String username = loginForm.getMemberUserName();
String password = loginForm.getMemberPassword();
MemberVO token = null;
LoginHistoryVO accessHistory = null;
ServletContext sCtx = request.getSession().getServletContext();
WebApplicationContext wCtx = WebApplicationContextUtils.getWebApplicationContext(sCtx);
MyAlumniUserContainer container = (MyAlumniUserContainer)wCtx.getBean("userContainer");
logger.info("Login attempt --> , [ " + username + " ][ " + currentIP + "]");
if (counter == null) {
session.setAttribute("loginCounter", new Integer(loginCounter));
session.setAttribute("loginUserCounter", username);
} else {
loginCounter = counter.intValue();
}
// login and store it in the session
accessHistory = createAccessHistory(request, username);
try {
token = securityService.login(username, password, currentIP);
token.setLoginSuccessfull(true);
accessHistory.setLoginStatus(BaseConstants.LOGIN_PASS);
accessHistory.setReasonCode(ReasonCodes.SUCCESS);
// Prompt user to change password
if (token.getPromptChange().equals(BaseConstants.BOOLEAN_YES)){
loginForm.setMemberUserName(token.getMemberUserName());
loginForm.setMemberPassword("");
loginForm.setMemberTempPassword("");
loginForm.setMemberPasswordConfirm("");
session.invalidate();
errors.add(BaseConstants.INFO_KEY, new ActionMessage("errors.login.resetpassword"));
saveMessages(request, errors);
accessHistory.setLoginStatus(BaseConstants.LOGIN_FAIL);
accessHistory.setReasonCode(ReasonCodes.CHANGE_PASSWORD);
securityService.addAccessTrail(accessHistory);
return mapping.findForward(BaseConstants.FWD_EXPIRED_PASSWORD);
}
// Cant find roles
if (token.getIsAdmin() == null || (!token.getIsAdmin().equals(BaseConstants.BOOLEAN_NO) & !token.getIsAdmin().equals(BaseConstants.BOOLEAN_YES))){
errors.add(BaseConstants.ERROR_KEY, new ActionMessage("errors.login.role"));
saveMessages(request, errors);
accessHistory.setLoginStatus(BaseConstants.LOGIN_FAIL);
accessHistory.setReasonCode(ReasonCodes.NO_ROLES_FOUND);
securityService.addAccessTrail(accessHistory);
return mapping.getInputForward();
}
} catch (UserAccountException e) {
//token.setLoginSuccessfull(false);
if (e.getExceptionReason() == NotLoginException.ACCOUNT_DEACTIVATED) {
session.invalidate();
errors.add(BaseConstants.WARN_KEY, new ActionMessage("errors.account.deactivated"));
saveMessages(request, errors);
logger.info("ACCOUNT DEACTIVATED : " + username);
accessHistory.setLoginStatus(BaseConstants.LOGIN_FAIL);
accessHistory.setReasonCode(ReasonCodes.ACCOUNT_DEACTIVATED);
securityService.addAccessTrail(accessHistory);
return mapping.getInputForward();
}
if (e.getExceptionReason() == NotLoginException.ACCOUNT_DELETED) {
session.invalidate();
errors.add(BaseConstants.WARN_KEY, new ActionMessage("errors.account.deleted"));
saveMessages(request, errors);
accessHistory.setLoginStatus(BaseConstants.LOGIN_FAIL);
accessHistory.setReasonCode(ReasonCodes.ACCOUNT_DELETED);
securityService.addAccessTrail(accessHistory);
return mapping.getInputForward();
}
if (e.getExceptionReason() == NotLoginException.ACCOUNT_LOCKED) {
session.invalidate();
errors.add(BaseConstants.WARN_KEY, new ActionMessage("errors.account.locked"));
saveMessages(request, errors);
logger.info("ACCOUNT LOCKED : " + username);
accessHistory.setLoginStatus(BaseConstants.LOGIN_FAIL);
accessHistory.setReasonCode(ReasonCodes.ACCOUNT_LOCKED);
securityService.addAccessTrail(accessHistory);
return mapping.getInputForward();
}
else if (e.getExceptionReason() == NotLoginException.WRONG_PASSWORD) {
//session.invalidate();
errors.add(BaseConstants.WARN_KEY, new ActionMessage("errors.password.mismatch", currentIP));
saveMessages(request, errors);
logger.info("INVALID PASSWORD : " + username);
accessHistory.setLoginStatus(BaseConstants.LOGIN_FAIL);
accessHistory.setReasonCode(ReasonCodes.INVALID_CREDENTIAL);
// increment failed login counter
// if the same user contineously try to login , counter increases
// if a diff user from the prev user, but same session, counter resets
if (username.equals(session.getAttribute("loginUserCounter"))) {
loginCounter++;
