From 140eaef6701b0d03a5f6015c3d6f8970f07c3ad3 Mon Sep 17 00:00:00 2001
From: jeb228 <jeb228@440791e1-c2bf-4c1e-ad7c-caf3f8b0ebe8>
Date: Fri, 3 Sep 2010 20:58:14 +0000
Subject: [PATCH] NIHVIVO-736 Create a Login.java controller to replace
 login_process.jsp.

---
 webapp/config/web.xml                         | 19 +++--
 .../vitro/webapp/controller/Controllers.java  |  1 +
 .../webapp/controller/edit/Authenticate.java  | 44 +++--------
 .../vitro/webapp/controller/edit/Login.java   | 79 +++++++++++++++++++
 .../vitro/webapp/controller/edit/Logout.java  |  5 +-
 .../controller/login/LoginProcessBean.java    | 18 +++++
 webapp/web/login_process.jsp                  | 49 ------------
 7 files changed, 127 insertions(+), 88 deletions(-)
 create mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Login.java
 delete mode 100644 webapp/web/login_process.jsp

diff --git a/webapp/config/web.xml b/webapp/config/web.xml
index 8046cce14..380837662 100644
--- a/webapp/config/web.xml
+++ b/webapp/config/web.xml
@@ -1041,14 +1041,14 @@
     <servlet-class>edu.cornell.mannlib.vitro.webapp.controller.edit.Authenticate</servlet-class>
   </servlet>
 
+  <servlet>
+    <servlet-name>login</servlet-name>
+    <servlet-class>edu.cornell.mannlib.vitro.webapp.controller.edit.Login</servlet-class>
+  </servlet>
+
   <servlet>
     <servlet-name>logout</servlet-name>
     <servlet-class>edu.cornell.mannlib.vitro.webapp.controller.edit.Logout</servlet-class>
-    <init-param>
-      <param-name>properties</param-name>
-      <param-value>WEB-INF/classes/formbeans/Login_forms.properties</param-value>
-    </init-param>
-    <!--load-on-startup>2</load-on-startup-->
   </servlet>
 
   <servlet>
@@ -1203,6 +1203,15 @@
     <servlet-name>authenticate</servlet-name>
     <url-pattern>/authenticate</url-pattern>
   </servlet-mapping>
+  <servlet-mapping>
+    <servlet-name>login</servlet-name>
+    <url-pattern>/login</url-pattern>
+  </servlet-mapping>
+  <servlet-mapping>
+    <!-- for backward-compatibility -->
+    <servlet-name>login</servlet-name>
+    <url-pattern>/login_process.jsp</url-pattern> 
+  </servlet-mapping>
   <servlet-mapping>
     <servlet-name>logout</servlet-name>
     <url-pattern>/logout</url-pattern>
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/Controllers.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/Controllers.java
index defa3700d..fc6c0c100 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/Controllers.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/Controllers.java
@@ -34,6 +34,7 @@ public class Controllers {
 
     public static final String SITE_ADMIN = "/siteAdmin";
     public static final String LOGIN = "/siteAdmin";
+    public static final String AUTHENTICATE = "/authenticate";
     
     public static final String EXPORT_RDF = "/export";
     
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java
index db83a30d2..cb1447977 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java
@@ -39,9 +39,12 @@ import edu.cornell.mannlib.vitro.webapp.dao.jena.LoginEvent;
 import edu.cornell.mannlib.vitro.webapp.dao.jena.LoginLogoutEvent;
 
 public class Authenticate extends FreemarkerHttpServlet {
-	/** Maximum inactive interval for a ordinary logged in user session, in seconds. */
+	/**
+	 * Maximum inactive interval for a ordinary logged in user session, in
+	 * seconds.
+	 */
 	public static final int LOGGED_IN_TIMEOUT_INTERVAL = 300;
-	
+
 	/** Maximum inactive interval for a editor (or better) session, in seconds. */
 	public static final int PRIVILEGED_TIMEOUT_INTERVAL = 32000;
 
@@ -73,9 +76,6 @@ public class Authenticate extends FreemarkerHttpServlet {
 	public static final String BODY_FORM_ACTION = "formAction";
 	public static final String BODY_ERROR_MESSAGE = "errorMessage";
 
-	/** If no portal is specified in the request, use this one. */
-	private static final int DEFAULT_PORTAL_ID = 1;
-
 	/** Where do we find the User/Session map in the servlet context? */
 	public static final String USER_SESSION_MAP_ATTR = "userURISessionMap";
 
@@ -307,7 +307,9 @@ public class Authenticate extends FreemarkerHttpServlet {
 		getUserDao(request).updateUser(user);
 
