View Javadoc
1   /*
2    * #%L
3    * Coser :: Web
4    * %%
5    * Copyright (C) 2011 Ifremer, Codelutin, Chatellier Eric, Chemit Tony
6    * %%
7    * This program is free software: you can redistribute it and/or modify
8    * it under the terms of the GNU Affero General Public License as published by
9    * the Free Software Foundation, either version 3 of the License, or
10   * (at your option) any later version.
11   * 
12   * This program is distributed in the hope that it will be useful,
13   * but WITHOUT ANY WARRANTY; without even the implied warranty of
14   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15   * GNU General Public License for more details.
16   * 
17   * You should have received a copy of the GNU Affero General Public License
18   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
19   * #L%
20   */
21  
22  package fr.ifremer.coser.web.actions.auth;
23  
24  import fr.ifremer.coser.web.CoserWebConfig;
25  import fr.ifremer.coser.web.actions.common.AbstractCoserAction;
26  import org.apache.commons.logging.Log;
27  import org.apache.commons.logging.LogFactory;
28  import org.apache.struts2.convention.annotation.Result;
29  import org.apache.struts2.interceptor.SessionAware;
30  import org.nuiton.util.StringUtil;
31  
32  import java.util.Map;
33  
34  /**
35   * Perform login action.
36   * <p/>
37   * Last update : $Date$
38   * By : $Author$
39   *
40   * @author chatellier
41   * @version $Revision$
42   */
43  @Result(type = "redirect", location = "/admin/index")
44  public class PerformLoginAction extends AbstractCoserAction implements SessionAware {
45  
46      private static final long serialVersionUID = 1L;
47  
48      /** Logger. */
49      private static final Log log = LogFactory.getLog(PerformLoginAction.class);
50  
51      protected String login;
52  
53      protected String password;
54  
55      protected transient Map<String, Object> session;
56  
57      public void setLogin(String login) {
58          this.login = login;
59      }
60  
61      public void setPassword(String password) {
62          this.password = password;
63      }
64  
65      @Override
66      public void setSession(Map<String, Object> session) {
67          this.session = session;
68      }
69  
70      @Override
71      public String execute() throws Exception {
72          CoserWebConfig config = getService().getConfig();
73          String result;
74          if (config.getAdminLogin().equals(login) && equalsSHA1Password(config, password)) {
75              if (log.isInfoEnabled()) {
76                  log.info("Successfull login: "+login);
77              }
78              session.put(LoginInterceptor.SESSION_PARAMETER_LOGIN, login);
79  
80              result = SUCCESS;
81          } else {
82              addActionError("Invalid login/password");
83              result = INPUT;
84          }
85          return result;
86      }
87  
88      /**
89       * Check if sha1 password equals to config password.
90       * <p/>
91       * Config password can be plain or sha1 encoded.
92       *
93       * @param config   config
94       * @param password password to check
95       * @return equality
96       */
97      protected boolean equalsSHA1Password(CoserWebConfig config, String password) {
98  
99          // first test sha1 equality
100         String configSha1Password = config.getAdminPassword();
101         String sha1Password = StringUtil.encodeSHA1(password);
102         boolean result = configSha1Password.equals(sha1Password);
103 
104         // second test to encode sha1 of plain password
105         if (!result) {
106             configSha1Password = StringUtil.encodeSHA1(configSha1Password);
107             result = configSha1Password.equals(sha1Password);
108         }
109 
110         return result;
111     }
112 
113 }