Page Comparison

...

Perform the following steps to validate session using AJAX:

1. For the example scenario, in the Index.jsp page, send the AJAX request with the additional param, "AJAX_REQUEST" : "Y“, as shown in the following code snippet:
   

   Code Block
   language js
   function validateUser() { var aparams= { "INPUT_ACTION": "SESSIONTEST", "INPUT_FUNCTION_CODE": "VSBLTY", "INPUT_PRODUCT": "CUSER", "INPUT_SUB_PRODUCT": "CUSER", "PAGE_CODE_TYPE": "SESSIONTEST", "PRODUCT_NAME": "CUSER", "AJAX_REQUEST": "Y", "transactionCode":"logn", "ctLoginID":"terrim" }; extAjax( { }; extAjax({ params: aparams, params: aparams, success: function(response){ { if(response.JSON_MAP.STATUS == 'failure') alert(response.JSON_MAP.ADDITIONAL_INFO); }, failure:function (response,request) { alert("fail"); } }); } <input type = "submit" onclick = "validateUser()" name = "commit" value = "LOGIN" class = "login-btn" aria-label = "Click to Login" />

2. Forward mappingUse the forward mapping to use a servlet to forward the AJAX:
   

   Code Block
   language xml
   <action-map screenCode = "SESSIONTEST" prodCode = "CUSER" subProdCode = "CUSER" funcCode = "VSBLTY" host = "SESSIONTESTHOST" > <action-class> com.intellectdesign.app.iquiz.action.TxnAction </action-class> </action-map>

3. Create the Action (Java) class for the logon authentication. The following is a sample for reference:
   

   Code Block
   language java
   package com.intellectdesign.app.iquiz.action; import java.util.Map; import javax.servlet.http.HttpServletRequest; import com.intellectdesign.canvas.action.PortletAction; import com.intellectdesign.canvas.common.ReplyObject; import com.intellectdesign.canvas.constants.common.FrameworkConstants; import com.intellectdesign.canvas.exceptions.action.OrbiActionException; import com.intellectdesign.canvas.exceptions.common.ProcessingErrorException; import com.intellectdesign.canvas.logger.Logger; import com.intellectdesign.canvas.login.sessions.SessionInfo; import com.intellectdesign.canvas.web.config.ActionMap; public class TxnAction extends PortletAction{ @Override public ReplyObject executePortletActionUsing(String action, SessionInfo sessionInfo, ActionMap actionMap, Map requestParams, HttpServletRequest request) throws OrbiActionException { logger.ctinfo("CTTXN0001"); ReplyObject reply = null; try { logger.ctdebug("CTTXN0002"); /* * if ("SUBMIT".equals(action) || "DRAFT".equals(action)) { */ reply = executeHostRequest(sessionInfo, actionMap.getHostCode(), requestParams, request); /* } */ logger.ctdebug("CTTXN0003"); } catch (ProcessingErrorException procExcep) { logger.cterror("CTTXN0004"); throw new OrbiActionException(FrameworkConstants.ERROR_SYSTEM_ERROR, "Received processing error while handling action - '" + action + "in TxnAction action", procExcep); } logger.ctinfo("CTTXN0005"); return reply; } private static final Logger logger = Logger.getLogger(TxnAction.class); }

4. Create the Handler Properties and class

5. Authentication Provider

6. Securityconfig.properties update to indicate the respective authentication provider.class (Java) to handle the log-on authentication. The following is a sample reference:
   

