org.josso.selfservices.password.LostPasswordAction.java Source code

Java tutorial

Introduction

Here is the source code for org.josso.selfservices.password.LostPasswordAction.java

Source

/*
 * JOSSO: Java Open Single Sign-On
 *
 * Copyright 2004-2009, Atricore, Inc.
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, write to the Free
 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 *
 */

package org.josso.selfservices.password;

import org.apache.struts.action.*;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.logging.Log;
import org.josso.gateway.SSOContext;
import org.josso.gateway.SSOException;
import org.josso.selfservices.password.lostpassword.Constants;
import org.josso.selfservices.password.lostpassword.LostPasswordProcessState;
import org.josso.selfservices.password.lostpassword.LostPasswordUrlProvider;
import org.josso.selfservices.ChallengeResponseCredential;
import org.josso.selfservices.ProcessRequest;
import org.josso.selfservices.ProcessResponse;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.util.*;

/**
 * @author <a href="mailto:sgonzalez@josso.org">Sebastian Gonzalez Oyuela</a>
 * @version $Id: LostPasswordAction.java 974 2009-01-14 00:39:45Z sgonzalez $
 */
public class LostPasswordAction extends SelfServicesBaseAction {

    public static final String JOSSO_CMD_CONFIRM_PASSWORD = "confirmPwd";

    public static final String JOSSO_CMD_LOST_PASSWORD = "lostPwd";

    public static final String PARAM_JOSSO_CMD = "josso_cmd";

    public static final String PARAM_JOSSO_PROCESS_ID = "josso_pidId";

    public static final String ATTR_LAST_PROCESS_RESPONSE = "org.josso.selfservices.lostpassword.processResponse";

    private static Log log = LogFactory.getLog(LostPasswordAction.class);

    @Override
    public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request,
            HttpServletResponse response) throws Exception {

        // We need the seccurity domain !!!
        prepareContext(request);

        String josso_cmd = getSSOCmd(request);

        SSOContext ctx = SSOContext.getCurrent();
        PasswordManagementService pwdService = ctx.getSecurityDomain().getPasswordManager();

        HttpSession session = request.getSession();

        // ProcessResponse previousProcessResponse = null;

        try {

            String processId = null;

            // We are starting a new lost password process.
            if (josso_cmd != null && josso_cmd.equals(JOSSO_CMD_LOST_PASSWORD)) {

                log.debug("Initializing lost password process");
                ProcessResponse pr = pwdService.startProcess("josso-simple-lostpassword");
                processId = pr.getProcessId();

                // Register a new url provider for this process
                final String pid = pr.getProcessId();
                final String baseUrl = request.getScheme() + "://" + request.getHeader("Host")
                        + request.getContextPath() + mapping.findForward("requestConfirmPassword").getPath()
                        + "?josso_cmd=" + JOSSO_CMD_CONFIRM_PASSWORD;

                // This will create a URL that will 
                LostPasswordUrlProvider lostPaswordUrlProvider = new LostPasswordUrlProvider() {
                    public String provideResetUrl(String passwordAssertionId) {
                        return baseUrl + "&" + PARAM_JOSSO_PROCESS_ID + "=" + pid + "&" + "josso_"
                                + Constants.CHALLENGE_PWD_ASSERTION_ID + "=" + passwordAssertionId;
                    }
                };

                pwdService.register(processId, Constants.EXT_URL_PROVIDER, lostPaswordUrlProvider);

                // Store process state and render view
                log.debug("Process First Step (forward) : " + pr.getNextStep());
                session.setAttribute(ATTR_LAST_PROCESS_RESPONSE, pr);

                return mapping.findForward(pr.getNextStep());

            }

            // We are processing a request for a running process.
            ProcessResponse pr = (ProcessResponse) session.getAttribute(ATTR_LAST_PROCESS_RESPONSE);
            if (pr == null) {
                processId = request.getParameter(PARAM_JOSSO_PROCESS_ID);
                if (log.isDebugEnabled())
                    log.debug("Using process id [" + processId + "] from session");

            } else {

                processId = pr.getProcessId();

                if (log.isDebugEnabled())
                    log.debug("Using process id [" + processId + "] from request");
            }

            // Move the process to the next step !

