001 /*
002 *
003 * $Revision: 1.1 $ $Date: 2008/04/11 09:09:38 $
004 *
005 * This file is part of *** M y C o R e ***
006 * See http://www.mycore.de/ for details.
007 *
008 * This program is free software; you can use it, redistribute it
009 * and / or modify it under the terms of the GNU General Public License
010 * (GPL) as published by the Free Software Foundation; either version 2
011 * of the License or (at your option) any later version.
012 *
013 * This program is distributed in the hope that it will be useful, but
014 * WITHOUT ANY WARRANTY; without even the implied warranty of
015 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
016 * GNU General Public License for more details.
017 *
018 * You should have received a copy of the GNU General Public License
019 * along with this program, in a file called gpl.txt or license.txt.
020 * If not, write to the Free Software Foundation Inc.,
021 * 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA
022 */
023
024 package org.mycore.frontend.servlets;
025
026 import java.io.IOException;
027
028 import javax.servlet.ServletException;
029
030 import org.apache.log4j.Logger;
031 import org.jdom.Document;
032 import org.mycore.common.MCRConfiguration;
033 import org.mycore.common.MCRException;
034 import org.mycore.common.MCRSession;
035 import org.mycore.common.MCRSessionMgr;
036 import org.mycore.frontend.MCRWebsiteWriteProtection;
037 import org.mycore.frontend.servlets.MCRServlet;
038 import org.mycore.frontend.servlets.MCRServletJob;
039 import org.mycore.user.MCRUser;
040 import org.mycore.user.MCRUserMgr;
041
042 /**
043 * This servlet provides a web interface for the user management of the mycore
044 * system.
045 *
046 * @author Detlev Degenhardt
047 * @version $Revision: 1.1 $ $Date: 2008/04/11 09:09:38 $
048 */
049 public class MCRUserServlet extends MCRServlet {
050 private static final long serialVersionUID = 1L;
051
052 // The configuration
053 private static Logger LOGGER = Logger.getLogger(MCRUserServlet.class);
054
055 // user ID and password of the guest user
056 private static String GUEST_ID;
057
058 private static String GUEST_PWD;
059
060 /*
061 * (non-Javadoc)
062 *
063 * @see javax.servlet.GenericServlet#init()
064 */
065 public void init() throws ServletException {
066 super.init();
067 GUEST_ID = MCRConfiguration.instance().getString("MCR.Users.Guestuser.UserName", "gast");
068 GUEST_PWD = MCRConfiguration.instance().getString("MCR.Users.Guestuser.UserPasswd", "gast");
069 }
070
071 /**
072 * This method overrides doGetPost of MCRServlet and handles HTTP requests.
073 * Depending on the request parameter "mode" this method delegates the
074 * request to different methods of this servlet.
075 *
076 * @param job
077 * The MCRServletJob instance
078 * @throws IOException
079 * for java I/O errors.
080 * @throws ServletException
081 * for errors from the servlet engine.
082 */
083 public void doGetPost(MCRServletJob job) throws IOException {
084 String mode = getProperty(job.getRequest(), "mode");
085
086 // Get the MCRSession object for the current thread from the session
087 // manager.
088 MCRSession mcrSession = MCRSessionMgr.getCurrentSession();
089
090 if (mode.length() == 0) {
091 mode = "Select";
092 }
093 LOGGER.debug("SessionID: "+mcrSession.getID());
094 LOGGER.debug("CurrentID: "+mcrSession.getCurrentUserID());
095 LOGGER.debug("Mode : "+mode);
096
097 if (mode.equals("ChangePwd")) {
098 if (MCRWebsiteWriteProtection.printInfoPageIfNoAccess(job.getRequest(), job.getResponse(), getBaseURL()))
099 return;
100 changePwd(job);
101 } else if (mode.equals("CreatePwdDialog")) {
102 if (MCRWebsiteWriteProtection.printInfoPageIfNoAccess(job.getRequest(), job.getResponse(), getBaseURL()))
103 return;
104 createPwdDialog(job);
105 } else if (mode.equals("Select")) {
106 selectTask(job);
107 } else if (mode.equals("ShowUser")) {
108 showUser(job);
109 } else { // no valid mode, redirect to original URL
110
111 String backto_url = getProperty(job.getRequest(), "url");
112
113 if (backto_url.length() == 0) {
114 return;
115 }
116 LOGGER.debug("URL : "+backto_url);
117 job.getResponse().sendRedirect(job.getResponse().encodeRedirectURL(backto_url));
118 return;
119 }
120 }
121
122 /**
123 * This method handles the "ChangePwd" (change password) mode. The change
124 * password dialog of the presentation layer must provide three passwords in
125 * the http request: The new password, an repetition of the new password and
126 * (for security reasons) the old password again. This method checks if the
127 * old password is correct and if both new passwords are equal. If so, the
128 * password is changed and the control flow is routed to the presentation of
129 * possible task for the current user. If not, error messages are displayed.
130 *
131 * @param job
132 * The MCRServletJob instance
133 * @throws IOException
134 * for java I/O errors.
135 * @throws ServletException
136 * for errors from the servlet engine.
137 */
138 protected void changePwd(MCRServletJob job) throws IOException {
139 // Get the MCRSession object for the current thread from the session
140 // manager.
