1/*2 * Copyright 2000-2001,2004 The Apache Software Foundation.3 * 4 * Licensed under the Apache License, Version 2.0 (the "License");5 * you may not use this file except in compliance with the License.6 * You may obtain a copy of the License at7 * 8 * http://www.apache.org/licenses/LICENSE-2.09 * 10 * Unless required by applicable law or agreed to in writing, software11 * distributed under the License is distributed on an "AS IS" BASIS,12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.13 * See the License for the specific language governing permissions and14 * limitations under the License.15 */1617packageorg.apache.jetspeed.modules.actions.portlets.security;
1819// java util20import java.io.StringWriter;
21import java.util.Date;
22import java.util.Locale;
23import java.util.Properties;
2425import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
26import org.apache.jetspeed.om.security.JetspeedUser;
27import org.apache.jetspeed.portal.portlets.VelocityPortlet;
28import org.apache.jetspeed.services.JetspeedSecurity;
29import org.apache.jetspeed.services.TemplateLocator;
30import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
31import org.apache.jetspeed.services.logging.JetspeedLogger;
32import org.apache.jetspeed.services.resources.JetspeedResources;
33import org.apache.jetspeed.services.security.NotUniqueUserException;
34import org.apache.turbine.services.resources.TurbineResources;
35import org.apache.turbine.services.velocity.TurbineVelocity;
36import org.apache.turbine.util.DynamicURI;
37import org.apache.turbine.util.RunData;
38import org.apache.turbine.util.StringUtils;
39import org.apache.turbine.util.mail.SimpleEmail;
40import org.apache.velocity.context.Context;
4142/***43 * This action sets up the template context for editing users in the Turbine database.44 *45 * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>46 * @author <a href="mailto:kimptoc_mail@yahoo.com">Chris Kimpton</a>47 * @author <a href="mailto:paulsp@apache.org">Paul Spencer</a>48 * @version $Id: UserUpdateAction.java,v 1.17 2004/03/31 04:49:10 morciuch Exp $49 */50publicclassUserUpdateActionextendsSecureVelocityPortletAction51 {
52privatestaticfinal String TEMP_USER = "tempUser";
5354/***55 * Static initialization of the logger for this class56 */57privatestaticfinalJetspeedLogger logger = JetspeedLogFactoryService.getLogger(UserUpdateAction.class.getName());
5859/***60 * Build the maximized state content for this portlet. (Same as normal state).61 *62 * @param portlet The velocity-based portlet that is being built.63 * @param context The velocity context for this request.64 * @param rundata The turbine rundata context for this request.65 */66protectedvoid buildMaximizedContext( VelocityPortlet portlet,
67 Context context,
68 RunData rundata )
69 {
70 buildNormalContext( portlet, context, rundata);
71 }
7273/***74 * Build the configure state content for this portlet.75 * TODO: we could configure this portlet with configurable skins, etc..76 *77 * @param portlet The velocity-based portlet that is being built.78 * @param context The velocity context for this request.79 * @param rundata The turbine rundata context for this request.80 */81protectedvoid buildConfigureContext( VelocityPortlet portlet,
82 Context context,
83 RunData rundata )
84 {
8586 buildNormalContext( portlet, context, rundata);
87 setTemplate(rundata, "user-form.vm");
88 }
8990/***91 * Build the normal state content for this portlet.92 *93 * @param portlet The velocity-based portlet that is being built.94 * @param context The velocity context for this request.95 * @param rundata The turbine rundata context for this request.96 */97protectedvoid buildNormalContext( VelocityPortlet portlet,
98 Context context,
99 RunData rundata )
100 {
101try102 {
103JetspeedUser user = null;
104/*105 * Grab the mode for the user form.106 */107 String mode = rundata.getParameters().getString(SecurityConstants.PARAM_MODE);
108109if (mode != null && (mode.equals(SecurityConstants.PARAM_MODE_UPDATE) ||
110 mode.equals(SecurityConstants.PARAM_MODE_DELETE)))
111 {
112// get the primary key and put the object in the context113 String username = rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID);
114 user = JetspeedSecurity.getUser(username);
115 context.put(SecurityConstants.CONTEXT_USER, user);
116 }
117118//119// if there was an error, display the message120//121 String msgid = rundata.getParameters().getString(SecurityConstants.PARAM_MSGID);
122if (msgid != null)
