - } - } - } - return autoUserLoginId; - } - - public static String autoLoginCheck(HttpServletRequest request, HttpServletResponse response) { - GenericDelegator delegator = (GenericDelegator) request.getAttribute("delegator"); - HttpSession session = request.getSession(); - - return autoLoginCheck(delegator, session, getAutoUserLoginId(request)); - } - - private static String autoLoginCheck(GenericDelegator delegator, HttpSession session, String autoUserLoginId) { - if (autoUserLoginId != null) { - Debug.logInfo("Running autoLogin check.", module); - try { - GenericValue autoUserLogin = delegator.findByPrimaryKey("UserLogin", UtilMisc.toMap("userLoginId", autoUserLoginId)); - GenericValue person = null; - GenericValue group = null; - if (autoUserLogin != null) { - person = delegator.findByPrimaryKey("Person", UtilMisc.toMap("partyId", autoUserLogin.getString("partyId"))); - group = delegator.findByPrimaryKey("PartyGroup", UtilMisc.toMap("partyId", autoUserLogin.getString("partyId"))); - session.setAttribute("autoUserLogin", autoUserLogin); - } - if (person != null) { - session.setAttribute("autoName", person.getString("firstName") + " " + person.getString("lastName")); - } else if (group != null) { - session.setAttribute("autoName", group.getString("groupName")); - } - } catch (GenericEntityException e) { - Debug.logError(e, "Cannot get autoUserLogin information: " + e.getMessage(), module); - } - } - return "success"; - } - - public static String autoLoginSet(HttpServletRequest request, HttpServletResponse response) { - GenericDelegator delegator = (GenericDelegator) request.getAttribute("delegator"); - HttpSession session = request.getSession(); - GenericValue userLogin = (GenericValue) session.getAttribute("userLogin"); - if (userLogin != null) { - Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId")); - autoLoginCookie.setMaxAge(60 * 60 * 24 * 365); - autoLoginCookie.setPath("/"); - response.addCookie(autoLoginCookie); - return autoLoginCheck(delegator, session, userLogin.getString("userLoginId")); - } else { - return "success"; - } - } - - public static String autoLoginRemove(HttpServletRequest request, HttpServletResponse response) { - HttpSession session = request.getSession(); - GenericValue userLogin = (GenericValue) session.getAttribute("autoUserLogin"); - - // remove the cookie - if (userLogin != null) { - Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId")); - autoLoginCookie.setMaxAge(0); - autoLoginCookie.setPath("/"); - response.addCookie(autoLoginCookie); - } - // remove the session attributes - session.removeAttribute("autoUserLogin"); - session.removeAttribute("autoName"); - // logout the user if logged in. - if (session.getAttribute("userLogin") != null) { - request.setAttribute("_AUTO_LOGIN_LOGOUT_", new Boolean(true)); - return logout(request, response); - } - return "success"; - } - - public static String checkExternalLoginKey(HttpServletRequest request, HttpServletResponse response) { - HttpSession session = request.getSession(); - - String externalKey = request.getParameter(LoginWorker.EXTERNAL_LOGIN_KEY_ATTR); - if (externalKey == null) return "success"; - - GenericValue userLogin = (GenericValue) LoginWorker.externalLoginKeys.get(externalKey); - if (userLogin != null) { - // found userLogin, do the external login... - - // if the user is already logged in and the login is different, logout the other user - GenericValue currentUserLogin = (GenericValue) session.getAttribute("userLogin"); - if (currentUserLogin != null) { - if (currentUserLogin.getString("userLoginId").equals(userLogin.getString("userLoginId"))) { - // is the same user, just carry on... - return "success"; - } - - // logout the current user and login the new user... - logout(request, response); - // ignore the return value; even if the operation failed we want to set the new UserLogin - } - - doBasicLogin(userLogin, request); - } else { - Debug.logWarning("Could not find userLogin for external login key: " + externalKey, module); - } - - return "success"; - } - - public static boolean isFlaggedLoggedOut(GenericValue userLogin) { - if ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "login.disable.global.logout"))) { - return false; - } - if (userLogin == null || userLogin.get("userLoginId") == null) { - return true; - } - // refresh the login object -- maybe cache this? - try { - userLogin.refreshFromCache(); - } catch (GenericEntityException e) { - Debug.logWarning(e, "Unable to refresh UserLogin", module); - } - return (userLogin.get("hasLoggedOut") != null ? - "Y".equalsIgnoreCase(userLogin.getString("hasLoggedOut")) : false); - } - - protected static boolean hasBasePermission(GenericValue userLogin, HttpServletRequest request) { - ServletContext context = (ServletContext) request.getAttribute("servletContext"); - Security security = (Security) request.getAttribute("security"); - - String serverId = (String) context.getAttribute("_serverId"); - String contextPath = request.getContextPath(); - - ComponentConfig.WebappInfo info = ComponentConfig.getWebAppInfo(serverId, contextPath); - if (security != null) { - if (info != null) { - String[] permissions = info.getBasePermission(); - for (int i = 0; i < permissions.length; i++) { - if (!"NONE".equals(permissions[i]) && !security.hasEntityPermission(permissions[i], "_VIEW", userLogin)) { - return false; - } - } - } else { - Debug.logInfo("No webapp configuration found for : " + serverId + " / " + contextPath, module); - } - } else { - Debug.logWarning("Received