[Struts-cvs] dialogs/src/net/jspcontrols/dialogs/samples/wizard/accounts UserAccounts.java,NONE,1.1

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/struts/dialogs/src/net/jspcontrols/dialogs/samples/wizard/accounts
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv20952/src/net/jspcontrols/dialogs/samples/wizard/accounts

Added Files:
	UserAccounts.java 
Log Message:

--- NEW FILE: UserAccounts.java ---
/*
 * Copyright 2004-2005 Michael Jouravlev.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package net.jspcontrols.dialogs.samples.wizard.accounts;

import javax.servlet.http.HttpSession;
import javax.servlet.ServletContext;
import java.util.ArrayList;
import java.util.Iterator;

/**
 * This class manages user login, logout, and validation. It also stores
 * user accounts in the servlet context (this is just a demo).
 *
 * @author Michael Jouravlev
 */
public class UserAccounts {

    /**
     *  Maximum number of user accounts
     */
    public static final int MAX_ACCOUNTS = 1000;

    /**
     * Key to store user accounts in the servlet context
     */
    private static final String USERACCOUNT_KEY = "login.useraccounts";

    /**
     * Key to store user login name in the session
     */
    private static final String LOGIN_KEY = "login.username";

    /**
     * Check if login name/password combination is registered.
     *
     * @param loginInfo  existing user accounts, in real application would be
     *                   loaded from database.
     * @param name       user name to check
     * @param pwd        user password to check
     * @param newSignup  true if registering new account, in this case
     *                   password do not need to be validated against
     *                   existing user account.
     *
     * @return true if name exists and password matches existing password
     *         (if checking existing account); false otherwise.
     */
    static private boolean findUserName(ArrayList loginInfo,
                                        String name,
                                        String pwd,
                                        boolean newSignup) {
        // TODO: Use map instead of arraylist
        boolean pwdOK = false;
        if (loginInfo != null && loginInfo.size() > 0) {
            Iterator itLogin = loginInfo.iterator();
            while (itLogin.hasNext()) {
                String[] nameAndPwd = (String[]) itLogin.next();
                /*
                 * For new signup password must simply exist, for login
                 * password must match the password in existing account.
                 */
                pwdOK = newSignup ?
                        pwd != null :
                        pwd != null && pwd.equals(nameAndPwd[1]);

                if (name != null && name.equals(nameAndPwd[0]) && pwdOK) {
                    return true;
                }
            }
        }
        return false;
    }

    static public boolean checkNameOnSignup(HttpSession session,
                                            String name,
                                            String password) {
        // Login information is stored in servlet context
        ServletContext context = session.getServletContext();
        ArrayList globalLoginInfo = getLoginInfo(context);

        // User is already defined
        return !findUserName(globalLoginInfo, name, password, true);
    }

    /**
     * Adds a new user and returns error status
     *
     * @param session   used to obtain servlet context where this demo
     *                  stores user accounts
     * @param name      new user name
     * @param password  user's password
     * @param securityAnswerId  user's favorite book
     * @param securityAnswer  user's favorite movie
     *
     * @return          true if added successfully, false otherwise
     */
    synchronized static public boolean addUser(HttpSession session,
                                               String name,
                                               String password,
                                               int securityAnswerId,
                                               String securityAnswer,
                                               boolean keepLoggedIn) {

        String strAnswerId = Integer.toString(securityAnswerId);

        // Storing login information as array in the login map
        String[] newLogin = new String[] {name, password, strAnswerId, securityAnswer};

        // Login information is stored in servlet context
        ServletContext context = session.getServletContext();
        ArrayList globalLoginInfo = getLoginInfo(context);

        // User is already defined
        if (findUserName(globalLoginInfo, name, password, true)) {
            return false;
        }

        // Store login name/password for a new user
        globalLoginInfo.add(newLogin);
        context.setAttribute(USERACCOUNT_KEY, globalLoginInfo);

        // Set user name in the session, effectively logging the user in.
        // User page scriptlet checks this session attribute before
        // displaying user home page.
        if (keepLoggedIn) {
            session.setAttribute(LOGIN_KEY, name);
        }

        return true;
    }

    private static ArrayList getLoginInfo(ServletContext context) {
        ArrayList globalLoginInfo =
            (ArrayList) context.getAttribute(USERACCOUNT_KEY);

        /*
         * If no user accounts defined, create a new one. Also, clear all
         * accounts from the servlet context when too much users registered
         */
        if (globalLoginInfo == null || globalLoginInfo.size() > MAX_ACCOUNTS) {
            globalLoginInfo = new ArrayList();
        }
        return globalLoginInfo;
    }

    /**
     * Tries to log the user in
     *
     * @param session   session object where user login is stored
     * @param name      user name
     * @param password  user password
     *
     * @return          true if logged in successfully, false otherwise
     */
    synchronized public static boolean login(HttpSession session,
                                             String name,
                                             String password) {

        /*
         * Clear any previous login information in the session,
         * so if login is unsuccessful, a user would be logged out.
         */
        session.removeAttribute(LOGIN_KEY);

        /*
         * Load existing name/password combinations from storage
         */
        ArrayList globalLoginInfo =
                (ArrayList) session.getServletContext().getAttribute(
                        USERACCOUNT_KEY
                );

        /*
         * Search for defined name/password. If found, set
         * user name in the session, effectively logging the user in.
         */
        if (findUserName(globalLoginInfo, name, password, false)) {
            session.setAttribute(LOGIN_KEY, name);
            return true;
        } else {
            return false;
        }
    }

    /**
     * Logs the user out
     * @param session  session object where user login is stored
     */
    synchronized public static void logout(HttpSession session) {
        session.removeAttribute(LOGIN_KEY);
    }

    /**
     * Returns the name of currently logged in user
     * @return the name of current user
     */
    synchronized public static String currentUser(HttpSession session) {
        return (String) session.getAttribute(LOGIN_KEY);
    }
}