package ch.ffhs.webE.action; import java.util.Map; import ch.ffhs.webE.dao.UserDAO; import ch.ffhs.webE.domain.User; import com.opensymphony.xwork2.Action; import com.opensymphony.xwork2.ActionContext; import com.opensymphony.xwork2.ActionSupport; import com.opensymphony.xwork2.ModelDriven; public class LoginAction extends ActionSupport implements ModelDriven { private static final long serialVersionUID = 1799753056277211344L; private final User user = new User(); private final UserDAO userDAO = new UserDAO(); /* Form fields */ private String userName; private String pw; /** * JSP session object */ Map session = ActionContext.getContext().getSession(); /** * */ public LoginAction() { } public String doLogin() { // If password or user name are empty, the login fails. if ("".equals(this.getUserName()) || "".equals(this.getPw()) || this.getUserName() == null || this.getPw() == null) { this.addFieldError("userName", "Falscher Username oder Passwort"); return Action.ERROR; } String verifiedUser = this.verifyUser(this.getUserName(), this.getPw()); if (verifiedUser.equals("failed")) { this.addFieldError("userName", "Falscher Username oder Passwort"); return Action.ERROR; } else { // Put user name, password into session this.session.put("username", this.getUserName()); this.session.put("pw", this.getPw()); return verifiedUser; } } /** * Logout ausf�hren. Zerst�rt die Daten in der Session * * @return String */ public String doLogout() { // Kill Session content ActionContext.getContext().getSession().clear(); return Action.SUCCESS; } /** * Verify user credentials * * @param String * username: User name * @param String * password: Password (hashed) * @return */ public String verifyUser(String username, String password) { // DB Query User u = this.userDAO.getByUsername(username); // User does not exist if (u == null) { return Action.ERROR; } // User password does not match if (!u.getPassword().equals(password)) { return Action.ERROR; } // User credentials are fine, check for admin rights if (u.isAdmin()) { return "admin"; } else { return "user"; } } public String getUserName() { return this.userName; } public void setUserName(String userName) { this.userName = userName; } public String getPw() { return this.pw; } public void setPw(String pw) { this.pw = pw; } @Override public User getModel() { return this.user; } }