a null Security object from HttpServletRequest", module); - } - - return true; - } - public static String storeCheckLogin(HttpServletRequest request, HttpServletResponse response) { - String responseString = LoginEvents.checkLogin(request, response); + String responseString = LoginWorker.checkLogin(request, response); if ("error".equals(responseString)) { return responseString; } @@ -744,7 +334,7 @@ } public static String storeLogin(HttpServletRequest request, HttpServletResponse response) { - String responseString = LoginEvents.login(request, response); + String responseString = LoginWorker.login(request, response); if ("error".equals(responseString)) { return responseString; } Modified: incubator/ofbiz/trunk/applications/workeffort/webapp/workeffort/WEB-INF/controller.xml URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/workeffort/webapp/workeffort/WEB-INF/controller.xml?rev=431021&r1=431020&r2=431021&view=diff ============================================================================== --- incubator/ofbiz/trunk/applications/workeffort/webapp/workeffort/WEB-INF/controller.xml (original) +++ incubator/ofbiz/trunk/applications/workeffort/webapp/workeffort/WEB-INF/controller.xml Sat Aug 12 05:12:18 2006 @@ -36,7 +36,7 @@ <preprocessor> <!-- Events to run on every request before security (chains exempt) --> <!-- <event type="java" path="org.ofbiz.webapp.event.TestEvent" invoke="test"/>--> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkExternalLoginKey"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkExternalLoginKey"/> </preprocessor> <postprocessor> <!-- Events to run on every request after all other processing (chains exempt) --> @@ -47,21 +47,21 @@ <request-map uri="checkLogin" edit="false"> <description>Verify a user is logged in.</description> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkLogin" /> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkLogin" /> <response name="success" type="view" value="main" /> <response name="error" type="view" value="login" /> </request-map> <request-map uri="login"> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="login"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="login"/> <response name="success" type="view" value="main"/> <response name="error" type="view" value="login"/> </request-map> <request-map uri="logout"> <security https="true" auth="true"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="logout"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="logout"/> <response name="success" type="request" value="checkLogin"/> <response name="error" type="view" value="main"/> </request-map> Modified: incubator/ofbiz/trunk/framework/example/webapp/example/WEB-INF/controller.xml URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/framework/example/webapp/example/WEB-INF/controller.xml?rev=431021&r1=431020&r2=431021&view=diff ============================================================================== --- incubator/ofbiz/trunk/framework/example/webapp/example/WEB-INF/controller.xml (original) +++ incubator/ofbiz/trunk/framework/example/webapp/example/WEB-INF/controller.xml Sat Aug 12 05:12:18 2006 @@ -44,7 +44,7 @@ <preprocessor> <!-- Events to run on every request before security (chains exempt) --> <!-- <event type="java" path="org.ofbiz.webapp.event.TestEvent" invoke="test"/> --> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkExternalLoginKey"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkExternalLoginKey"/> </preprocessor> <postprocessor> <!-- Events to run on every request after all other processing (chains exempt) --> @@ -55,19 +55,19 @@ <request-map uri="checkLogin" edit="false"> <description>Verify a user is logged in.</description> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkLogin" /> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkLogin" /> <response name="success" type="view" value="main"/> <response name="error" type="view" value="login"/> </request-map> <request-map uri="login"> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="login"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="login"/> <response name="success" type="view" value="main"/> <response name="error" type="view" value="login"/> </request-map> <request-map uri="logout"> <security https="true" auth="true"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="logout"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="logout"/> <response name="success" type="request" value="checkLogin"/> <response name="error" type="view" value="main"/> </request-map> Modified: incubator/ofbiz/trunk/framework/shark/webapp/shark/WEB-INF/controller.xml URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/framework/shark/webapp/shark/WEB-INF/controller.xml?rev=431021&r1=431020&r2=431021&view=diff ============================================================================== --- incubator/ofbiz/trunk/framework/shark/webapp/shark/WEB-INF/controller.xml (original) +++ incubator/ofbiz/trunk/framework/shark/webapp/shark/WEB-INF/controller.xml Sat Aug 12 05:12:18 2006 @@ -40,7 +40,7 @@ <preprocessor> <!-- Events to run on every request before security (chains exempt) --> <!-- <event type="java" path="org.ofbiz.webapp.event.TestEvent" invoke="test"/> --> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkExternalLoginKey"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkExternalLoginKey"/> </preprocessor> <postprocessor> <!