LogonCmdImpl

java.lang.Object
- MeasuredCacheableCommandImpl
- - com.ibm.commerce.command.AbstractECTargetableCommand
  - - com.ibm.commerce.command.ControllerCommandImpl
    - - com.ibm.commerce.security.commands.LogonCmdImpl

All Implemented Interfaces:

AccCommand, ControllerCommand, ECCommand, ECTargetableCommand, LogonCmd, Protectable, com.ibm.websphere.command.CacheableCommand, com.ibm.websphere.command.Command, com.ibm.websphere.command.CommandCaller, com.ibm.websphere.command.TargetableCommand, java.io.Serializable

Direct Known Subclasses:

BusinessContextServiceLogonCmdImpl
```
public class LogonCmdImpl
extends ControllerCommandImpl
implements LogonCmd
```
This controller command logs users into the system. If the user is logging in from a guest shopper identity, then it also migrates the guest shopper resources to the new user login identity.

Before executing this task command, the methods listed below must be invoked.
- setLogonId
- setPassword
- setReLogonURL
- setPostLogonURL
Upon successful authentication the user is redirected to the URL specified by the setPostLogonURL. Upon unsuccessful authentication the user is redirected to the URL specified by setReLogonURL.

Field Summary

Fields
Modifier and Type Field and Description

static java.lang.String COPYRIGHT
Copyright field.

static java.lang.String ERRTASK_NAME
Error task name.
- Fields inherited from class com.ibm.commerce.command.ControllerCommandImpl
  requestProperties, responseProperties, retriable, viewReqProperties
- Fields inherited from class com.ibm.commerce.command.AbstractECTargetableCommand
  commandContext
- Fields inherited from interface com.ibm.commerce.security.commands.LogonCmd
  defaultCommandClassName, NAME
- Fields inherited from interface com.ibm.websphere.command.Command
  serialVersionUID

Fields
Modifier and Type	Field and Description
`static java.lang.String`	`COPYRIGHT` Copyright field.
`static java.lang.String`	`ERRTASK_NAME` Error task name.

Constructor Summary

Constructors
Constructor and Description

LogonCmdImpl()

Constructors
Constructor and Description
`LogonCmdImpl()`

Method Summary

Methods
Modifier and Type	Method and Description
`java.lang.String`	`getAuthenticateUserId()` This method retrieves the user ID/i> of the logged in user.
`protected java.lang.String`	`getLogonId()` This method retrieves the logon ID under which the current user wishes to logon.
`protected java.lang.String`	`getLogonPassword()` This method retrieves the password to use for authentication with the new logon ID.
`protected MemberAccessBean`	`getMemberObject()` This method gets the member object.
`protected java.lang.String`	`getPostLogonURL()` This method retrieves the URL to redirect the user after successful authentication.
`protected java.lang.String`	`getReLogonURL()` This method retrieves the URL to redirect the user after unsuccessful authentication.
`protected UserEntriesMigrationEventData`	`getUserEntriesToBeMigrated(java.lang.Long memberId)` This method get the user entries that will be migrated, and returns <@link UserEntriesMigrationEventData> to maintain the user entries to be migrated, which will be used to raise the <@link UserEntriesMigrationEvent>
`protected java.lang.Integer`	`getUserPasswordExpiredFlag()` This method returns the password expiry status of the logged on user.
`protected UserRegistryAccessBean`	`getUserRegistryObject()` This method gets the user registry object.
`protected boolean`	`isAccountDisabled()` This method determines whether or not the account is disabled.
`protected boolean`	`isAnyParentOrgLocked()` This method returns true if any parent organization is locked.
`boolean`	`isGeneric()` This method determines if a generic user is permitted to execute this command.
`protected boolean`	`isLDAPUsed()` Deprecated. in version 6.0, replaced by `MemberHelper.isLDAPUsedForAuthentication()`
`protected boolean`	`isLogonAllowedNow()` This method determines if the user is allowed to logon at this time.
`protected boolean`	`isLogonCompletedSuccessful()` This method returns true if the Logon command completed successfully, returns false if any of the following conditions is true.
`static boolean`	`isPasswordInvalidationEnabled()` Returns true if password invalidation is enabled.
`protected boolean`	`isUserApproved()` This method determines whether or not the user is approved.
`protected boolean`	`isUserRegisteredInOrg()` This method determines whether or not the user has a role in the organization owning the store.
`protected boolean`	`isValidCredentials()` This method authenticates the credential set.
`protected void`	`migrateUserEntries()` This method will migrate 'resources' belonging to the current user to the identity associated with the new user logon ID.
`protected boolean`	`needAssignRole()` This method returns whether we need assign roles to the user.
`void`	`performExecute()` This is the main business logic of the command.
`protected void`	`postLDAPAuthenticationProcessing()` Calls `LDAPIntegrationCmd.postLogonProcessing(com.ibm.commerce.user.objects.UserAccessBean)` to allow extra synchronization between the Commerce database and LDAP if it's needed.
`protected void`	`raiseUserEntriesMigrationEvent()` This method raise the `UserEntriesMigrationEvent`
`protected TypedProperty`	`removeSensitiveDataFromRequestProperties()` Remove sensitive data from request properties so that they will not show up in the `krypto` parameter in the URL.
`void`	`setLogonId(java.lang.String strLogonId)` This method sets the logon ID.
`void`	`setLogonPassword(java.lang.String strPassword)` This method sets the logon password.
`void`	`setPostLogonURL(java.lang.String strPostLoginURL)` This method sets the post logon URL.
`void`	`setReLogonURL(java.lang.String strReLoginURL)` This method sets the relogon URL.
`void`	`setRequestProperties(TypedProperty hshReqParameters)` This method sets the request properties.
`protected void`	`updateCmdContext()` This method switches the current user identity to the identity associated with the login ID supplied to this Logon command.
`void`	`updateLockoutInformation(boolean valid_credentials)` This method updates the lockout information.
`void`	`validateParameters()` This method validates the parameters by ensuring that `reLogonURL` and `postLogonURL` are specified.