123 {
124int id = Integer.parseInt(msgid);
125if (id < SecurityConstants.MESSAGES.length)
126 context.put(SecurityConstants.PARAM_MSG, SecurityConstants.MESSAGES[id]);
127128// get the bad entered data and put it back for convenient update129JetspeedUser tempUser = (JetspeedUser)rundata.getUser().getTemp(TEMP_USER);
130if (tempUser != null)
131 context.put(SecurityConstants.CONTEXT_USER, tempUser);
132133 }
134135 context.put(SecurityConstants.PARAM_MODE, mode);
136137 }
138catch (Exception e)
139 {
140 logger.error("Error in Jetspeed User Security", e);
141 rundata.setMessage("Error in Jetspeed User Security: " + e.toString());
142 rundata.setStackTrace(StringUtils.stackTrace(e), e);
143 rundata.setScreenTemplate(JetspeedResources.getString("template.error","Error"));
144 }
145 }
146147/***148 * Database Insert Action for Users. Performs inserts into security database.149 *150 * @param rundata The turbine rundata context for this request.151 * @param context The velocity context for this request.152 */153publicvoid doInsert(RunData rundata, Context context)
154 throws Exception
155 {
156JetspeedUser user = null;
157try158 {
159//160// validate that its not an 'blank' rolename -- not allowed161//162 String name = rundata.getParameters().getString("username");
163if (name == null || name.trim().length() == 0)
164 {
165 DynamicURI duri = new DynamicURI (rundata);
166 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
167 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_INVALID_ENTITY_NAME);
168 rundata.setRedirectURI(duri.toString());
169// save values that user just entered so they don't have to re-enter170if (user != null)
171 rundata.getUser().setTemp(TEMP_USER, user);
172return;
173 }
174175176//177// create a new user178//179 user = JetspeedSecurity.getUserInstance();
180 rundata.getParameters().setProperties(user);
181182 String password = rundata.getParameters().getString("password");
183if (password == null)
184 password = "";
185186 user.setUserName(JetspeedSecurity.convertUserName(user.getUserName()));
187188 Date now = new Date();
189 user.setCreateDate(now);
190 user.setLastLogin(now);
191 user.setConfirmed(JetspeedResources.CONFIRM_VALUE);
192193 String disabled = rundata.getParameters().getString("disabled");
194 user.setDisabled( disabled != null );
195196//197// add the user198///199 user.setPassword(password);
200 JetspeedSecurity.addUser(user);
201 }
202catch (NotUniqueUserException e)
203 {
204// log the error msg205 logger.error("Exception", e);
206207//208// dup key found - display error message - bring back to same screen209//210 DynamicURI duri = new DynamicURI (rundata);
211 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
212 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_ENTITY_ALREADY_EXISTS);
213 rundata.setRedirectURI(duri.toString());
214// save values that user just entered so they don't have to re-enter215if (user != null)
216 rundata.getUser().setTemp(TEMP_USER, user);
217 }
218219 }
220221/***222 * Database Update Action for Users. Performs accepting of new users into security database.223 *224 * @param rundata The turbine rundata context for this request.225 * @param context The velocity context for this request.226 */227publicvoid doAccept(RunData rundata, Context context)
228 throws Exception
229 {
230JetspeedUser user = null;
231try232 {
233//234// get the user object from the selected entry in the browser235//236 user = (JetspeedUser)JetspeedSecurity.getUser(
237 rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID));
238239 user.setConfirmed(JetspeedResources.CONFIRM_VALUE);
240241//242// update the user in the database243//244 JetspeedSecurity.saveUser(user);
245246247//248// tell the user that they can now use jetspeed249//250251 DynamicURI url = new DynamicURI(rundata);
252253//build body via template254 StringWriter email_body = new StringWriter();
255 SimpleEmail se = new SimpleEmail();
256 Context emailContext = TurbineVelocity.getContext();
257 emailContext.put( "data", rundata );
258 emailContext.put( "user", user );
259 emailContext.put( "config",newJetspeedResources());
260 emailContext.put( "urltojetspeed",url);
261 emailContext.put( "email",se);
262263//determine the language to be used for the notification email264 String language = (String)user.getPerm("language",TurbineResources.getString("locale.default.language", "en"));
265 String country = (String)user.getPerm("country",TurbineResources.getString("locale.default.country", "US"));