141 MCRSession mcrSession = MCRSessionMgr.getCurrentSession();
142 String currentUser = mcrSession.getCurrentUserID();
143
144 String pwd_1 = getProperty(job.getRequest(), "pwd_1").trim();
145 String pwd_2 = getProperty(job.getRequest(), "pwd_2").trim();
146 String oldpwd = getProperty(job.getRequest(), "oldpwd").trim();
147
148 org.jdom.Document jdomDoc = createJdomDocBase(job);
149 org.jdom.Element root = jdomDoc.getRootElement();
150
151 if (!pwd_1.equals(pwd_2)) {
152 root.setAttribute("new_pwd_mismatch", "true");
153 } else if (!MCRUserMgr.instance().login(currentUser, oldpwd)) {
154 root.setAttribute("old_pwd_mismatch", "true");
155 } else {
156 try {
157 MCRUserMgr.instance().setPassword(currentUser, pwd_1);
158 root.setAttribute("pwd_change_ok", "true");
159 doLayout(job, "SelectTask", jdomDoc); // use the stylesheet
160
161 // mcr_user-SelectTask.xsl
162 return;
163 } catch (MCRException e) {
164 root.addContent(new org.jdom.Element("error").addContent(e.getMessage()));
165 }
166 }
167
168 doLayout(job, "ChangePwd", jdomDoc); // use the stylesheet
169
170 // mcr_user-ChangePwd.xsl
171 }
172
173 /**
174 * This method handles the "CreatePwdDialog" mode. It is nothing more than
175 * choosing the right stylesheet.
176 *
177 * @param job
178 * The MCRServletJob instance
179 * @throws IOException
180 * for java I/O errors.
181 * @throws ServletException
182 * for errors from the servlet engine.
183 */
184 protected void createPwdDialog(MCRServletJob job) throws IOException {
185 org.jdom.Document jdomDoc = createJdomDocBase(job);
186 doLayout(job, "ChangePwd", jdomDoc); // use the stylesheet
187
188 // mcr_user-ChangePwd.xsl
189 }
190
191 /**
192 * This method handles the "Select" mode. Depending on the privileges of the
193 * current user a list of possible tasks is collected as an XML
194 * representation and forwarded to the LayoutServlet.
195 *
196 * @param job
197 * The MCRServletJob instance
198 * @throws IOException
199 * for java I/O errors.
200 * @throws ServletException
201 * for errors from the servlet engine.
202 */
203 protected void selectTask(MCRServletJob job) throws IOException {
204 // For the moment only tasks possible for all users are presented. But
205 // this is work
206 // in progress. In the future the list of privileges for the current
207 // user will be
208 // checked here and in case he or she has additional privileges this
209 // will be
210 // forwarded to the presentation layer (i.e. XSL stylesheets).
211 org.jdom.Document jdomDoc = createJdomDocBase(job);
212 doLayout(job, "SelectTask", jdomDoc); // use the stylesheet
213
214 // mcr_user-SelectTask.xsl
215 }
216
217 /**
218 * This method handles the "ShowUser" mode. The current user is retrieved
219 * from the user manager and its XML representation is forwarded to the
220 * LayoutServlet.
221 *
222 * @param job
223 * The MCRServletJob instance
224 * @throws IOException
225 * for java I/O errors.
226 * @throws ServletException
227 * for errors from the servlet engine.
228 */
229 protected void showUser(MCRServletJob job) throws IOException {
230 // Get the MCRSession object for the current thread from the session
231 // manager.
232 MCRSession mcrSession = MCRSessionMgr.getCurrentSession();
233 String currentUser = mcrSession.getCurrentUserID();
234
235 org.jdom.Document jdomDoc = createJdomDocBase(job);
236 org.jdom.Element root = jdomDoc.getRootElement();
237
238 MCRUser user = MCRUserMgr.instance().retrieveUser(currentUser);
239 root.addContent(user.toJDOMElement());
240
241 doLayout(job, "Metadata", jdomDoc); // use the stylesheet
242
243 // mcr_user-Metadata.xsl
244 }
245
246 /**
247 * creates a jdom document with elements needed by all modes this servlet
248 * can run.
249 *
250 * @param job
251 * The MCRServletJob instance
252 * @return jdom document
253 */
254 protected org.jdom.Document createJdomDocBase(MCRServletJob job) {
255 // Get the MCRSession object for the current thread from the session
256 // manager.
257 String backto_url = null;
258 String url = job.getRequest().getParameter("url");
259 if (url != null && url.trim().length() > 0) {
260 backto_url = url.trim();
261 }
262
263 org.jdom.Element root = new org.jdom.Element("mcr_user");
264 org.jdom.Document jdomDoc = new org.jdom.Document(root);
265
266 root.addContent(new org.jdom.Element("guest_id").addContent(GUEST_ID));
267 root.addContent(new org.jdom.Element("guest_pwd").addContent(GUEST_PWD));
268 root.addContent(new org.jdom.Element("backto_url").addContent(backto_url));
269
270 return jdomDoc;
271 }
272
273 /**
274 * Gather information about the XML document to be shown and the
275 * corresponding XSLT stylesheet and redirect the request to the
276 * LayoutServlet
277 *
278 * @param job
279 * The MCRServletJob instance
280 * @param style
281 * String value to select the correct XSL stylesheet
282 * @param jdomDoc
283 * The XML representation to be presented by the LayoutServlet
284 * @throws ServletException
285 * for errors from the servlet engine.
286 * @throws IOException
287 * for java I/O errors.
288 */
289 protected void doLayout(MCRServletJob job, String style, Document jdomDoc) throws IOException {
290 job.getRequest().setAttribute("XSL.Style", style);
291 getLayoutService().doLayout(job.getRequest(), job.getResponse(), jdomDoc);
292 }
293 }