Methods inherited from class com.ibm.commerce.command.ControllerCommandImpl
checkPermission, fulfills, getForUserId, getGeneric, getOwner, getRequestProperties, getResolvedRequestProperties, getResourceOwners, getResponseProperties, getRetriable, getViewInputProperties, isRetriable, mergeProperties, setForUserId, setGeneric, setOwner, setResponseProperties, setRetriable, setViewInputProperties

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.ibm.commerce.command.ControllerCommand
checkPermission, execute, getGeneric, getRequestProperties, getResolvedRequestProperties, getResponseProperties, getRetriable, getViewInputProperties, isRetriable, mergeProperties, setGeneric, setRetriable, setViewInputProperties

Methods inherited from interface com.ibm.websphere.command.CacheableCommand
executeFromCache, getCaller, getEntryInfo, getId, getSharingPolicy, postExecute, preExecute, setCaller, updateCache

Methods inherited from interface com.ibm.websphere.command.TargetableCommand
getCommandTarget, getCommandTargetName, hasOutputProperties, setCommandTarget, setCommandTargetName, setOutputProperties

Methods inherited from interface com.ibm.websphere.command.CommandCaller
unionDependencies

Methods inherited from interface com.ibm.commerce.command.AccCommand
accessControlCheck, getAccCheck, getForUserId, getResourceOwners, setAccCheck, setForUserId, setOwner

Methods inherited from interface com.ibm.commerce.command.ECCommand
checkIsAllowed, checkResourcePermission, createCommandExecutionEvent, getCommandContext, getCommandIfName, getCommandName, getCommandStoreId, getDefaultProperties, getExceptionInvokeParameters, getPostInvokeParameters, getPreInvokeParameters, getResources, getStoreId, getUser, getUserId, setCommandContext, setCommandIfName, setCommandStoreId, setDefaultProperties

Methods inherited from interface com.ibm.websphere.command.Command
isReadyToCallExecute, reset

Methods inherited from interface com.ibm.commerce.security.Protectable
fulfills, getOwner

- Field Detail
  - COPYRIGHT
```
public static final java.lang.String COPYRIGHT
```
    Copyright field.
    
    See Also:
    
    Constant Field Values
  - ERRTASK_NAME
```
public static final java.lang.String ERRTASK_NAME
```
    Error task name.
    
