disp.logToAccessLog(req, answer, "loginUser");
return answer;
}
User userDB = disp.findUser(userId);
// if user exists it is a relogin....
if (disp.currentUsers.get(userId) == null) {
answer.setRelogin(false);
} else {
answer.setRelogin(true);
}
// if more than our loginwaittimeout we reset logintimedoubler
GregorianCalendar calendar = new GregorianCalendar();
calendar.add(Calendar.MINUTE, -disp.loginWaitTimeOut);
if (disp.currentFailedUsers.containsKey(userId)) {
if (Dispatcher.logger.isDebugEnabled()) {
Dispatcher.logger.log(
Level.DEBUG,
"calendar: "
+ new SimpleDateFormat(
"yyyy-MM-dd HH:mm:ss")
.format(calendar.getTime()));
Dispatcher.logger
.log(Level.DEBUG,
"usercalendar: "
+ new SimpleDateFormat(
"yyyy-MM-dd HH:mm:ss")
.format(((Calendar) disp.currentFailedUsers
.get(userId)
.getCalendar())
.getTime()));
Dispatcher.logger.log(
Level.DEBUG,
"after: "
+ calendar.after(disp.currentFailedUsers
.get(userId).getCalendar()));
}
}
if (disp.currentFailedUsers.containsKey(userId)
&& calendar.after(disp.currentFailedUsers.get(userId)
.getCalendar())) {
disp.currentFailedUsers.remove(userId);
// currentFailedUsers.put(userId,new LoginWait());
if (Dispatcher.logger.isDebugEnabled()) {
Dispatcher.logger.log(Level.DEBUG,
"loginUser(): reset user ");
}
}
// if to many tries no entry
if (disp.currentFailedUsers.containsKey(userId)
&& disp.currentFailedUsers.get(userId).getNoOfWrongTries() > 10) {
answer.setStatus(LoginAnswer.FAILED);
answer.setInfo("To many tries");
answer.getFetch().removeValue("PASSWORD");
// log to accessLog
disp.logToAccessLog(req, answer, "loginUser");
return answer;
}
// wrong password
if (null == userDB
|| !disp.passy
.compareHashes(passWord, userDB.getPassword())) {
// double wait time on wrong password.... holds thread for wait
// time
disp.doubleLoginWait(userId);
// create answer
answer.setLoginWait(disp.currentFailedUsers.get(userId)
.getWait().intValue());
answer.setStatus(LoginAnswer.FAILED);
answer.setInfo("no match for username password in db");
answer.getFetch().removeValue("PASSWORD");
// log to accessLog
disp.logToAccessLog(req, answer, "loginUser");
return answer;
}
// no user with our userid in the internal user holder currentUsers
if (disp.currentUsers.get(userId) == null) {
// if we need to change password expired or forced
if ((userDB.getTspassword() != null && ((new Date().getTime() / 1000) - (userDB
.getTspassword().getTime() / 1000)) > disp
.getPasswordLifeLength() * 60 * 60 * 24)
|| new Integer(1).equals(userDB.getChangepassword())) {
// create answer
answer.setStatus("changepassword");
answer.setInfo("user needs to change password");
// there is never any reason to return a password to
// the client
answer.getFetch().removeValue("PASSWORD");
// log to accessLog
disp.logToAccessLog(req, answer, "loginUser");
return answer;
}
// !!!!!!!!!!!!!!!!!creating new
// user!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
if (Dispatcher.logger.isDebugEnabled()) {
Dispatcher.logger.log(Level.DEBUG,
"loginUser(): creating new user: " + userId);
}
disp.getWriteLockUserTable();
// currentUsers.put(userId, createUser());
disp.currentUsers.put(userId, disp.findUser(userId));
try {
// populate the user
User user = disp.currentUsers.get(userId);
// Is the User on an active centre?
if (!new Integer(1).equals(disp.getCentre(
user.getCentreid()).getStatus())) {
// Users centre is inactive, try to find an active one
Map<String, UsercentrerelBean> ucrMap = null;
ucrMap = UsercentrerelFinder.findByUseridReturnMap(user
.getId());
Iterator<String> it = ucrMap.keySet().iterator();
UsercentrerelBean ucrBean = null;
String tempCentreid = null;
while (it.hasNext()) { // Loop users all centres
tempCentreid = it.next();
ucrBean = ucrMap.get(tempCentreid);
if (new Integer(1).equals(ucrBean.getStatus())) {
Dispatcher.logger.log(
Level.INFO,
"loginUser(): users centre inactive: "
+ user.getCentreid()
+ ", moved to: "
+ ucrBean.getCentreid()
+ ", userid: " + userId);
// Active centre found, set info to user
user.setCentreid(ucrBean.getCentreid());
user.setGroupid(ucrBean.getGroupid());
break;
}
}
}
user.setPrevTslastlogin(user.getTslastlogin());
user.setTslastlogin(new Timestamp(System
.currentTimeMillis()));
((UserBean) user).store();
user.setLastActivityTimeStamp();
/*
* current session id is used to prevent problem when
* restarting server and logging in from old sessionid
*/
user.setSessionId(req.getSession().getId());
// Set user's default sortlist from dispatcher's
// list
disp.setStandardSortOrder(user);
// we set users donelogin to true as we have done a
// login or relogin
user.setFromPage("login.jsp");
// new user should be sent to start, or something...
answer.setReturnToPage(disp.getUserReturnToPage(user));
if (isAjaxLogin) {
// ajaxlogin can be on any page, set its name
user.setFromPage(thisPageName);
} else {
// if loginpage login
user.setDoneLogin(true);
}
// removes user from currentFailedUsers on successfull
// login
if (disp.currentFailedUsers.containsKey(userId)) {
disp.currentFailedUsers.remove(userId);
}
// create answer
// answer.setUserId(userId);
answer.setStatus("loggedin");
answer.setInfo("new user created");
} finally {
disp.releaseWriteLockUserTable();
}
if (Dispatcher.logger.isDebugEnabled()) {
Dispatcher.logger.log(Level.DEBUG,
"loginUser() new user complete: " + userId);
}
} else {
// user exists in currentUsers
User u = disp.currentUsers.get(userId);
// update timestamp in user...
u.setLastActivityTimeStamp();
u.setSessionId(req.getSession().getId());
// we set users frompage to login.jsp as we have done a
// login or
// relogin saving frompage in answer
answer.setReturnToPage(u.getFromPage());
if (!isAjaxLogin) {
u.setDoneLogin(true);
}
// removes user from currentFailedUsers on successfull
// login
if (disp.currentFailedUsers.containsKey(userId)) {
disp.currentFailedUsers.remove(userId);
}
// creating answer
answer.setStatus("loggedin");
answer.setInfo("old user checked password successfully");
answer.setFetch(u.getFetch());
}
// there is never any reason to return a password to the client
if (null != answer.getFetch()) {
answer.getFetch().removeValue("PASSWORD");