266 Locale locale = new Locale(language,country);
267268 String templateFile = JetspeedResources.getString("newuser.approval.accept.template");
269 String templatePath = TemplateLocator.locateEmailTemplate(rundata, templateFile, locale );
270 TurbineVelocity.handleRequest(emailContext, templatePath, email_body);
271272 se.setMsg( email_body.toString() );
273274 Properties props = System.getProperties();
275 String mailServerMachine = JetspeedResources.getString( "mail.server" );
276 props.put ( "mail.host", mailServerMachine );
277 props.put("mail.smtp.host", mailServerMachine);
278279 se.send();
280281282 } catch (Exception e)
283 {
284// log the error msg285 logger.error("Exception", e);
286287//288// error on update - display error message289//290 DynamicURI duri = new DynamicURI (rundata);
291 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
292 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_UPDATE_FAILED);
293if (user != null)
294 duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
295 duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_UPDATE);
296 rundata.setRedirectURI(duri.toString());
297// save values that user just entered so they don't have to re-enter298if (user != null)
299 rundata.getUser().setTemp(TEMP_USER, user);
300 }
301 }
302303/***304 * Database Update Action for Users. Performs accepting of new users into security database.305 *306 * @param rundata The turbine rundata context for this request.307 * @param context The velocity context for this request.308 */309publicvoid doReject(RunData rundata, Context context)
310 throws Exception
311 {
312JetspeedUser user = null;
313try314 {
315//316// get the user object from the selected entry in the browser317//318 user = (JetspeedUser)JetspeedSecurity.getUser(
319 rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID));
320321 user.setConfirmed(JetspeedResources.CONFIRM_VALUE_REJECTED);
322323//324// update the user in the database325//326 JetspeedSecurity.saveUser(user);
327328329330//331// tell the user that they can now use jetspeed332//333334 DynamicURI url = new DynamicURI(rundata);
335336//build body via template337 StringWriter email_body = new StringWriter();
338 SimpleEmail se = new SimpleEmail();
339 Context emailContext = TurbineVelocity.getContext();
340 emailContext.put( "data", rundata );
341 emailContext.put( "user", user );
342 emailContext.put( "config",newJetspeedResources());
343 emailContext.put( "urltojetspeed",url);
344 emailContext.put( "email",se);
345346//determine the language to be used for the notification email347 String language = (String)user.getPerm("language",TurbineResources.getString("locale.default.language", "en"));
348 String country = (String)user.getPerm("country",TurbineResources.getString("locale.default.country", "US"));
349 Locale locale = new Locale(language,country);
350351 String templateFile = JetspeedResources.getString("newuser.approval.reject.template");
352 String templatePath = TemplateLocator.locateEmailTemplate(rundata, templateFile, locale );
353 TurbineVelocity.handleRequest(emailContext, templatePath, email_body);
354355 se.setMsg( email_body.toString() );
356357 Properties props = System.getProperties();
358 String mailServerMachine = JetspeedResources.getString( "mail.server" );
359 props.put ( "mail.host", mailServerMachine );
360 props.put("mail.smtp.host", mailServerMachine);
361362 se.send();
363364 } catch (Exception e)
365 {
366// log the error msg367 logger.error("Exception", e);
368369//370// error on update - display error message371//372 DynamicURI duri = new DynamicURI (rundata);
373 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
374 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_UPDATE_FAILED);
375if (user != null)
376 duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
377 duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_UPDATE);
378 rundata.setRedirectURI(duri.toString());
379// save values that user just entered so they don't have to re-enter380if (user != null)
381 rundata.getUser().setTemp(TEMP_USER, user);
382 }
383 }
384385/***386 * Database Update Action for Users. Performs updates into security database.387 *388 * @param rundata The turbine rundata context for this request.389 * @param context The velocity context for this request.390 */391publicvoid doUpdate(RunData rundata, Context context)
392 throws Exception
393 {
394JetspeedUser user = null;
395try396 {
397//398// get the user object from the selected entry in the browser399//400 user = (JetspeedUser)JetspeedSecurity.getUser(