    See Also:
    
    Constant Field Values
- Constructor Detail
  - LogonCmdImpl
```
public LogonCmdImpl()
```
- Method Detail
  - isPasswordInvalidationEnabled
```
public static final boolean isPasswordInvalidationEnabled()
```
    Returns true if password invalidation is enabled.
    
    Returns:
    
    true if password invalidation is enabled.
  - getAuthenticateUserId
```
public java.lang.String getAuthenticateUserId()
```
    This method retrieves the user ID/i> of the logged in user.
    
    Specified by:
    
    getAuthenticateUserId in interface LogonCmd
    
    Returns:
    
    The user ID.
  - getLogonId
```
protected java.lang.String getLogonId()
```
    This method retrieves the logon ID under which the current user wishes to logon.
    
    Returns:
    
    The logon ID.
  - getLogonPassword
```
protected java.lang.String getLogonPassword()
```
    This method retrieves the password to use for authentication with the new logon ID.
    
    Returns:
    
    The password.
  - getPostLogonURL
```
protected java.lang.String getPostLogonURL()
```
    This method retrieves the URL to redirect the user after successful authentication.
    
    Returns:
    
    The post login URL.
  - getReLogonURL
```
protected java.lang.String getReLogonURL()
```
    This method retrieves the URL to redirect the user after unsuccessful authentication.
    
    Returns:
    
    The relogin login URL.
  - isAccountDisabled
```
protected boolean isAccountDisabled()
                             throws ECSystemException
```
    This method determines whether or not the account is disabled.
    
    Returns:
    
    True if the account is disabled, otherwise false.
    
    Throws:
    
    ECSystemException
  - isGeneric
```
public boolean isGeneric()
```
    This method determines if a generic user is permitted to execute this command.
    
    Specified by:
    
    isGeneric in interface ControllerCommand
    
    Overrides:
    
    isGeneric in class ControllerCommandImpl
    
    Returns:
    
    True if a generic user can execute this command; always true for this command.
  - isLogonAllowedNow
```
protected boolean isLogonAllowedNow()
```
    This method determines if the user is allowed to logon at this time.
    
    Returns:
    
    True if the user is allowed to logon at this time, otherwise false.
  - isValidCredentials
```
protected boolean isValidCredentials()
                              throws ECException
```
    This method authenticates the credential set. Based on the configuration parameters in the WebSphere Commerce Server configuration file, one of three authentication tasks will be called. The first task will authenticate the user against the WebSphere Commerce Server database, while the second will authenticate the user against LDAP. The third task is left to customers to implement so that third party authentication schemes can be supported. Each authentication tasks require pre-setup tasks to be performed.
    
    Returns:
    
    Returns true if authentication is successful, otherwise false.
    
    Throws:
    
    ECException
    
    See Also:
    
    com.ibm.commerce.security.commands#VerifyCredentialsCmd
  - migrateUserEntries
```
protected void migrateUserEntries()
                           throws ECException
```
    This method will migrate 'resources' belonging to the current user to the identity associated with the new user logon ID. The resources to migrate include addresses, current orders, order items, orders, order templates, and shopping cart entries.
    
    Throws:
    
    ECException
  - performExecute
```
public void performExecute()
                    throws ECException
```
    This is the main business logic of the command. The following checks are done to ensure that the user is allowed to log on:
    1. Verify that the user's account is not disabled. (Not done if LDAP mode is used.)
    2. Verify that logon is allowed now: the account lockout policy specifies how much time must elapse after an incorrect password attempt, before a subsequent logon attempt is allowed.
    3. Verify that the password specified by the user is correct.
    4. Verify that the user's account is approved.
    5. Verify that none of the user's ancestor organizations are locked.
    6. Verify that the user has a role in the current store's organization.
    If valid credentials are specified, and LDAP mode is used, the default roles specified in MemberRegistrationAttributes.xml are assigned to the user. Also, postLDAPAuthenticationProcessing() is called to allow for further processing in this case.
    Regardless of whether or not valid credentials were specified, as long as LDAP mode is not used, AccountLockoutPolicyCmd task commad is called to update policy account information for the user:
    - Account lockout policy:
      
      USERREG.PASSWORDRETRIES is incremented on an bad password attempt.
      
      If there have been too many retries with incorrect passwords, the user account will be disabled, i.e., USERREG.STATUS will be changed to 0.
    - Policy password policy:
      
      If the password is too old, the password will changed to the expired state, i.e., USERREG.PASSWORDEXPIRED will be changed to 1.
  After successful logon, the following steps are also performed:
  1. The user's resources are migrated from the previous guest user if applicable.
  2. The command context is updated to the authenticated users's identity.
  3. If the password invalidation feature is enabled, and the password is in the expired state, and LDAP mode is not used, the user will be directed to the ChangePassword view.
  4. If the logon took place after the login timeout feature ended the session, the user will be directed to the URL that was originally specified when the login timeout took place.

Specified by:: performExecute in interface ECCommand
Specified by:: performExecute in interface com.ibm.websphere.command.TargetableCommand
Overrides:: performExecute in class AbstractECTargetableCommand
Throws:: ECException - This exception is thrown mainly if a system exception occurred. Normally if an input parameter is missing or invalid, an exception would not be thrown. Instead, the response would contain an error code and redirect to the URL specified by reLogonURL.

getUserEntriesToBeMigrated
```
protected UserEntriesMigrationEventData getUserEntriesToBeMigrated(java.lang.Long memberId)
                                                            throws ECException
```
This method get the user entries that will be migrated, and returns <@link UserEntriesMigrationEventData> to maintain the user entries to be migrated, which will be used to raise the <@link UserEntriesMigrationEvent>

Parameters:

memberId - , the member id of the old user.

Returns:

UserEntriesMigrationEventData which maintains the user entries to be migrated.

Throws:

ECException

raiseUserEntriesMigrationEvent

protected void raiseUserEntriesMigrationEvent()
                                       throws ECException

This method raise the UserEntriesMigrationEvent

Throws:: ECException

postLDAPAuthenticationProcessing
```
protected void postLDAPAuthenticationProcessing()
                                         throws ECException
```
Calls LDAPIntegrationCmd.postLogonProcessing(com.ibm.commerce.user.objects.UserAccessBean) to allow extra synchronization between the Commerce database and LDAP if it's needed.

Throws:

ECException - Thrown if an error occurs.

setLogonId
```
public void setLogonId(java.lang.String strLogonId)
```
This method sets the logon ID.

Specified by:

setLogonId in interface LogonCmd

Parameters:

strLogonId - The logon ID to use when logging on to the store.

setLogonPassword
```
public void setLogonPassword(java.lang.String strPassword)
```
This method sets the logon password.

Specified by:

setLogonPassword in interface LogonCmd

Parameters:

strPassword - The password to use when logging on to the store.

setPostLogonURL
```
public void setPostLogonURL(java.lang.String strPostLoginURL)
```
This method sets the post logon URL.

Specified by:

setPostLogonURL in interface LogonCmd

Parameters:

strPostLoginURL - The URL to redirect to after a successful logon.

setReLogonURL
```
public void setReLogonURL(java.lang.String strReLoginURL)
```
This method sets the relogon URL.

Specified by:

setReLogonURL in interface LogonCmd

Parameters:

strReLoginURL - The URL to redirect to if logon is not successful.

setRequestProperties
```
public void setRequestProperties(TypedProperty hshReqParameters)
                          throws ECApplicationException
```
This method sets the request properties. It extracts the logonID, reLogonURL, and postLogonURL from the request parameters passed in.

Specified by:

setRequestProperties in interface ControllerCommand

Overrides:

setRequestProperties in class ControllerCommandImpl

Parameters:

hshReqParameters - The request parameters.

Throws:

ECApplicationException

updateCmdContext
```
protected void updateCmdContext()
                         throws ECException
```
This method switches the current user identity to the identity associated with the login ID supplied to this Logon command.

Throws:

ECException

updateLockoutInformation

public void updateLockoutInformation(boolean valid_credentials)
                              throws ECException

This method updates the lockout information.

Parameters:: valid_credentials -
Throws:: ECException

validateParameters
```
public void validateParameters()
                        throws ECException
```
This method validates the parameters by ensuring that reLogonURL and postLogonURL are specified. Also ensures that the logon ID is for a registered shopper in the system, and that the password satisfies all defined policies.

Specified by:

validateParameters in interface ECCommand

Overrides:

validateParameters in class AbstractECTargetableCommand

Throws:

ECException

isAnyParentOrgLocked
```
protected boolean isAnyParentOrgLocked()
                                throws ECException
```
This method returns true if any parent organization is locked.

