com.ibm.commerce.security.commands

Class LogonCmdImpl

  • All Implemented Interfaces:
    AccCommand, ControllerCommand, ECCommand, ECTargetableCommand, LogonCmd, Protectable, com.ibm.websphere.cache.Sizeable, com.ibm.websphere.command.CacheableCommand, com.ibm.websphere.command.Command, com.ibm.websphere.command.CommandCaller, com.ibm.websphere.command.TargetableCommand, java.io.Serializable
    Direct Known Subclasses:
    BusinessContextServiceLogonCmdImpl

    public class LogonCmdImpl
extends ControllerCommandImpl
implements LogonCmd

    This controller command logs users into the system. If the user is logging in from a guest shopper identity, then it also migrates the guest shopper resources to the new user login identity.

    Before executing this task command, the methods listed below must be invoked.

    • setLogonId
    • setPassword
    • setReLogonURL
    • setPostLogonURL

    Upon successful authentication the user is redirected to the URL specified by the setPostLogonURL. Upon unsuccessful authentication the user is redirected to the URL specified by setReLogonURL.

    See Also:
    Serialized Form

    • Field Detail

      • COPYRIGHT

        public static final java.lang.String COPYRIGHT
        Copyright field.
        See Also:
        Constant Field Values

      • ERRTASK_NAME

        public static final java.lang.String ERRTASK_NAME
        Error task name.
        See Also:
        Constant Field Values

    • Constructor Detail

      • LogonCmdImpl

        public LogonCmdImpl()

    • Method Detail

      • isPasswordInvalidationEnabled

        public static final boolean isPasswordInvalidationEnabled()
        Deprecated. in 7009 due to introduction of LDAP user exclusion feature where some users can be excluded from LDAP and only exist in the database.
        Returns true if password invalidation feature is enabled in instance configuration file and LDAP is not used. This method may not be useful as of 7009 due to the introduction of the LDAP user exclusion feature, where some users can be configured to be excluded from LDAP, and only exist in the database. Those excluded users should also have password invalidation apply to them.
        Returns:
        true if password invalidation is enabled in instance configuration file and LDAP is not used.

      • getAuthenticateUserId

        public java.lang.String getAuthenticateUserId()
        This method retrieves the user ID/i> of the logged in user.
        Specified by:
        getAuthenticateUserId in interface LogonCmd
        Returns:
        The user ID.

      • isGeneric

        public boolean isGeneric()
        This method determines if a generic user is permitted to execute this command.
        Specified by:
        isGeneric in interface ControllerCommand
        Overrides:
        isGeneric in class ControllerCommandImpl
        Returns:
        True if a generic user can execute this command; always true for this command.

      • performExecute

        public void performExecute()
                    throws ECException
        This is the main business logic of the command. The following checks are done to ensure that the user is allowed to log on:
        1. Verify that the user's account is not disabled. (Not done if LDAP mode is used.)
        2. Verify that logon is allowed now: the account lockout policy specifies how much time must elapse after an incorrect password attempt, before a subsequent logon attempt is allowed.
        3. Verify that the password specified by the user is correct.
        4. Verify that the user's account is approved.
        5. Verify that none of the user's ancestor organizations are locked.
        6. Verify that the user has a role in the current store's organization.
        If valid credentials are specified, and LDAP mode is used, the default roles specified in MemberRegistrationAttributes.xml are assigned to the user. Also, postLDAPAuthenticationProcessing() is called to allow for further processing in this case.
        Regardless of whether or not valid credentials were specified, as long as LDAP mode is not used, AccountLockoutPolicyCmd task commad is called to update policy account information for the user:
        • Account lockout policy:
          • USERREG.PASSWORDRETRIES is incremented on an bad password attempt.
          • If there have been too many retries with incorrect passwords, the user account will be disabled, i.e., USERREG.STATUS will be changed to 0.
        • Policy password policy:
          • If the password is too old, the password will changed to the expired state, i.e., USERREG.PASSWORDEXPIRED will be changed to 1.
      After successful logon, the following steps are also performed:
      1. The user's resources are migrated from the previous guest user if applicable.
      2. The command context is updated to the authenticated users's identity.
      3. If the password invalidation feature is enabled, and the password is in the expired state, and LDAP mode is not used, the user will be directed to the ChangePassword view.
      4. If the logon took place after the login timeout feature ended the session, the user will be directed to the URL that was originally specified when the login timeout took place.
Specified by:
performExecute in interface ECCommand
Specified by:
performExecute in interface com.ibm.websphere.command.TargetableCommand
Overrides:
performExecute in class AbstractECTargetableCommand
Throws:
ECException - This exception is thrown mainly if a system exception occurred. Normally if an input parameter is missing or invalid, an exception would not be thrown. Instead, the response would contain an error code and redirect to the URL specified by reLogonURL.

  • setLogonId

    public void setLogonId(java.lang.String strLogonId)
    This method sets the logon ID.
    Specified by:
    setLogonId in interface LogonCmd
    Parameters:
    strLogonId - The logon ID to use when logging on to the store.

  • setLogonPassword

    public void setLogonPassword(java.lang.String strPassword)
    This method sets the logon password.
    Specified by:
    setLogonPassword in interface LogonCmd
    Parameters:
    strPassword - The password to use when logging on to the store.

  • setPostLogonURL

    public void setPostLogonURL(java.lang.String strPostLoginURL)
    This method sets the post logon URL.
    Specified by:
    setPostLogonURL in interface LogonCmd
    Parameters:
    strPostLoginURL - The URL to redirect to after a successful logon.

  • setReLogonURL

    public void setReLogonURL(java.lang.String strReLoginURL)
    This method sets the relogon URL.
    Specified by:
    setReLogonURL in interface LogonCmd
    Parameters:
    strReLoginURL - The URL to redirect to if logon is not successful.

  • setLinkUserToIBMid

    public void setLinkUserToIBMid(boolean iLinkUserToIBMid)
    This method sets the parameter linkUserToIBMid.
    Parameters:
    linkUserToIBMid - The boolean value of whether to link the current user to IBMid.

  • setIbmId

    public void setIbmId(java.lang.String ibmId)
    This method sets the IBM id. Called by LogonServiceCmdImpl when it determines the IBM ID from the LTPA token in the Management Center linking flow.
    Parameters:
    ibmId - The IBM id

  • updateLockoutInformation

    public void updateLockoutInformation(boolean valid_credentials)
                              throws ECException
    This method updates the lockout information.
    Parameters:
    valid_credentials -
    Throws:
    ECException