-- Events to run on every request after all other processing (chains exempt) --> @@ -51,21 +51,21 @@ <request-map uri="checkLogin" edit="false"> <description>Verify a user is logged in.</description> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="checkLogin" /> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkLogin" /> <response name="success" type="view" value="main" /> <response name="error" type="view" value="login" /> </request-map> <request-map uri="login"> <security https="true" auth="false"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="login"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="login"/> <response name="success" type="view" value="main"/> <response name="error" type="view" value="login"/> </request-map> <request-map uri="logout"> <security https="true" auth="true"/> - <event type="java" path="org.ofbiz.securityext.login.LoginEvents" invoke="logout"/> + <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="logout"/> <response name="success" type="request" value="checkLogin"/> <response name="error" type="view" value="main"/> </request-map> Modified: incubator/ofbiz/trunk/framework/webapp/config/WebappUiLabels.properties URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/framework/webapp/config/WebappUiLabels.properties?rev=431021&r1=431020&r2=431021&view=diff ============================================================================== --- incubator/ofbiz/trunk/framework/webapp/config/WebappUiLabels.properties (original) +++ incubator/ofbiz/trunk/framework/webapp/config/WebappUiLabels.properties Sat Aug 12 05:12:18 2006 @@ -51,3 +51,10 @@ # SimpleEventHandler ################################################################## simpleEventHandler.event_not_completed=Could not complete event + + +loginevents.username_was_empty_reenter=The Username was empty, please re-enter. +loginevents.password_was_empty_reenter=The Password was empty, please re-enter. +# ${errorMessage} = Error Description +loginevents.following_error_occurred_during_login=The following error occurred during login: ${errorMessage} +loginevents.unable_to_login_this_application=Login for this application couldn't be completed (required permissions missing). Modified: incubator/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java?rev=431021&r1=431020&r2=431021&view=diff ============================================================================== --- incubator/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java (original) +++ incubator/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java Sat Aug 12 05:12:18 2006 @@ -17,33 +17,45 @@ import java.util.Enumeration; import java.util.HashMap; +import java.util.List; import java.util.Map; +import javax.servlet.ServletContext; import javax.servlet.ServletRequest; +import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import javax.servlet.jsp.PageContext; import javax.transaction.Transaction; +import javolution.util.FastList; + +import org.ofbiz.base.component.ComponentConfig; import org.ofbiz.base.util.Debug; import org.ofbiz.base.util.UtilFormatOut; +import org.ofbiz.base.util.UtilHttp; import org.ofbiz.base.util.UtilMisc; +import org.ofbiz.base.util.UtilProperties; +import org.ofbiz.base.util.UtilValidate; import org.ofbiz.entity.GenericDelegator; import org.ofbiz.entity.GenericEntityException; import org.ofbiz.entity.GenericValue; import org.ofbiz.entity.transaction.GenericTransactionException; import org.ofbiz.entity.transaction.TransactionUtil; +import org.ofbiz.security.Security; +import org.ofbiz.service.GenericServiceException; +import org.ofbiz.service.LocalDispatcher; +import org.ofbiz.service.ModelService; +import org.ofbiz.webapp.stats.VisitHandler; /** * Common Workers - * - * @author <a href="mailto:[hidden email]">David E. Jones</a> - * @version $Rev$ - * @since 2.0 */ public class LoginWorker { public final static String module = LoginWorker.class.getName(); + public static final String resourceWebapp = "WebappUiLabels"; public static final String EXTERNAL_LOGIN_KEY_ATTR = "externalLoginKey"; @@ -165,5 +177,400 @@ } } } + } + + /** + * An HTTP WebEvent handler that checks to see is a userLogin is logged in. + * If not, the user is forwarded to the login page. + * + * @param request The HTTP request object for the current JSP or Servlet request. + * @param response The HTTP response object for the current JSP or Servlet request. + * @return String + */ + public static String checkLogin(HttpServletRequest request, HttpServletResponse response) { + GenericValue userLogin = (GenericValue) request.getSession().getAttribute("userLogin"); + HttpSession session = request.getSession(); + + // anonymous shoppers are not logged in + if (userLogin != null && "anonymous".equals(userLogin.getString("userLoginId"))) { + userLogin = null; + } + + // user is logged in; check to see if they have globally logged out if not + // check if they have permission for this login attempt; if not log them out + if (userLogin != null) { + if (!hasBasePermission(userLogin, request) || isFlaggedLoggedOut(userLogin)) { + Debug.logInfo("User does not have permission or is flagged as logged out", module); + doBasicLogout(userLogin, request); + userLogin = null; + + // have to reget this because the old session object will be invalid + session = request.getSession(); + } + } + + String username = null; + String password = null; + + if (userLogin == null) { + // check parameters + if (username == null) username = request.getParameter("USERNAME"); + if (password == |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |