I must be missing something.
In JloginUser the doPerform method catches LoginException doPerform(*) returns in the Exception block. I do not see how the code at the bottom of the doPerform method is executed. It looks like if the user is not logged in, the code:
if (JetspeedSecurity.isDisableAccountCheckEnabled())
{
boolean disabled = JetspeedSecurity.checkDisableAccount(data.getParameters().getString("username", ""));
is not called Jeff ===
public void doPerform( RunData rundata ) throws Exception { JetspeedRunData data = (JetspeedRunData)rundata;
String username = data.getParameters().getString("username", ""); String password = data.getParameters().getString("password", "");
boolean newUserApproval = JetspeedResources.getBoolean("newuser.approval.enable", false);
String secretkey = (String) data.getParameters().getString("secretkey", null);
if ( secretkey != null )
{
// its the first logon - we are verifying the secretkey
// handle the buttons on the ConfirmRegistration page String button1 = data.getParameters().getString ( "submit1", null ); if ( button1 != null && button1.equalsIgnoreCase("Cancel") ) { data.setScreenTemplate(TurbineTemplate.getDefaultScreen()); return; }
// check to make sure the user entered the right confirmation key // if not, then send them to the ConfirmRegistration screen JetspeedUser user = JetspeedSecurity.getUser(username);
if (user == null)
{
logger.warn("JLogin User: Unexpected condition : user is NULL");
return;
}
String confirm_value = user.getConfirmed();
if ( ! secretkey.equals ( confirm_value ) && ! confirm_value.equals ( JetspeedResources.CONFIRM_VALUE ) )
{
if ( newUserApproval )
{
data.setMessage(Localization.getString(rundata, "JLOGINUSER_KEYNOTVALID"));
data.setScreenTemplate("NewUserAwaitingAcceptance");
return;
}
else
{
if ( user.getConfirmed().equals(JetspeedResources.CONFIRM_VALUE_REJECTED))
{
data.setMessage(Localization.getString(rundata, "JLOGINUSER_KEYNOTVALID"));
data.setScreenTemplate("NewUserRejected");
return;
}
else
{
data.setMessage(Localization.getString(rundata, "JLOGINUSER_KEYNOTVALID"));
data.setScreenTemplate("ConfirmRegistration");
return;
}
}
}
user.setConfirmed( JetspeedResources.CONFIRM_VALUE ); data.setMessage (Localization.getString(rundata, "JLOGINUSER_WELCOME")); JetspeedSecurity.saveUser(user); }
JetspeedUser user = null; try { user = JetspeedSecurity.login(username, password); JetspeedSecurity.saveUser(user); } catch (LoginException e) { data.setScreenTemplate(JetspeedResources.getString(TurbineConstants.TEMPLATE_LOGIN)); String message = e.getMessage() != null ? e.getMessage() : e.toString(); data.setMessage(message); data.setUser(JetspeedSecurity.getAnonymousUser()); data.getUser().setHasLoggedIn(new Boolean (false) );
if (e instanceof FailedLoginException)
{
logger.info("JLoginUser: Credential Failure on login for user: " + username);
data.setMessage(Localization.getString(rundata, "PASSWORDFORM_FAILED_MSG"));
}
else if (e instanceof AccountExpiredException)
{
logger.info("JLoginUser: Account Expired for user " + username);
}
else if (e instanceof CredentialExpiredException)
{
logger.info("JLoginUser: Credentials expired for user: " + username);
data.setScreenTemplate(
JetspeedResources.getString(JetspeedResources.CHANGE_PASSWORD_TEMPLATE, "ChangePassword")
);
data.setMessage(Localization.getString(rundata, "PASSWORDFORM_EXPIRED_MSG"));
data.getParameters().setString("username", username);
}
return;
}
catch (Throwable other)
{
data.setScreenTemplate(JetspeedResources.getString(TurbineConstants.TEMPLATE_ERROR));
String message = other.getMessage() != null ? other.getMessage() : other.toString();
data.setMessage(message);
data.setStackTrace(org.apache.turbine.util.StringUtils.stackTrace(other), other);
JetspeedUser juser = new FakeJetspeedUser(JetspeedSecurity.getAnonymousUserName(), false);
data.setUser(juser);
return;
}
if (user.getDisabled())
{
data.setMessage(Localization.getString(rundata, "JLOGINUSER_ACCOUNT_DISABLED"));
data.setScreenTemplate(JetspeedResources.getString("logon.disabled.form"));
data.getUser().setHasLoggedIn(new Boolean (false) );
