2 * Copyright (C) 2016 - 2018 Free Software Foundation
4 * This program is free software: you can redistribute it and/or modify
5 * it under the terms of the GNU Affero General Public License as
6 * published by the Free Software Foundation, either version 3 of the
7 * License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU Affero General Public License for more details.
14 * You should have received a copy of the GNU Affero General Public License
15 * along with this program. If not, see <http://www.gnu.org/licenses/>.
17 package org.mxchange.juserlogincore.model.user.login;
19 import java.text.MessageFormat;
21 import javax.ejb.Stateless;
22 import org.mxchange.jjobs.beans.ejb.BaseJobsEnterpriseBean;
23 import org.mxchange.jusercore.exceptions.UserNotFoundException;
24 import org.mxchange.jusercore.exceptions.UserStatusLockedException;
25 import org.mxchange.jusercore.exceptions.UserStatusUnconfirmedException;
26 import org.mxchange.jusercore.model.user.User;
27 import org.mxchange.jusercore.model.user.UserSessionBeanRemote;
28 import org.mxchange.jusercore.model.user.status.UserAccountStatus;
29 import org.mxchange.juserlogincore.container.login.LoginContainer;
30 import org.mxchange.juserlogincore.exceptions.UserPasswordMismatchException;
31 import org.mxchange.juserlogincore.login.UserLoginUtils;
34 * A session EJB for user logins
36 * @author Roland Häder<roland@mxchange.org>
38 @Stateless (name = "userLogin", description = "A bean handling the user login for Jobs project")
39 public class JobsUserLoginSessionBean extends BaseJobsEnterpriseBean implements UserLoginSessionBeanRemote {
44 private static final long serialVersionUID = 21_785_978_127_581_965L;
50 private UserSessionBeanRemote userBean;
55 public JobsUserLoginSessionBean () {
56 // Call super constructor
61 public User validateUserAccountStatus (final LoginContainer container) throws UserNotFoundException, UserStatusLockedException, UserStatusUnconfirmedException, UserPasswordMismatchException {
63 this.getLoggerBeanLocal().logTrace(MessageFormat.format("{0}.loginUser: container={1} - CALLED!", this.getClass().getSimpleName(), container)); //NOI18N
65 // user should not be null
66 if (null == container) {
68 throw new NullPointerException("container is null"); //NOI18N
69 } else if (container.getUser() == null) {
71 throw new NullPointerException("container.user is null"); //NOI18N
72 } else if (container.getUserPassword() == null) {
74 throw new NullPointerException("container.userPassword is null"); //NOI18N
75 } else if (container.getUserPassword().isEmpty()) {
76 // Empty password is not allowed, hardcoded.
77 throw new IllegalArgumentException("container.userPassword is empty"); //NOI18N
80 // Is the account there?
81 if (!this.userBean.isUserNameRegistered(container.getUser())) {
83 throw new UserNotFoundException(container.getUser());
86 // Get user instance from persistance
87 // @TODO Rewrite this to use JCache instead
88 final User updatedUser = this.userBean.fillUserData(container.getUser());
91 this.getLoggerBeanLocal().logDebug(MessageFormat.format("loginUser: updatedUser={0}", updatedUser)); //NOI18N
93 // Is the user account unconfirmed?
94 if (updatedUser.getUserAccountStatus().equals(UserAccountStatus.UNCONFIRMED)) {
96 throw new UserStatusUnconfirmedException(container.getUser());
97 } else if (updatedUser.getUserAccountStatus().equals(UserAccountStatus.LOCKED)) {
99 throw new UserStatusLockedException(container.getUser());
100 } else if (!this.isPasswordMatching(container, updatedUser)) {
101 // Not matcing passwords
102 throw new UserPasswordMismatchException(container.getUser());
106 this.getLoggerBeanLocal().logTrace(MessageFormat.format("{0}.loginUser: updatedUser={1} - EXIT!", this.getClass().getSimpleName(), updatedUser)); //NOI18N
113 * Checks if password matches of both instances. Both user instances must
114 * not match, the first one is the one from the calling bean/controller, the
115 * second is the from database.
117 * @param container Container instance holding the user instance and
118 * clear-text password
119 * @param updatedUser Updated user instance found for given user name
121 * @return Whether the password matches
123 private boolean isPasswordMatching (final LoginContainer container, final User updatedUser) {
124 // First math both instances
125 if (null == container) {
127 throw new NullPointerException("container is null"); //NOI18N
128 } else if (null == updatedUser) {
130 throw new NullPointerException("updatedUser is null"); //NOI18N
131 } else if (container.getUser().equals(updatedUser)) {
132 // Both same instance!
133 throw new IllegalArgumentException(MessageFormat.format("container.user matches updatedUser: {0}", container.getUser())); //NOI18N
136 // Is it the same same password?
137 return UserLoginUtils.ifPasswordMatches(container, updatedUser);