2 * Copyright 2010 Electronic Business Systems Ltd.
4 * This file is part of GSS.
6 * GSS is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
11 * GSS is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with GSS. If not, see <http://www.gnu.org/licenses/>.
19 package gr.ebs.gss.server;
21 import static gr.ebs.gss.server.configuration.GSSConfigurationFactory.getConfiguration;
22 import gr.ebs.gss.client.exceptions.DuplicateNameException;
23 import gr.ebs.gss.client.exceptions.ObjectNotFoundException;
24 import gr.ebs.gss.client.exceptions.RpcException;
25 import gr.ebs.gss.server.domain.User;
26 import gr.ebs.gss.server.domain.dto.UserDTO;
27 import gr.ebs.gss.server.ejb.ExternalAPI;
28 import gr.ebs.gss.server.ejb.TransactionHelper;
30 import java.io.IOException;
31 import java.net.URLEncoder;
32 import java.util.concurrent.Callable;
34 import javax.naming.Context;
35 import javax.naming.InitialContext;
36 import javax.naming.NamingException;
37 import javax.rmi.PortableRemoteObject;
38 import javax.servlet.http.HttpServlet;
39 import javax.servlet.http.HttpServletRequest;
40 import javax.servlet.http.HttpServletResponse;
42 import org.apache.commons.logging.Log;
43 import org.apache.commons.logging.LogFactory;
46 * The servlet that handles user registration.
50 public class Registration extends HttpServlet {
52 * The request parameter name for the acceptance flag.
54 private static final String ACCEPT_PARAM = "accept";
57 * The request parameter name for the name.
59 private static final String NAME_PARAM = "name";
62 * The request parameter name for the username.
64 private static final String USERNAME_PARAM = "username";
67 * The request parameter name for the e-mail.
69 private static final String EMAIL_PARAM = "email";
72 * The request parameter name for the password.
74 private static final String PASSWORD_PARAM = "password";
77 * The request parameter name for the password confirmation.
79 private static final String PASSWORD2_PARAM = "password2";
82 * The serial version UID of the class.
84 private static final long serialVersionUID = 1L;
89 private static Log logger = LogFactory.getLog(Registration.class);
92 * A helper method that retrieves a reference to the ExternalAPI bean and
93 * stores it for future use.
95 * @return an ExternalAPI instance
96 * @throws RpcException in case an error occurs
98 private ExternalAPI getService() throws RpcException {
100 final Context ctx = new InitialContext();
101 final Object ref = ctx.lookup(getConfiguration().getString("externalApiPath"));
102 return (ExternalAPI) PortableRemoteObject.narrow(ref, ExternalAPI.class);
103 } catch (final NamingException e) {
104 logger.error("Unable to retrieve the ExternalAPI EJB", e);
105 throw new RpcException("An error occurred while contacting the naming service");
110 public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
111 if (getConfiguration().getBoolean("onlyRegisterWithCode"))
112 response.sendRedirect("invites.jsp");
114 response.sendRedirect("register.jsp");
118 public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException {
119 final String name = request.getParameter(NAME_PARAM);
120 final String email = request.getParameter(EMAIL_PARAM);
121 final String username = request.getParameter(USERNAME_PARAM);
122 String password = request.getParameter(PASSWORD_PARAM);
123 String password2 = request.getParameter(PASSWORD2_PARAM);
124 String accept = request.getParameter(ACCEPT_PARAM);
125 response.setContentType("text/html");
127 // Validate input parameters.
128 if (username == null || username.isEmpty()) {
129 String error = URLEncoder.encode("No username was specified", "UTF-8");
130 String errorUrl = "register.jsp?username=&error=" + error;
131 errorUrl += "&name=" + (name == null? "": name);
132 errorUrl += "&email=" + (email == null? "": email);
133 response.sendRedirect(errorUrl);
135 } else if (name == null || name.isEmpty()) {
136 String error = URLEncoder.encode("No name was specified", "UTF-8");
137 String errorUrl = "register.jsp?name=&error=" + error;
138 errorUrl += "&username=" + username;
139 errorUrl += "&email=" + (email == null? "": email);
140 response.sendRedirect(errorUrl);
142 } else if (email == null || email.isEmpty()) {
143 String error = URLEncoder.encode("No e-mail was specified", "UTF-8");
144 String errorUrl = "register.jsp?email=&error=" + error;
145 errorUrl += "&username=" + username;
146 errorUrl += "&name=" + name;
147 response.sendRedirect(errorUrl);
149 } else if (password == null || password.isEmpty()) {
150 String error = URLEncoder.encode("No password was specified", "UTF-8");
151 String errorUrl = "register.jsp?error=" + error;
152 errorUrl += "&username=" + username;
153 errorUrl += "&name=" + name;
154 errorUrl += "&email=" + email;
155 response.sendRedirect(errorUrl);
157 } else if (!password.equals(password2)) {
158 String error = URLEncoder.encode("Passwords do not match", "UTF-8");
159 String errorUrl = "register.jsp?error=" + error;
160 errorUrl += "&username=" + username;
161 errorUrl += "&name=" + name;
162 errorUrl += "&email=" + email;
163 response.sendRedirect(errorUrl);
165 } else if (!"on".equalsIgnoreCase(accept)) {
166 String error = URLEncoder.encode("You must accept the terms and conditions", "UTF-8");
167 String errorUrl = "register.jsp?error=" + error;
168 errorUrl += "&username=" + username;
169 errorUrl += "&name=" + name;
170 errorUrl += "&email=" + email;
171 response.sendRedirect(errorUrl);
177 user = getService().findUser(username);
179 String error = URLEncoder.encode("The username already exists", "UTF-8");
180 String errorUrl = "register.jsp?username=&error=" + error;
181 errorUrl += "&name=" + name;
182 errorUrl += "&email=" + email;
183 response.sendRedirect(errorUrl);
187 getService().createLdapUser(username, name, email, password);
188 } catch (Exception exc) {
189 String error = "An error occurred while communicating with the Shibboleth IdP";
190 logger.error(error, exc);
191 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, error);
194 final UserDTO userDto = new TransactionHelper<UserDTO>().tryExecute(new Callable<UserDTO>() {
196 public UserDTO call() throws Exception {
197 return getService().createUser(username, name, email, "", "").getDTO();
201 new TransactionHelper<Void>().tryExecute(new Callable<Void>() {
203 public Void call() throws Exception {
204 getService().updateUserPolicyAcceptance(userDto.getId(), true);
209 response.sendRedirect("registered.jsp");
210 } catch (RpcException e) {
211 String error = "An error occurred while communicating with the service";
212 logger.error(error, e);
213 response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, error);
214 } catch (DuplicateNameException e) {
215 // Can't happen, but this is more user-friendly than an assert.
216 String error = URLEncoder.encode("The username already exists", "UTF-8");
217 String errorUrl = "register.jsp?username=&name=&email=&error=" + error;
218 response.sendRedirect(errorUrl);
219 } catch (ObjectNotFoundException e) {
220 // Can't happen, but this is more user-friendly than an assert.
221 String error = URLEncoder.encode("No username or name was specified", "UTF-8");
222 String errorUrl = "register.jsp?username=&name=&email=&error=" + error;
223 response.sendRedirect(errorUrl);
224 } catch (Exception e) {
225 // TODO Auto-generated catch block