} else {
loginCounter = 0;
session.setAttribute("loginCounter", new Integer(loginCounter));
}
// Maximum number of time a user can try to login unsuccessfully
int userMaxLogin = Integer.parseInt(getSysProp().getValue("USER_MAX_LOGIN"));
if (loginCounter >= userMaxLogin) {
logger.warn(username + " : User has exceeded maximum number of login attempts");
logger.warn("User account has been disabled. Please contact System Administrator");
// deactivating user account
if (securityService.lockMemberAccount(username)) {
session.invalidate();
errors.add(BaseConstants.WARN_KEY, new ActionMessage("errors.account.locked"));
logger.info("ACCOUNT LOCKED : IP: (" + currentIP + ") " + username);
accessHistory.setLoginStatus(BaseConstants.LOGIN_FAIL);
accessHistory.setReasonCode(ReasonCodes.ACCOUNT_LOCKED);
securityService.addAccessTrail(accessHistory);
return mapping.getInputForward();
}
} else {
session.setAttribute("loginCounter", new Integer(loginCounter));
}
securityService.addAccessTrail(accessHistory);
return mapping.getInputForward();
}
else if (e.getExceptionReason() == NotLoginException.WRONG_USERNAME) {
logger.info("INVALID USERNAME: IP: (" + currentIP + ") " + username + " User login attempt has failed. Count = " + loginCounter);
accessHistory.setLoginStatus(BaseConstants.LOGIN_FAIL);
accessHistory.setReasonCode(ReasonCodes.ACCOUNT_INVALID);
errors.add(BaseConstants.WARN_KEY, new ActionMessage("errors.password.mismatch"));
saveMessages(request, errors);
logger.info("UNSUCCESSFULL FWD_LOGIN - Invalid login IP: (" + currentIP + ") " + username);
accessHistory.setLoginStatus(BaseConstants.LOGIN_FAIL);
accessHistory.setReasonCode(ReasonCodes.INVALID_CREDENTIAL);
securityService.addAccessTrail(accessHistory);
return mapping.getInputForward();
}
else if (e.getExceptionReason() == NotLoginException.ACCOUNT_UNAPPROVED) {
errors.add(BaseConstants.WARN_KEY, new ActionMessage("errors.account.notapproved"));
saveMessages(request, errors);
logger.info("UNSUCCESSFULL FWD_LOGIN - Account not approved yet. : IP: (" + currentIP + ") " + username);
accessHistory.setLoginStatus(BaseConstants.LOGIN_FAIL);
accessHistory.setReasonCode(ReasonCodes.ACCOUNT_UNAPPROVED);
securityService.addAccessTrail(accessHistory);
return mapping.getInputForward();
}
}
if (token.isLoginSuccessfull()) {
//clear out any old session info
session = request.getSession(false);
if (session != null) {
session.invalidate();
}
// Create a new session for this user
session = request.getSession(true);
// place users container in session
container.setToken(token);
setSessionUserContainer(request, container);
setupOtherTasks(request, container, token);
int sessionTimeout = setupSessionTimeout(session);
// adding the user user the list of online users
token.setLastRequestTime(new Date());
OnlineUserManager manager = OnlineUserManager.getInstance();
manager.addOnlineUser(token, sessionTimeout);
//sCtx.setAttribute("onlineusers", manager.getOnlineUsers(sessionTimeout));
setServletContextObject(request, "onlineusers", manager.getOnlineUsers(sessionTimeout));
session.setAttribute(BaseConstants.IS_ONLINE, BaseConstants.BOOLEAN_YES);
session.setAttribute(BaseConstants.IS_ADMIN, token.getIsAdmin());
// ADMIN
String context = request.getPathInfo();
if (context.startsWith("/admin/") && token.getIsAdmin().equals(BaseConstants.BOOLEAN_YES)){
setupAdminDesktop(request, memService, classNewsService, privateMessageService);
securityService.addAccessTrail(accessHistory);
}
else if (context.startsWith("/member/") &&
(token.getIsAdmin().equals(BaseConstants.BOOLEAN_YES) ||
token.getIsAdmin().equals(BaseConstants.BOOLEAN_NO))){
securityService.addAccessTrail(accessHistory);
}
else{
accessHistory.setLoginStatus(BaseConstants.LOGIN_FAIL);
accessHistory.setReasonCode(ReasonCodes.ACCOUNT_UNAUTHORIZED);
securityService.addAccessTrail(accessHistory);
errors.add(BaseConstants.WARN_KEY, new ActionMessage("errors.account.notenoughrights"));
saveMessages(request, errors);
logger.info("ACCOUNT UNAUTHORIZED : IP: (" + currentIP + ") " + username);
return mapping.getInputForward();