            ProcessRequest processRequest = pwdService.createRequest(processId);
            ChallengeResponseCredential[] challenges = fillChallengeResponses(
                    (LostPasswordProcessState) pwdService.getProcessState(processId), form, request);
            processRequest.setAttribute(Constants.ATTR_CHALLENGES, challenges);

            ProcessResponse processResponse = pwdService.handleRequest(processRequest);
            session.setAttribute(ATTR_LAST_PROCESS_RESPONSE, processResponse);

            log.debug("Process Next Step (forward) : " + processResponse.getNextStep() + ". Final "
                    + processResponse.isNextStepFinal());

            if (processResponse.getNextStep().equals(Constants.STEP_FATAL_ERROR)
                    && processResponse.getAttribute("error") != null) {
                ActionErrors errors = new ActionErrors();
                errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("sso.error",
                        ((Exception) processResponse.getAttribute("error")).getMessage()));
                saveErrors(request, errors);

            }

            return mapping.findForward(processResponse.getNextStep());

        } catch (Exception e) {

            log.error("Error recovering password : " + e.getMessage(), e);
            request.setAttribute("error", e);

            // logs the error
            ActionErrors errors = new ActionErrors();
            errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("sso.error", e.getMessage()));
            saveErrors(request, errors);

            return mapping.findForward("fatalError");
        }

    }

    protected ChallengeResponseCredential[] fillChallengeResponses(LostPasswordProcessState state, ActionForm form,
            HttpServletRequest request) {

        List<ChallengeResponseCredential> respondedChallenges = new ArrayList<ChallengeResponseCredential>();

        // Check request parameter values:
        HttpSession session = request.getSession();
        ProcessResponse previousProcessResponse = (ProcessResponse) session
                .getAttribute(ATTR_LAST_PROCESS_RESPONSE);

        Set<ChallengeResponseCredential> challenges = state.getChallenges();
        if (challenges == null || challenges.size() == 0) {
            if (log.isDebugEnabled())
                log.debug("No challenges requested");

            return null;
        }

        // Fill challenges
        for (ChallengeResponseCredential challenge : state.getChallenges()) {

            String challengeId = challenge.getId();

            // Try to recover challenge response from http request parameter
            String challengeResponse = request.getParameter(challengeId);
            if (challengeResponse == null) {
                // try with the prefix
                challengeResponse = request.getParameter("josso_" + challengeId);
            }

            // Try to recover challenge response from DynaActionForm

            if (challengeResponse == null && form instanceof DynaActionForm) {
                DynaActionForm dForm = (DynaActionForm) form;
                try {
                    challengeResponse = (String) dForm.get(challengeId);
                } catch (IllegalArgumentException e) {
                    log.debug("Form does not have field " + challengeId);
                }
                if (challengeResponse == null)
                    try {
                        challengeResponse = (String) dForm.get("josso_" + challengeId);
                    } catch (IllegalArgumentException e) {
                        log.debug("Form does not have field " + challengeId);
                    }
            }

            if (challengeResponse != null) {
                if (log.isDebugEnabled())
                    log.debug("Found response for challenge : " + challengeId);
                challenge.setResponse(challengeResponse);
                respondedChallenges.add(challenge);
            }
        }

        return respondedChallenges.toArray(new ChallengeResponseCredential[respondedChallenges.size()]);

    }

    /**
     * Gets the received SSO Command. If command is empty (""), returns null.
     */
    protected String getSSOCmd(HttpServletRequest request) {
        String cmd = request.getParameter(PARAM_JOSSO_CMD);
        if ("".equals(cmd))
            cmd = null;
        return cmd;
    }

}