return;
}
// check for being confirmed before allowing someone to finish logging in
if ( data.getUser().hasLoggedIn())
{
if (JetspeedSecurity.isDisableAccountCheckEnabled())
{
// dst: this needs some refactoring. I don't believe this api is necessary
JetspeedSecurity.resetDisableAccountCheck(data.getParameters().getString("username", ""));
}
String confirmed = data.getUser().getConfirmed();
if (confirmed == null || !confirmed.equals(JetspeedResources.CONFIRM_VALUE ))
{
if (confirmed != null && confirmed.equals(JetspeedResources.CONFIRM_VALUE_REJECTED))
{
data.setMessage(Localization.getString(rundata, "JLOGINUSER_KEYNOTVALID"));
data.setScreenTemplate("NewUserRejected");
data.getUser().setHasLoggedIn(new Boolean (false) );
return;
}
else
{
data.setMessage(Localization.getString(rundata, "JLOGINUSER_CONFIRMFIRST"));
data.setScreenTemplate("ConfirmRegistration");
data.getUser().setHasLoggedIn(new Boolean (false) );
return;
}
}
// user has logged in successfully at this point
boolean automaticLogonEnabled = JetspeedResources.getBoolean("automatic.logon.enable", false);
if (automaticLogonEnabled)
{
//Does the user want to use this facility?
boolean userRequestsRememberMe = data.getParameters().getBoolean("rememberme",false);
if (userRequestsRememberMe)
{
//save cookies on the users machine.
int maxage = JetspeedResources.getInt("automatic.logon.cookie.maxage",-1);
String comment = JetspeedResources.getString("automatic.logon.cookie.comment","");
String domain = JetspeedResources.getString("automatic.logon.cookie.domain");
String path = JetspeedResources.getString("automatic.logon.cookie.path","/");
if (domain == null) { String server = data.getServerName(); domain = "." + server; }
String loginCookieValue = null;
if ( JetspeedResources.getString("automatic.logon.cookie.generation","everylogon").equals("everylogon") )
{
loginCookieValue = ""+Math.random();
data.getUser().setPerm("logincookie",loginCookieValue);
JetspeedSecurity.saveUser( data.getJetspeedUser() );
}
else
{
loginCookieValue = (String)data.getUser().getPerm("logincookie");
if (loginCookieValue == null || loginCookieValue.length() == 0)
{
loginCookieValue = ""+Math.random();
data.getUser().setPerm("logincookie",loginCookieValue);
JetspeedSecurity.saveUser( data.getJetspeedUser() );
}
}
Cookie userName = new Cookie("username",data.getUser().getUserName()); Cookie loginCookie = new Cookie("logincookie",loginCookieValue);
userName.setMaxAge(maxage); userName.setComment(comment); userName.setDomain(domain); userName.setPath(path);
loginCookie.setMaxAge(maxage); loginCookie.setComment(comment); loginCookie.setDomain(domain); loginCookie.setPath(path);
data.getResponse().addCookie(userName); data.getResponse().addCookie(loginCookie);
}
}
}
else
{
// disable user after a configurable number of strikes
if (JetspeedSecurity.isDisableAccountCheckEnabled())
{
boolean disabled = JetspeedSecurity.checkDisableAccount(data.getParameters().getString("username", ""));
if (disabled)
{
data.setMessage(Localization.getString(rundata, "JLOGINUSER_ACCOUNT_DISABLED"));
data.setScreenTemplate(JetspeedResources.getString("logon.disabled.form"));
data.getUser().setHasLoggedIn(new Boolean (false) );
}
}
}
}
David Sean Taylor wrote:
On Wednesday, January 7, 2004, at 07:00 AM, Jeff Marshall wrote:
Hi,I know this feature worked last time I checked.
I have tried multiple installs of jetspeed 1.4 and I cannot get the logon disable function to work.
We are using tomcat 4.1.24 and tomcat 5 with Jetspeed 1.4
JetspeedSecurity.properties looks like this:
# Auto-Account-Disable Feature services.JetspeedSecurity.logon.auto.disable = true
# 3 logon strikes per 300 seconds and your out services.JetspeedSecurity.logon.strike.count=3 services.JetspeedSecurity.logon.strike.interval=300 # dont allow more than 10 over any time period services.JetspeedSecurity.logon.strike.max=10
Anyone have any ideas?
Which file did you edit? Did you edit the file directly in your deployment? I've had problems with that because of all the crazy merging going on
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]