401 rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID));
402403 String name = rundata.getParameters().getString("username");
404if (name == null || name.trim().length() == 0)
405 {
406 DynamicURI duri = new DynamicURI (rundata);
407 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
408 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_INVALID_ENTITY_NAME);
409if (user != null)
410 duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
411 duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_UPDATE);
412 rundata.setRedirectURI(duri.toString());
413// save values that user just entered so they don't have to re-enter414if (user != null)
415 rundata.getUser().setTemp(TEMP_USER, user);
416return;
417 }
418419//420// pull the values off the form and into the user object421//422boolean oldDisabled = user.getDisabled();
423 rundata.getParameters().setProperties(user);
424 user.setLastAccessDate();
425426 JetspeedSecurity.forcePassword(user,rundata.getParameters().getString("password"));
427428 String strDisabled = rundata.getParameters().getString("disabled");
429boolean disabled = (strDisabled != null);
430 user.setDisabled(disabled);
431432if (!disabled && oldDisabled && JetspeedSecurity.isDisableAccountCheckEnabled())
433 {
434 JetspeedSecurity.resetDisableAccountCheck(name);
435 }
436437//438// update the user in the database439//440 JetspeedSecurity.saveUser(user);
441442JetspeedUser currentUser = (JetspeedUser)rundata.getUser();
443if (currentUser.getUserName().equals(user.getUserName()))
444 {
445// same user as admin -- need to update in memory446 currentUser.setPassword(user.getPassword()); // Contains Encrypted password447 currentUser.setFirstName(user.getFirstName());
448 currentUser.setLastName(user.getLastName());
449 currentUser.setEmail(user.getEmail());
450 }
451452 }
453catch (Exception e)
454 {
455// log the error msg456 logger.error("Exception", e);
457458//459// error on update - display error message460//461 DynamicURI duri = new DynamicURI (rundata);
462 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
463 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_UPDATE_FAILED);
464if (user != null)
465 duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
466 duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_UPDATE);
467 rundata.setRedirectURI(duri.toString());
468// save values that user just entered so they don't have to re-enter469if (user != null)
470 rundata.getUser().setTemp(TEMP_USER, user);
471 }
472473 }
474475/***476 * Database Delete Action for Users. Performs deletes into security database.477 *478 * @param rundata The turbine rundata context for this request.479 * @param context The velocity context for this request.480 */481publicvoid doDelete(RunData rundata, Context context)
482 throws Exception
483 {
484JetspeedUser user = null;
485try486 {
487//488// get the user object from the selected entry in the browser489//490 user = (JetspeedUser)JetspeedSecurity.getUser(
491 rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID));
492493if (rundata.getUser().getUserName().equals(user.getUserName()))
494 {
495 DynamicURI duri = new DynamicURI (rundata);
496 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
497 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_CANT_DELETE_CURRENT);
498if (user != null)
499 duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
500 duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_DELETE);
501 rundata.setRedirectURI(duri.toString());
502// save values that user just entered so they don't have to re-enter503if (user != null)
504 rundata.getUser().setTemp(TEMP_USER, user);
505return;
506 }
507508//509// remove the user510//511 JetspeedSecurity.removeUser(user.getUserName());
512513 }
514catch (Exception e)
515 {
516// log the error msg517 logger.error("Exception", e);
518519//520// error on delete - display error message521//522 DynamicURI duri = new DynamicURI (rundata);
523 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
524 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_DELETE_FAILED);
525if (user != null)
526 duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
527 duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_DELETE);
528 rundata.setRedirectURI(duri.toString());
529530// save values that user just entered so they don't have to re-enter531if (user != null)
532 rundata.getUser().setTemp(TEMP_USER, user);
533534 }
535 }
536537 }