NIHVIVO-736 begin the transition from LoginFormBean to LoginStatusBean.

webapp/src/edu/cornell/mannlib/vedit/beans/LoginStatusBean.java

@@ -0,0 +1,138 @@
+/* $This file is distributed under the terms of the license in /doc/license.txt$ */
+
+package edu.cornell.mannlib.vedit.beans;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+/**
+ * An immutable object that records the user's login info as a session
+ * attribute.
+ */
+public class LoginStatusBean {
+	private static final Log log = LogFactory.getLog(LoginStatusBean.class);
+
+	/**
+	 * Security level when the user has not logged in. Also used as a minimum
+	 * level when we want to include every user, logged in or not.
+	 */
+	public static final int ANYBODY = 0;
+
+	/** Security level when a user with no privileges is logged in. */
+	public static final int NON_EDITOR = 1;
+
+	/** Security level when an authorized editor is logged in. */
+	public static final int EDITOR = 4;
+
+	/** Security level when an authorized curator is logged in. */
+	public static final int CURATOR = 5;
+
+	/** Security level when a system administrator is logged in. */
+	public static final int DBA = 50;
+
+	/** A bean to return when the user has not logged in. */
+	private static final LoginStatusBean DUMMY_BEAN = new LoginStatusBean("",
+			"", ANYBODY);
+
+	/** The bean is attached to the session by this name. */
+	private static final String ATTRIBUTE_NAME = "loginStatus";
+
+	// ----------------------------------------------------------------------
+	// static methods
+	// ----------------------------------------------------------------------
+
+	/**
+	 * Attach this bean to the session.
+	 */
+	public static void setBean(HttpSession session, LoginStatusBean lsb) {
+		session.setAttribute(ATTRIBUTE_NAME, lsb);
+	}
+
+	/**
+	 * Get the bean from this request, or a dummy bean if the user is not logged
+	 * in.
+	 */
+	public static LoginStatusBean getBean(HttpServletRequest request) {
+		if (request == null) {
+			return DUMMY_BEAN;
+		}
+
+		HttpSession session = request.getSession(false);
+		if (session == null) {
+			return DUMMY_BEAN;
+		}
+
+		return getBean(session);
+	}
+
+	/**
+	 * Get the bean from this session, or a dummy bean if the user is not logged
+	 * in.
+	 */
+	public static LoginStatusBean getBean(HttpSession session) {
+		if (session == null) {
+			return DUMMY_BEAN;
+		}
+
+		Object o = session.getAttribute(ATTRIBUTE_NAME);
+		if (o == null) {
+			return DUMMY_BEAN;
+		}
+
+		if (!(o instanceof LoginStatusBean)) {
+			log.warn("Tried to get login status bean, but found an instance of "
+					+ o.getClass().getName() + ": " + o);
+			return DUMMY_BEAN;
+		}
+
+		return (LoginStatusBean) o;
+	}
+
+	// ----------------------------------------------------------------------
+	// the bean
+	// ----------------------------------------------------------------------
+
+	private final String userURI;
+	private final String username;
+	private final int securityLevel;
+
+	public LoginStatusBean(String userURI, String username, int securityLevel) {
+		this.userURI = userURI;
+		this.username = username;
+		this.securityLevel = securityLevel;
+	}
+
+	public String getUserURI() {
+		return userURI;
+	}
+
+	public String getUsername() {
+		return username;
+	}
+
+	public int getSecurityLevel() {
+		return securityLevel;
+	}
+
+	public boolean isLoggedIn() {
+		return securityLevel > ANYBODY;
+	}
+
+	public boolean isLoggedInAs(int level) {
+		return securityLevel == level;
+	}
+
+	public boolean isLoggedInAtLeast(int minimumLevel) {
+		return securityLevel >= minimumLevel;
+	}
+
+	@Override
+	public String toString() {
+		return "LoginStatusBean[userURI=" + userURI + ", username=" + username
+				+ ", securityLevel=" + securityLevel + "]";
+	}
+
+}

