Login.java

Go to the documentation of this file.

/*
 * Project: Server for annotations sharing
 * Author: Ing. Jaroslav Dytrych idytrych@fit.vutbr.cz
 * File: Login.java
 * Description: Backbean for login page
 */

/**
 * @file Login.java
 *
 * @brief Backbean for login page
 */

package cz.vutbr.fit.knot.annotations.web;

import cz.vutbr.fit.knot.annotations.app.AppBean;
import cz.vutbr.fit.knot.annotations.app.Constants;
import cz.vutbr.fit.knot.annotations.app.PersistM;
import cz.vutbr.fit.knot.annotations.comet.MessageProcessor;
import cz.vutbr.fit.knot.annotations.entity.User;
import java.io.Serializable;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.faces.bean.ManagedBean;
import javax.faces.bean.SessionScoped;

/**
 * Backbean for login page
 *
 * @brief Backbean for login page
 * @author idytrych
 */
@ManagedBean
@SessionScoped
public class Login implements Serializable {

  /**
   * Value of login field in login form
   */
  private String login = "";
  /**
   * Value of password field in login form
   */
  private String password = "";
  /**
   * Indicator, whether bad credentials has been entered
   */
  private boolean badCredentials = false;

  /**
   * Action listener for login button
   *
   * @return Returns page outcome (identificator of next page or null to stay here)
   */
  public String btnLoginAction() {
    User user = null;
    AppBean.getInstance();
    PersistM persistMan = AppBean.getPersistenceManager();
    if (login == null) {  // null is a same as not set
      login = "";
    }
    if (password == null) {
      password = "";
    }
    if (login.isEmpty() || password.isEmpty()) {  // if login or password is not set
        badCredentials = true;
      return null;
    } else {  // if credentials are set

      // compute MD5 of password
      MessageDigest md5;
      String hash = "";
      try {
        md5 = MessageDigest.getInstance("MD5");
        md5.update(password.getBytes());
        hash = MessageProcessor.getHexString(md5.digest());
      } catch (NoSuchAlgorithmException ex) {
        badCredentials = true;
        if (Constants.LOG_LEVEL >= Constants.LOG_LEVEL_SERVER_ERRORS) {
          String msg = "NoSuchAlgorithmException for computing MD5.";
          Logger.getLogger(SelectAT.class.getName()).log(Level.SEVERE, msg, ex);
        }
        return null;
      }

      // query database for user (find by login and password)
      Object[] params = new Object[4];
      params[0] = "login";
      params[1] = login;
      params[2] = "password";
      params[3] = hash;  // use MD5 of sent password
      List uList = persistMan.queryDB("User.findByCredentials", params);
      if (uList != null && !uList.isEmpty()) {  // if user was found
        user = (User) uList.get(0);
      }

      if (user == null) {  // user wasn't found, possible insecure login
        // query database for user (find by login and password)
        params[3] = password;
        uList = persistMan.queryDB("User.findByCredentials", params);
        if (uList != null && !uList.isEmpty()) {  // if user was found
          user = (User) uList.get(0);
        }
      }

      if (user == null) {  // user wasn't found - bad credentials
        badCredentials = true;
        return null;
      } else {
        WebSession session = SessionManager.getSession();
        session.setLoggedUser(user);
      }
    }  // if credentials are set
    badCredentials = false;

    // go to index page
    Menu menuBean = (Menu) SessionManager.getBeanByName("menu");
    menuBean.setActualPage("index");
    return "index";
  }  // btnLoginAction()

  /**
   * Gets value of login field in login form
   *
   * @return Returns value of login field in login form
   */
  public String getLogin() {
    return login;
  }

  /**
   * Sets value of login field in login form
   *
   * @param login Value of login field in login form
   */
  public void setLogin(String login) {
    this.login = login;
  }

  /**
   * Gets value of password field in login form
   *
   * @return Returns Value of password field in login form
   */
  public String getPassword() {
    return password;
  }

  /**
   * Sets value of password field in login form
   *
   * @param password Value of password field in login form
   */
  public void setPassword(String password) {
    this.password = password;
  }

  /**
   * Gets message for user, if bad credentials has been entered
   *
   * @return If bad credentials has been entered, returns message for user, empty string otherwise
   */
  public String getCredentialsError() {
    if (badCredentials) {
      return MessageProvider.getMessage("badCredentials");
    } else {
      return "";
    }
  }

  /**
   * Gets indicator, whether bad credentials has been entered
   *
   * @return If bad credentials has been entered, returns true, false otherwise
   */
  public boolean getBadCredentials() {
    return badCredentials;
  }

  /**
   * Sets, whether bad credentials has been entered
   *
   * @param badCredentials If bad credentials has been entered, then true, false otherwise
   */
  public void setBadCredentials(boolean badCredentials) {
    this.badCredentials = badCredentials;
  }
  
  /** 
   * Creates a new instance of Login bean
   */
  public Login() {
  }
  
}  // public class Login