boolean isInternalSecurity = ("true".equalsIgnoreCase((String)request.getAttribute("isInternalSecurity")))?true:false;
logger.debug("isInternalSecurity: " + isInternalSecurity);
if (isInternalSecurity) {
//gets the user bo
ISbiUserDAO userDao = DAOFactory.getSbiUserDAO();
SbiUser user = userDao.loadSbiUserByUserId(userId);
//check user's role: if he's admin it doesn't apply checks on password
String strAdminPatter = SingletonConfig.getInstance().getConfigValue("SPAGOBI.SECURITY.ROLE-TYPE-PATTERNS.ADMIN-PATTERN");
int sbiUserId=-1;
if (user!=null)sbiUserId=user.getId();
List lstRoles = userDao.loadSbiUserRolesById(sbiUserId);
boolean isAdminUser = false;
for (int i=0; i<lstRoles.size(); i++){
SbiExtRoles tmpRole = (SbiExtRoles)lstRoles.get(i);
Role role = DAOFactory.getRoleDAO().loadByID(tmpRole.getExtRoleId());
if (role.getName().equals(strAdminPatter)){
isAdminUser = true;
logger.debug("User is administrator. Checks on the password are not applied !");
break;
}
}
if (!isAdminUser){
//check validation of the password
logger.debug("Validation password starting...");
boolean goToChangePwd = checkPwd(user);
if (goToChangePwd){
response.setAttribute("user_id", user.getUserId());
String url = servletRequest.getProtocol().substring(0,servletRequest.getProtocol().indexOf("/")) +
"://"+servletRequest.getServerName()+":"+servletRequest.getLocalPort()+servletRequest.getContextPath();
response.setAttribute("start_url", url);
response.setAttribute(SpagoBIConstants.PUBLISHER_NAME, "ChangePwdPublisher");
return;
}
logger.info("The pwd is active!");
//update lastAccessDate on db with current date
try{
if (user!=null){
user.setDtLastAccess(new Date());
userDao.updateSbiUser(user, user.getId());
}
}catch(Exception e){
logger.error("Error while update user's dtLastAccess: " + e);
}
}