 		// Set the timeout limit on the session - editors, etc, get more.
-		session.setMaxInactiveInterval(LOGGED_IN_TIMEOUT_INTERVAL); // seconds, not milliseconds
+		session.setMaxInactiveInterval(LOGGED_IN_TIMEOUT_INTERVAL); // seconds,
+																	// not
+																	// milliseconds
 		try {
 			if ((int) Integer.decode(lfb.getLoginRole()) > 1) {
 				session.setMaxInactiveInterval(PRIVILEGED_TIMEOUT_INTERVAL);
@@ -513,33 +515,9 @@ public class Authenticate extends FreemarkerHttpServlet {
 		return request.getContextPath();
 	}
 
-	/**
-	 * What portal are we currently in?
-	 */
-	private String getPortalIdString(HttpServletRequest request) {
-		String portalIdParameter = request.getParameter("home");
-		if (portalIdParameter == null) {
-			return String.valueOf(DEFAULT_PORTAL_ID);
-		} else {
-			return portalIdParameter;
-		}
-	}
-
-	/**
-	 * How is the login process coming along?
-	 */
+	/** Where do we stand in the login process? */
 	private LoginProcessBean getLoginProcessBean(HttpServletRequest request) {
-		HttpSession session = request.getSession();
-
-		LoginProcessBean bean = (LoginProcessBean) session
-				.getAttribute(LoginProcessBean.SESSION_ATTRIBUTE);
-
-		if (bean == null) {
-			bean = new LoginProcessBean();
-			session.setAttribute(LoginProcessBean.SESSION_ATTRIBUTE, bean);
-		}
-
-		return bean;
+		return LoginProcessBean.getBeanFromSession(request);
 	}
 
 	// ----------------------------------------------------------------------
@@ -561,7 +539,7 @@ public class Authenticate extends FreemarkerHttpServlet {
 			throw new RuntimeException(e);
 		}
 	}
-	
+
 	/**
 	 * The servlet context should contain a map from User URIs to
 	 * {@link HttpSession}s. Get a reference to it, creating it if necessary.
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Login.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Login.java
new file mode 100644
index 000000000..9b58b43d6
--- /dev/null
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Login.java
@@ -0,0 +1,79 @@
+/* $This file is distributed under the terms of the license in /doc/license.txt$ */
+
+package edu.cornell.mannlib.vitro.webapp.controller.edit;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
+import edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean;
+
+/**
+ * Provide a means for programmatic login (replaces old login_process.jsp). If
+ * they provide the right parameters, send them to be authenticated.
+ */
+public class Login extends HttpServlet {
+	private final static int DEFAULT_PORTAL_ID = 1;
+
+	public static final String PARAM_USERNAME = "loginName";
+	public static final String PARAM_PASSWORD = "loginPassword";
+
+	@Override
+	protected void doPost(HttpServletRequest request,
+			HttpServletResponse response) throws ServletException, IOException {
+		/*
+		 * For backward compatibility, if they requested a logout, honor the
+		 * request.
+		 */
+		if ("Log Out".equals(request.getParameter("loginSubmitMode"))) {
+			request.getRequestDispatcher("/logout").forward(request, response);
+			return;
+		}
+
+		String username = request.getParameter(PARAM_USERNAME);
+		String password = request.getParameter(PARAM_PASSWORD);
+
+		/*
+		 * If either the username or password are empty, send them to the site
+		 * admin page.
+		 */
+		if ((username == null) || (username.equals("")) || (password == null)
+				|| (password.equals(""))) {
+			response.sendRedirect(request.getContextPath()
+					+ Controllers.SITE_ADMIN + "?home="
+					+ getPortalIdString(request));
+			return;
+		}
+
+		/*
+		 * Otherwise, set up as if they had filled in the login form, and send
+		 * them to authenticate it.
+		 */
+		LoginProcessBean bean = LoginProcessBean.getBeanFromSession(request);
+		bean.setState(LoginProcessBean.State.LOGGING_IN);
+		request.getRequestDispatcher(Controllers.AUTHENTICATE).forward(request,
+				response);
+	}
+
+	private final String getPortalIdString(HttpServletRequest request) {
+		String pId = (String) request.getAttribute("home");
+		if (pId == null) {
+			pId = request.getParameter("home");
+		}
+		if (pId == null) {
+			pId = String.valueOf(DEFAULT_PORTAL_ID);
+		}
+		return pId;
+	}
+
+	@Override
+	protected void doGet(HttpServletRequest request,
+			HttpServletResponse response) throws ServletException, IOException {
+		doPost(request, response);
+	}
+
+}
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Logout.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Logout.java
index 73da726c0..6314eb869 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Logout.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Logout.java
@@ -17,7 +17,10 @@ import edu.cornell.mannlib.vitro.webapp.dao.UserDao;
 import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
 import edu.cornell.mannlib.vitro.webapp.dao.jena.LogoutEvent;
 
