public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response)
throws Exception {
ActionMessages msgs = new ActionMessages();
SessionInfo sessionInfo = LogonControllerFactory.getInstance().getSessionInfo(request);
if (sessionInfo == null && request.getSession().getAttribute(Constants.SESSION_LOCKED) == null
&& LogonControllerFactory.getInstance().hasClientLoggedOn(request, response) == LogonController.LOGGED_ON) {
if (log.isDebugEnabled())
log.debug(request.getRemoteHost() + " is already authenticated");
return mapping.findForward("success");
}
/*
* Get the authentication session and module to use to validate this
* authentication attempt
*/
AuthenticationScheme scheme = (AuthenticationScheme) request.getSession().getAttribute(Constants.AUTH_SESSION);
LogonStateAndCache logonStateMachine = (LogonStateAndCache) request.getSession().getAttribute(
LogonStateAndCache.LOGON_STATE_MACHINE);
// there are different users so we need to logon again, clearing the authentication scheme and logon machine.
if (sessionInfo != null && logonStateMachine != null && !sessionInfo.getUser().equals(logonStateMachine.getUser())){
request.getSession().removeAttribute(Constants.AUTH_SESSION);
request.getSession().removeAttribute(LogonStateAndCache.LOGON_STATE_MACHINE);
LogonControllerFactory.getInstance().logoffSession(request, response);
msgs.add(Globals.ERROR_KEY, new ActionMessage("login.logonNotAllowed", "Session no longer valid, logon again."));
saveErrors(request, msgs);