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java

@@ -25,6 +25,7 @@ import org.apache.commons.logging.LogFactory;
 import com.hp.hpl.jena.ontology.OntModel;
 
 import edu.cornell.mannlib.vedit.beans.LoginFormBean;
+import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.RoleBasedPolicy.AuthRole;
 import edu.cornell.mannlib.vitro.webapp.beans.User;
 import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
@@ -287,6 +288,7 @@ public class Authenticate extends FreemarkerHttpServlet {
 		HttpSession session = request.getSession();
 
 		// Put the login info into the session.
+		// TODO the LoginFormBean is being phased out.
 		LoginFormBean lfb = new LoginFormBean();
 		lfb.setUserURI(user.getURI());
 		lfb.setLoginStatus("authenticated");
@@ -295,6 +297,11 @@ public class Authenticate extends FreemarkerHttpServlet {
 		lfb.setLoginRemoteAddr(request.getRemoteAddr());
 		lfb.setLoginName(user.getUsername());
 		session.setAttribute("loginHandler", lfb);
+		// TODO this should eventually replace the LoginFormBean.
+		LoginStatusBean lsb = new LoginStatusBean(user.getURI(),
+				user.getUsername(), parseUserSecurityLevel(user));
+		LoginStatusBean.setBean(session, lsb);
+		log.info("Adding status bean: " + lsb);
 
 		// Remove the login process info from the session.
 		session.removeAttribute(LoginProcessBean.SESSION_ATTRIBUTE);
@@ -307,15 +314,10 @@ public class Authenticate extends FreemarkerHttpServlet {
 		getUserDao(request).updateUser(user);
 
 		// Set the timeout limit on the session - editors, etc, get more.
-		session.setMaxInactiveInterval(LOGGED_IN_TIMEOUT_INTERVAL); // seconds,
+		if (lsb.isLoggedInAtLeast(LoginStatusBean.EDITOR)) {
-																	// not
+			session.setMaxInactiveInterval(PRIVILEGED_TIMEOUT_INTERVAL);
-																	// milliseconds
+		} else {
-		try {
+			session.setMaxInactiveInterval(LOGGED_IN_TIMEOUT_INTERVAL);
-			if ((int) Integer.decode(lfb.getLoginRole()) > 1) {
-				session.setMaxInactiveInterval(PRIVILEGED_TIMEOUT_INTERVAL);
-			}
-		} catch (NumberFormatException e) {
-			// No problem - leave it at the default.
 		}
 
 		// Record the user in the user/Session map.
@@ -437,10 +439,8 @@ public class Authenticate extends FreemarkerHttpServlet {
 		if (session == null) {
 			return State.NOWHERE;
 		}
-
+		
-		LoginFormBean lfb = (LoginFormBean) session
+		if (LoginStatusBean.getBean(request).isLoggedIn()) {
-				.getAttribute("loginHandler");
-		if ((lfb != null) && (lfb.getLoginStatus().equals("authenticated"))) {
 			return State.LOGGED_IN;
 		}
 
@@ -456,19 +456,13 @@ public class Authenticate extends FreemarkerHttpServlet {
 			return null;
 		}
 
-		HttpSession session = request.getSession(false);
+		LoginStatusBean lsb = LoginStatusBean.getBean(request);
-		if (session == null) {
+		if (!lsb.isLoggedIn()) {
-			return null;
-		}
-
-		LoginFormBean lfb = (LoginFormBean) session
-				.getAttribute("loginHandler");
-		if (lfb == null) {
 			log.debug("getLoggedInUser: not logged in");
 			return null;
 		}
 
-		return userDao.getUserByUsername(lfb.getLoginName());
+		return userDao.getUserByUsername(lsb.getUsername());
 	}
 
 	/**
@@ -520,6 +514,19 @@ public class Authenticate extends FreemarkerHttpServlet {
 		return LoginProcessBean.getBeanFromSession(request);
 	}
 
+	/**
+	 * Parse the role URI from User. Don't crash if it is not valid.
+	 */
+	private int parseUserSecurityLevel(User user) {
+		try {
+			return Integer.parseInt(user.getRoleURI());
+		} catch (NumberFormatException e) {
+			log.warn("Invalid RoleURI '" + user.getRoleURI() + "' for user '"
+					+ user.getURI() + "'");
+			return 1;
+		}
+	}
+
 	// ----------------------------------------------------------------------
 	// Public utility methods.
 	// ----------------------------------------------------------------------

webapp/web/siteAdmin/advancedDataTools.jsp

@@ -1,6 +1,6 @@
 <%-- $This file is distributed under the terms of the license in /doc/license.txt$ --%>
 
