+++ /dev/null
-/*
- * Copyright (C) 2016 - 2022 Free Software Foundation
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-package org.mxchange.juserlogincore.model.user.login;
-
-import java.text.MessageFormat;
-import javax.ejb.EJB;
-import javax.ejb.Stateless;
-import org.mxchange.addressbook.enterprise.BaseAddressbookEnterpriseBean;
-import org.mxchange.jusercore.exceptions.UserNotFoundException;
-import org.mxchange.jusercore.exceptions.UserStatusLockedException;
-import org.mxchange.jusercore.exceptions.UserStatusUnconfirmedException;
-import org.mxchange.jusercore.model.user.User;
-import org.mxchange.jusercore.model.user.UserSessionBeanRemote;
-import org.mxchange.jusercore.model.user.status.UserAccountStatus;
-import org.mxchange.juserlogincore.container.login.LoginContainer;
-import org.mxchange.juserlogincore.exceptions.UserPasswordMismatchException;
-import org.mxchange.juserlogincore.login.UserLoginUtils;
-
-/**
- * A session EJB for user logins
- * <p>
- * @author Roland Häder<roland@mxchange.org>
- */
-@Stateless (name = "userLogin", description = "A bean handling the application-specific user login")
-public class AddressbookUserLoginSessionBean extends BaseAddressbookEnterpriseBean implements UserLoginSessionBeanRemote {
-
- /**
- * Serial number
- */
- private static final long serialVersionUID = 21_785_978_127_581_965L;
-
- /**
- * User EJB
- */
- @EJB (lookup = "java:global/addressbook-ejb/user!org.mxchange.jusercore.model.user.UserSessionBeanRemote")
- private UserSessionBeanRemote userBean;
-
- /**
- * Default constructor
- */
- public AddressbookUserLoginSessionBean () {
- // Call super constructor
- super();
- }
-
- @Override
- public User validateUserAccountStatus (final LoginContainer container) throws UserNotFoundException, UserStatusLockedException, UserStatusUnconfirmedException, UserPasswordMismatchException {
- // Trace message
- this.getLoggerBeanLocal().logTrace(MessageFormat.format("{0}.loginUser: container={1} - CALLED!", this.getClass().getSimpleName(), container)); //NOI18N
-
- // user should not be null
- if (null == container) {
- // Abort here
- throw new NullPointerException("container is null"); //NOI18N
- } else if (container.getUser() == null) {
- // NPE again
- throw new NullPointerException("container.user is null"); //NOI18N
- } else if (container.getUserPassword() == null) {
- // And yet again NPE
- throw new NullPointerException("container.userPassword is null"); //NOI18N
- } else if (container.getUserPassword().isEmpty()) {
- // Empty password is not allowed, hardcoded.
- throw new IllegalArgumentException("container.userPassword is empty"); //NOI18N
- }
-
- // Is the account there?
- if (!this.userBean.isUserNameRegistered(container.getUser())) {
- // Not registered
- throw new UserNotFoundException(container.getUser());
- }
-
- // Get user instance from persistance
- // @TODO Rewrite this to use JCache instead
- final User updatedUser = this.userBean.fillUserData(container.getUser());
-
- // Debug message
- this.getLoggerBeanLocal().logDebug(MessageFormat.format("loginUser: updatedUser={0}", updatedUser)); //NOI18N
-
- // Is the user account unconfirmed?
- if (updatedUser.getUserAccountStatus().equals(UserAccountStatus.UNCONFIRMED)) {
- // Is unconfirmed
- throw new UserStatusUnconfirmedException(container.getUser());
- } else if (updatedUser.getUserAccountStatus().equals(UserAccountStatus.LOCKED)) {
- // Is locked
- throw new UserStatusLockedException(container.getUser());
- } else if (!this.isPasswordMatching(container, updatedUser)) {
- // Not matcing passwords
- throw new UserPasswordMismatchException(container.getUser());
- }
-
- // Trace message
- this.getLoggerBeanLocal().logTrace(MessageFormat.format("{0}.loginUser: updatedUser={1} - EXIT!", this.getClass().getSimpleName(), updatedUser)); //NOI18N
-
- // Return it
- return updatedUser;
- }
-
- /**
- * Checks if password matches of both instances. Both user instances must
- * not match, the first one is the one from the calling bean/controller, the
- * second is the from database.
- * <p>
- * @param container Container instance holding the user instance and
- * clear-text password
- * @param updatedUser Updated user instance found for given user name
- * <p>
- * @return Whether the password matches
- */
- private boolean isPasswordMatching (final LoginContainer container, final User updatedUser) {
- // First math both instances
- if (null == container) {
- // Throw NPE
- throw new NullPointerException("container is null"); //NOI18N
- } else if (null == updatedUser) {
- // Throw NPE
- throw new NullPointerException("updatedUser is null"); //NOI18N
- } else if (container.getUser().equals(updatedUser)) {
- // Both same instance!
- throw new IllegalArgumentException(MessageFormat.format("container.user matches updatedUser: {0}", container.getUser())); //NOI18N
- }
-
- // Is it the same same password?
- return UserLoginUtils.ifPasswordMatches(container, updatedUser);
- }
-
-}