Returns:

True if any parent organization is locked, false otherwise.

Throws:

ECException

isUserRegisteredInOrg
```
protected boolean isUserRegisteredInOrg()
                                 throws ECException
```
This method determines whether or not the user has a role in the organization owning the store.

Returns:

True If the user has a role with the organization owning the store.

Throws:

ECException

isUserApproved
```
protected boolean isUserApproved()
```
This method determines whether or not the user is approved.

Returns:

True if the user is approved, otherwise false.

getUserRegistryObject
```
protected UserRegistryAccessBean getUserRegistryObject()
```
This method gets the user registry object.

Returns:

UserRegistryAccessBean The user registry object.

getMemberObject
```
protected MemberAccessBean getMemberObject()
```
This method gets the member object.

Returns:

MemberAccessBean The member object.

isLDAPUsed
```
protected boolean isLDAPUsed()
```
Deprecated. in version 6.0, replaced by MemberHelper.isLDAPUsedForAuthentication()

This method determines whether or not the authentication mode is LDAP.

Returns:

True if LDAP authentication is used, otherwise false.

getUserPasswordExpiredFlag
```
protected java.lang.Integer getUserPasswordExpiredFlag()
```
This method returns the password expiry status of the logged on user. "1" means the user password is expired, "0" if the password is not.

Returns:

The password expiry status of the user.

isLogonCompletedSuccessful
```
protected boolean isLogonCompletedSuccessful()
```
This method returns true if the Logon command completed successfully, returns false if any of the following conditions is true. if the responseProperties contains an error code if the password is expired

Returns:

True if the Logon command completed successfully, false otherwise.

removeSensitiveDataFromRequestProperties
```
protected TypedProperty removeSensitiveDataFromRequestProperties()
```
Remove sensitive data from request properties so that they will not show up in the krypto parameter in the URL. By default it removes the password from request properties.

Returns:

The request properties where the sensitive data are removed.

needAssignRole
```
protected boolean needAssignRole()
```
This method returns whether we need assign roles to the user.

Returns:

true only if LDAP is used for authentication and storeId is not "0"

Class LogonCmdImpl

Field Summary

Fields inherited from class com.ibm.commerce.command.ControllerCommandImpl

Fields inherited from class com.ibm.commerce.command.AbstractECTargetableCommand

Fields inherited from interface com.ibm.commerce.security.commands.LogonCmd

Fields inherited from interface com.ibm.websphere.command.Command

Constructor Summary

Method Summary

Methods inherited from class com.ibm.commerce.command.ControllerCommandImpl

Methods inherited from class com.ibm.commerce.command.AbstractECTargetableCommand

Methods inherited from class java.lang.Object

Methods inherited from interface com.ibm.commerce.command.ControllerCommand

Methods inherited from interface com.ibm.websphere.command.CacheableCommand

Methods inherited from interface com.ibm.websphere.command.TargetableCommand

Methods inherited from interface com.ibm.websphere.command.CommandCaller

Methods inherited from interface com.ibm.commerce.command.AccCommand

Methods inherited from interface com.ibm.commerce.command.ECCommand

Methods inherited from interface com.ibm.websphere.command.Command

Methods inherited from interface com.ibm.commerce.security.Protectable

Field Detail

COPYRIGHT

ERRTASK_NAME

Constructor Detail

LogonCmdImpl

Method Detail

isPasswordInvalidationEnabled

getAuthenticateUserId

getLogonId

getLogonPassword

getPostLogonURL

getReLogonURL

isAccountDisabled

isGeneric

isLogonAllowedNow

isValidCredentials

migrateUserEntries

performExecute

getUserEntriesToBeMigrated

raiseUserEntriesMigrationEvent

postLDAPAuthenticationProcessing

setLogonId

setLogonPassword

setPostLogonURL

setReLogonURL

setRequestProperties

updateCmdContext

updateLockoutInformation

validateParameters

isAnyParentOrgLocked

isUserRegisteredInOrg

isUserApproved

getUserRegistryObject

getMemberObject

isLDAPUsed

getUserPasswordExpiredFlag

isLogonCompletedSuccessful

removeSensitiveDataFromRequestProperties

needAssignRole