-public class Logout extends HttpServlet /* implements SingleThreadModel */{
+/**
+ * Provide a means for programmatic logout.
+ */
+public class Logout extends HttpServlet {
 
 	private static final Log log = LogFactory.getLog(Logout.class.getName());
 
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/login/LoginProcessBean.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/login/LoginProcessBean.java
index 79e32aa5a..34a47b4ba 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/login/LoginProcessBean.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/login/LoginProcessBean.java
@@ -5,6 +5,9 @@ package edu.cornell.mannlib.vitro.webapp.controller.login;
 import java.text.MessageFormat;
 import java.util.Arrays;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
 /**
  * Where are we in the process of logging on? What message should we show to the
  * user?
@@ -15,6 +18,21 @@ public class LoginProcessBean {
 	public static final String SESSION_ATTRIBUTE = LoginProcessBean.class
 			.getName();
 
+	/**
+	 * Get the login process bean from the session. If there is none, create
+	 * one.
+	 */
+	public static LoginProcessBean getBeanFromSession(HttpServletRequest request) {
+		HttpSession session = request.getSession();
+		LoginProcessBean bean = (LoginProcessBean) session
+				.getAttribute(SESSION_ATTRIBUTE);
+		if (bean == null) {
+			bean = new LoginProcessBean();
+			session.setAttribute(SESSION_ATTRIBUTE, bean);
+		}
+		return bean;
+	}
+
 	public enum State {
 		NOWHERE, LOGGING_IN, FORCED_PASSWORD_CHANGE, CANCELLED, LOGGED_IN
 	}
diff --git a/webapp/web/login_process.jsp b/webapp/web/login_process.jsp
deleted file mode 100644
index 6a3c7d227..000000000
--- a/webapp/web/login_process.jsp
+++ /dev/null
@@ -1,49 +0,0 @@
-<%-- $This file is distributed under the terms of the license in /doc/license.txt$ --%>
-
-<%@ page isThreadSafe="false" %>
-<%@ page import="java.util.*" %>
-<%@ page import="edu.cornell.mannlib.vitro.webapp.controller.Controllers" %>
-
-<%@ taglib uri="http://java.sun.com/jstl/core" prefix="c" %>
-
-<%  final int DEFAULT_PORTAL_ID=1;
-    String portalIdStr=(portalIdStr=(String)request.getAttribute("home"))==null ?
-        ((portalIdStr=request.getParameter("home"))==null?String.valueOf(DEFAULT_PORTAL_ID):portalIdStr):portalIdStr;
-        //int incomingPortalId=Integer.parseInt(portalIdStr);    
-%>
-
-<jsp:useBean id="loginHandler" class="edu.cornell.mannlib.vedit.beans.LoginFormBean" scope="session">
-    <jsp:setProperty name="loginHandler" property="*"/>
-</jsp:useBean>
-
-<c:url var="siteAdminUrl" value="<%= Controllers.SITE_ADMIN %>" />
-
-<% 
-
-    String submitModeStr = request.getParameter("loginSubmitMode");
-    if ( submitModeStr == null ) {
-        submitModeStr = "unknown";
-    } 
-    
-    if ( submitModeStr.equalsIgnoreCase("Log Out")) { %>
-        <jsp:forward page="/logout" >
-            <jsp:param name="home" value="<%= portalIdStr %>" />
-        </jsp:forward>
-        
-<%  } else if ( submitModeStr.equalsIgnoreCase("Log In")) {
-        String loginNameStr = request.getParameter("loginName");
-        String loginPasswordStr = request.getParameter("loginPassword"); %>
-        <jsp:setProperty name="loginHandler" property="loginName" value="<%= loginNameStr %>" />
-        <jsp:setProperty name="loginHandler" property="loginPassword" value="<%= loginPasswordStr %>" />
-        <jsp:setProperty name="loginHandler" property="loginRemoteAddr" value="<%= request.getRemoteAddr() %>" />
-        
-<%      if ( loginHandler.validateLoginForm() ) { %>
-            <jsp:forward page="/authenticate" >
-                <jsp:param name="home" value="<%= portalIdStr %>" />
-            </jsp:forward>
-<%      } else {
-            String redirectURL = "${siteAdminUrl}?home=" + portalIdStr + "&amp;login=block";
-            response.sendRedirect(redirectURL);
-       }
-    }
-%>
\ No newline at end of file