-<% if (securityLevel >= loginHandler.DBA) { %>
+<% if (loginBean.isLoggedInAtLeast(LoginStatusBean.DBA)) { %>
     <div class="pageBodyGroup">
     
         <h3>Advanced Data Tools</h3>

webapp/web/siteAdmin/dataInput.jsp

@@ -1,6 +1,6 @@
 <%-- $This file is distributed under the terms of the license in /doc/license.txt$ --%>
 
-<% if (securityLevel >= loginHandler.EDITOR) { %>
+<% if (loginBean.isLoggedInAtLeast(LoginStatusBean.EDITOR) { %>
     <div class="pageBodyGroup">
     
 	    <h3>Data Input</h3>

webapp/web/siteAdmin/ontologyEditor.jsp

@@ -2,7 +2,7 @@
 
 <%@ page import="edu.cornell.mannlib.vitro.webapp.dao.jena.pellet.PelletListener"%>
 
-<% if (securityLevel >= loginHandler.CURATOR) { %>
+<% if (loginBean.isLoggedInAtLeast(LoginStatusBean.CURATOR)) { %>
     
         <div class="pageBodyGroup">
     

webapp/web/siteAdmin/siteAdminMain.jsp

@@ -1,5 +1,6 @@
 <%-- $This file is distributed under the terms of the license in /doc/license.txt$ --%>
 
+<%@ page import="edu.cornell.mannlib.vedit.beans.LoginStatusBean" %>
 <%@ page import="edu.cornell.mannlib.vitro.webapp.beans.Portal" %>
 <%@ page import="edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory" %>
 <%@ page import="edu.cornell.mannlib.vitro.webapp.dao.jena.pellet.PelletListener"%>
@@ -11,17 +12,10 @@
 <%@ taglib uri="http://java.sun.com/jstl/core" prefix="c" %><%/* this odd thing points to something in web.xml */ %>
 <%@ taglib prefix="form" uri="http://vitro.mannlib.cornell.edu/edit/tags" %>
 
-<jsp:useBean id="loginHandler" class="edu.cornell.mannlib.vedit.beans.LoginFormBean" scope="session" />
-
 <%
     Portal portal = (Portal) request.getAttribute("portalBean");
-    final String DEFAULT_SEARCH_METHOD = "fulltext"; /* options are fulltext/termlike */     
+    final String DEFAULT_SEARCH_METHOD = "fulltext"; /* options are fulltext/termlike */    
-    
+    LoginStatusBean loginBean = LoginStatusBean.getBean(request); 
-    int securityLevel = loginHandler.ANYBODY;
-    String loginStatus = loginHandler.getLoginStatus(); 
-    if ( loginStatus.equals("authenticated")) {
-       securityLevel = Integer.parseInt( loginHandler.getLoginRole() );
-    }
 %>
 
 
@@ -44,9 +38,6 @@
         <%@ include file="advancedDataTools.jsp" %> 
         
         <%@ include file="customReports.jsp" %> 
-        <%-- 
-        <%@ include file="sessionPreferences.jsp" %>      
-        --%>
     </div> <!--  end adminDashboard -->
     
 </div> <!-- end content -->

webapp/web/siteAdmin/siteConfiguration.jsp

@@ -1,6 +1,6 @@
 <%-- $This file is distributed under the terms of the license in /doc/license.txt$ --%>
 
-<% if (securityLevel >= loginHandler.CURATOR) { %>
+<% if (loginBean.isLoggedInAtLeast(LoginStatusBean.CURATOR) { %>
     <div class="pageBodyGroup">
     
         <h3>Site Configuration</h3>
@@ -16,7 +16,7 @@
         
             <li><a href="listTabs?home=<%=portal.getPortalId()%>">Tab management</a></li>
             
-<%          if (securityLevel >= loginHandler.DBA) { %>
+<%          if (loginBean.isLoggedInAtLeast(LoginStatusBean.DBA) { %>
                 <li><a href="listUsers?home=<%=portal.getPortalId()%>">User accounts</a></li>    
 <%          } %>      
         </ul>