Subversion Repositories WebE

Rev

Rev 33 | View as "text/plain" | Blame | Compare with Previous | Last modification | View Log | RSS feed

1
package ch.ffhs.webE.action;

import java.util.Map;

import ch.ffhs.webE.dao.UserDAO;
import ch.ffhs.webE.domain.User;

import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionSupport;
import com.opensymphony.xwork2.ModelDriven;

public class LoginAction extends ActionSupport implements ModelDriven<User>
{

  private static final long serialVersionUID = 1799753056277211344L;
  private final User user = new User();
  private final UserDAO userDAO = new UserDAO();

  /* Form fields */
  private String userName;
  private String pw;

  /**
   * JSP session object
   */
  Map<String, Object> session = ActionContext.getContext().getSession();

  /**
   *
   */
  public LoginAction()
  {
  }

  public String doLogin()
  {

    // If password or user name are empty, the login fails.
    if ("".equals(this.getUserName()) || "".equals(this.getPw())
        || this.getUserName() == null || this.getPw() == null)
    {
      this.addFieldError("userName", "Falscher Username oder Passwort");
      return Action.ERROR;
    }

    String verifiedUser = this.verifyUser(this.getUserName(), this.getPw());
    if (verifiedUser.equals("failed"))
    {
      this.addFieldError("userName", "Falscher Username oder Passwort");
      return Action.ERROR;
    }
    else
    {

      // Put user name, password into session
      this.session.put("username", this.getUserName());
      this.session.put("pw", this.getPw());
      return verifiedUser;
    }
  }

  /**
   * Logout ausf�hren. Zerst�rt die Daten in der Session
   *
   * @return String
   */
  public String doLogout()
  {
    // Kill Session content
    ActionContext.getContext().getSession().clear();
    return Action.SUCCESS;
  }

  /**
   * Verify user credentials
   *
   * @param String
   *          username: User name
   * @param String
   *          password: Password (hashed)
   * @return
   */
  public String verifyUser(String username, String password)
  {
    // DB Query
    User u = this.userDAO.getByUsername(username);

    // User does not exist
    if (u == null)
    {
      return Action.ERROR;
    }

    // User password does not match
    if (!u.getPassword().equals(password))
    {
      return Action.ERROR;
    }

    // User credentials are fine, check for admin rights
    if (u.isAdmin())
    {
      return "admin";
    }
    else
    {
      return "user";
    }
  }

  public String getUserName()
  {
    return this.userName;
  }

  public void setUserName(String userName)
  {
    this.userName = userName;
  }

  public String getPw()
  {
    return this.pw;
  }

  public void setPw(String pw)
  {
    this.pw = pw;
  }

  @Override
  public User getModel()
  {
    return this.user;
  }
}