   Code Block
   language java
   package com.intellectdesign.app.iquiz.handler; import java.util.*; import com.intellectdesign.app.iquiz.instruction.*; import com.intellectdesign.canvas.alert.details.AlertConstants; import com.intellectdesign.canvas.alert.handler.AlertDeliverySchedulerJob; import com.intellectdesign.canvas.authentication.providers.CTAuthenticationProvider; import com.intellectdesign.canvas.common.ExtReplyObject; import com.intellectdesign.canvas.common.ReplyObject; import com.intellectdesign.canvas.common.UserValue; import com.intellectdesign.canvas.config.ConfigurationManager; import com.intellectdesign.canvas.constants.common.JSPIOConstants; import com.intellectdesign.canvas.constants.login.LoginMasterConstants; import com.intellectdesign.canvas.constants.login.MobileDeviceManagerConstants; import com.intellectdesign.canvas.database.DatabaseException; import com.intellectdesign.canvas.event.Event; import com.intellectdesign.canvas.event.EventDispatcher; import com.intellectdesign.canvas.event.EventHandlerFrameworkConstants; import com.intellectdesign.canvas.event.handler.HandlerException; import com.intellectdesign.canvas.event.handler.IData; import com.intellectdesign.canvas.exceptions.common.OnlineException; import com.intellectdesign.canvas.exceptions.common.ProcessingErrorException; import com.intellectdesign.canvas.handler.SimpleRequestHandler; import com.intellectdesign.canvas.hybrid.handlers.MobileDeviceManager; import com.intellectdesign.canvas.logger.Logger; import com.intellectdesign.canvas.logging.PerformanceTimer; import com.intellectdesign.canvas.login.handlers.LoginMaster; import com.intellectdesign.canvas.properties.reader.PropertyReader; import com.intellectdesign.canvas.security.AuthenticationException; import com.intellectdesign.canvas.security.AuthenticationProviderFactory; import com.intellectdesign.canvas.security.IAuthenticationServiceProvider; import com.intellectdesign.canvas.utils.ChannelUtils; import com.intellectdesign.canvas.utils.StringUtils; import com.intellectdesign.canvas.value.CanvasRequestVO; import com.intellectdesign.canvas.value.IUserValue; import org.apache.poi.hpsf.Array; import org.json.JSONException; import org.json.JSONObject; import org.quartz.JobExecutionException; public class SessionTestHandler extends SimpleRequestHandler{ private static PropertyReader mReader = new PropertyReader("txn_properties"); private static PropertyReader eventReader = new PropertyReader("CTevent_properties"); public ExtReplyObject handleLoginRequest(CanvasRequestVO request) throws ProcessingErrorException, AuthenticationException { ExtReplyObject reply = new ExtReplyObject(); String action = request.getActionCode(); if("SESSIONTEST".equals(action)) { // ExtReplyObject reply = new ExtReplyObject(); reply.headerMap = new HashMap(); LoginMaster loginMaster = new LoginMaster(); boolean multiLoginStatus; boolean loginSuccess = false; boolean forceChangePassword = false; IUserValue userValue = (IUserValue) request.getRequestData().get(LoginMasterConstants.FLD_USER_VALUE); String pin = userValue.getUserPin(); Integer channelId = Integer.parseInt(ChannelUtils.getDeviceType(request.getSessionContext().getDeviceType(), request.getSessionContext().isHybridApp())); userValue.setChannelId(channelId.toString()); HashMap customSessioninfoMap = userValue.getCustomSSOProperties(); try { // Step 1: Ask the Login Master to check within our entitlements implementation of whether the user details // are // valid. userValue.setUserPin(pin); userValue.setCustomSSOProperties(customSessioninfoMap); authenticateUser(userValue); if (LoginMasterConstants.STATUS_SUCCESS.equals(userValue.getTransactionStatus())) { // Step 2: Set the password receive into the userValue retrieved and then pass it along to the // authentication // provider userValue = loginMaster.loginUser(userValue); // update current user login time CTAuthenticationProvider authHandler = new CTAuthenticationProvider(); authHandler.updateUserLoginTime((UserValue) userValue); HashMap requestMap = (HashMap) request.getRequestData(); String isHybrid = (String) requestMap.get("isHybrid"); if (LoginMasterConstants.STATUS_SUCCESS.equals(userValue.getTransactionStatus())) { if ("H".equals(isHybrid) && !isDeviceValidationSuccessFull(request, userValue)) { JSONObject jsonResult = (JSONObject) userValue.getCustomAttrbutes().get( MobileDeviceManagerConstants.APP_MANAGER_RESULT); if (jsonResult != null && jsonResult.get("MESSAGE") != null) { userValue.setTransactionStatus(LoginMasterConstants.STATUS_FAILURE); reply.userValue = userValue; return reply; } } if (LoginMasterConstants.CHANGE_PASSWORD.equals(StringUtils.ensureExists(userValue .getTransactionCode()))) forceChangePassword = true; // If there is an ask to force change password, no point in treating it as a successful login. So do // not update anything yet. if (!forceChangePassword) { multiLoginStatus = loginMaster.isMultiLoginAllowed(userValue); if (!multiLoginStatus) { String errorMsg = "LBL_MULTI_LOGIN_MSG"; loginMaster.handleInValidUser(userValue, errorMsg); } else { try { userValue = loginMaster.populateUserPreferences(userValue); loginSuccess = true; loginMaster.insertUserSession(userValue); } catch (ProcessingErrorException e) { LOGGER.cterror("CTLGN00067", e); String errorMsg = "LBL_DB_EXCEPTION"; loginMaster.handleInValidUser(userValue, errorMsg); } } } } else { // The authentication has failed or it is a step up. Log the userValue LOGGER.ctdebug("CTLGN00022", userValue); } } } catch (ProcessingErrorException e) { LOGGER.cterror("CTLGN00009", e); throw e; } catch (JSONException e) { // Exception catch for JSONException while validating App and Device throw new ProcessingErrorException("ERR_JSON_CREATE", e.getMessage(), e); } // Finally raise the event. Event eventToBeRaised = null; if (loginSuccess) eventToBeRaised = Event.getEventFor("CANVAS", "AUTHENTICATION", "LOGIN", "SUCCESS"); // Raise a different event for Invalid Password being provided. else if (userValue.isInvalidCred()) eventToBeRaised = Event.getEventFor("CANVAS", "AUTHENTICATION", "LOGIN", "INVALID_PWD"); // All other errors raise it as a failed login attempt. else if (forceChangePassword || LoginMasterConstants.STATUS_STEP_UP.equals(userValue.getTransactionStatus())) { // For now, Skip the event raising if the authentication provider asked for a stepup authentication, or for // a force change password. // If needed later, this should be a separate authentication event. } else eventToBeRaised = Event.getEventFor("CANVAS", "AUTHENTICATION", "LOGIN", "FAILURE"); if (eventToBeRaised != null) raiseEvent(request, eventToBeRaised, userValue); reply.userValue = userValue; return reply; } return reply; } private void raiseEvent(CanvasRequestVO request, Event event, IUserValue userValue) throws ProcessingErrorException { // Use the login id as the reference String refNo = StringUtils.ensureExists(userValue.getLoginId(), EventHandlerFrameworkConstants.FLD_NOT_AVAILABLE); Map<String, Object> loginData = EventHandlerFrameworkConstants.getEventMandatoryDataFrom(request, event, refNo); HashMap<String, Object> eventData = new HashMap(); if (!StringUtils.isEmpty(userValue.getUserNo())) loginData.put(EventHandlerFrameworkConstants.FLD_USER_NO, userValue.getUserNo()); else loginData.put(EventHandlerFrameworkConstants.FLD_USER_NO, EventHandlerFrameworkConstants.FLD_NOT_AVAILABLE); loginData.put("status", userValue.getInfo()); if (!StringUtils.isEmpty(userValue.getPrimaryGcif())) loginData.put(EventHandlerFrameworkConstants.FLD_GCIF, userValue.getPrimaryGcif()); else loginData.put(EventHandlerFrameworkConstants.FLD_GCIF, EventHandlerFrameworkConstants.FLD_NOT_AVAILABLE); if (!StringUtils.isEmpty(userValue.getSessionId())) loginData.put(EventHandlerFrameworkConstants.FLD_SESSION_ID, userValue.getSessionId()); else loginData.put(EventHandlerFrameworkConstants.FLD_SESSION_ID, EventHandlerFrameworkConstants.FLD_NOT_AVAILABLE); loginData.put("LOGIN_DATE", new Date().toString()); if (!StringUtils.isEmpty(userValue.getLoginId())) loginData.put("LOGIN_ID", userValue.getLoginId()); else loginData.put("LOGIN_ID", EventHandlerFrameworkConstants.FLD_NOT_AVAILABLE); if (!StringUtils.isEmpty(userValue.getSimulatingUserNo())) loginData.put(EventHandlerFrameworkConstants.FLD_SIMULATION_USERID, userValue.getSimulatingUserNo()); loginData.put(LoginMasterConstants.FLD_INVALID_ATTEMPTS, userValue.getInvalidAttempts()); loginData.put(EventHandlerFrameworkConstants.FLD_LAST_LOGIN_DATE, userValue.getLastLogin()); loginData.put(EventHandlerFrameworkConstants.FLD_SIMULATION_MODE, Boolean.valueOf(userValue.isSimulated())); loginData.put(EventHandlerFrameworkConstants.FLD_REFERENCE_KEY, userValue.getUserNo()); // CT_ALERT_NOTIFY starts ArrayList recipient = new ArrayList(); recipient.add(userValue.getUserNo()); loginData.put(AlertConstants.RECIPIENTS_KEY, recipient); // CT_ALERT_NOTIFY ends eventData.putAll(loginData); eventData.put(EventHandlerFrameworkConstants.EVENT_META_DATA, loginData); eventData.put(EventHandlerFrameworkConstants.EVENT_DATA_OLD_STATE, loginData); eventData.put(EventHandlerFrameworkConstants.EVENT_DATA_NEW_STATE, loginData); try { EventDispatcher.getInstance().raiseEvent(event, eventData); } catch (HandlerException e) { // If the handler is configured to throw an exception, ensure that the same is propagated properly. throw new ProcessingErrorException(e); } } private boolean isDeviceValidationSuccessFull(CanvasRequestVO request, IUserValue userValue) { String validationPolicy = ConfigurationManager.getInstance().getSecurityDescriptor() .getHybridPolicyProviderClass(); if (validationPolicy == null || ("NONE").equalsIgnoreCase(validationPolicy)) { return true; } MobileDeviceManager hybridAppManager = new MobileDeviceManager(request, userValue); return hybridAppManager.validateAppAndDevice(); } private void authenticateUser(IUserValue userValue) throws AuthenticationException { IAuthenticationServiceProvider provider = null; String cmName = " [Login.authenticateUser] "; try { provider = AuthenticationProviderFactory.getAuthenticationServiceProvider(); provider.authenticateUser(userValue); } catch (AuthenticationException authEx) { LOGGER.cterror("CTLGN00012", authEx, cmName); throw authEx; } } private ExtReplyObject constructSuccessReply(HashMap respMap) { ExtReplyObject reply = new ExtReplyObject(); reply.headerMap = new HashMap(); reply.headerMap.put("REPLY_TYPE", "SUCCESS"); if (respMap != null) { reply.headerMap.put("JSON_MAP", respMap); } return reply; } /* * private ExtReplyObject constructErrorReply(final String errorCode,final String errorMsg){ * * ExtReplyObject reply = new ExtReplyObject(); reply.headerMap = new HashMap(); * * reply.headerMap.put("ERR_CODE", errorCode); reply.headerMap.put("REPLY_TYPE","ERROR"); * reply.headerMap.put("ERR_MESS", errorMsg); reply.headerMap.put("SUCCESS", false); * * return reply; } */ /** * Helper method to get the new reference number from the db sequence. * * @return long the newly generated Reference number * @exception OnlineException Thrown if any error occurs while fetching the next valye from sequence */ protected String getNewRefNumber() { String refNo = null; logger.ctinfo("CTTXN0015"); // refNo = UUID.randomUUID().toString(); refNo = "T".concat(String.valueOf(new Date().getTime())); logger.ctinfo("CTTXN0016", refNo); return refNo; } protected IData formatTxnData(HashMap mapData, String action) { //logger.ctinfo("CTTXN0013"); TxnData txnData = new TxnData(); ScoreInstruction scoreInstruction=new ScoreInstruction(); txnData.setUsername((String)mapData.get("Username")); txnData.setScore((String) mapData.get("Score")); txnData.setMisbe((String) mapData.get("Misbhaviour")); return txnData; } private void callRaiseEvent(CanvasRequestVO request, HashMap inputMap) throws ProcessingErrorException { HashMap<String, Object> alertData = new HashMap<String, Object>(); HashMap<String, Object> eventData = new HashMap<String, Object>(); String action = request.getActionCode(); Event event; event = Event.getEventFor("CUSER", "CUSER", "VSBLTY", action); logger.ctdebug("CTVDF00155", event); alertData.put(EventHandlerFrameworkConstants.FLD_GCIF, request.getUserContext().getOwningGCIF()); alertData.put(EventHandlerFrameworkConstants.FLD_USER_NO, request.getUserContext().getUserNumber()); alertData.put(JSPIOConstants.INPUT_CHANNEL_ID, request.getSessionContext().getChannelId()); alertData.put(REF_NO, inputMap.get(REF_NO)); List recipientList = new ArrayList(); if ("SUBMIT".equalsIgnoreCase(action)) { recipientList = getRecipientList((String) inputMap.get("REFERENCE_NO")); } else if ("AUTH_TXN".equalsIgnoreCase(action) || "REJECT_TXN".equalsIgnoreCase(action)) { recipientList.add(getMakerUserNo((String) inputMap.get("REFERENCE_NO"))); } Set set = new HashSet(); set.addAll(recipientList); List recipients = new ArrayList(); recipients.addAll(set); alertData.put(AlertConstants.RECIPIENTS_KEY, recipients); eventData.putAll(alertData); eventData.put(AlertConstants.ALERT_DATA_MAP, alertData); eventData.put(AlertConstants.LOCALE_KEY, "en_US"); EventDispatcher eventDispatcher = EventDispatcher.getInstance(); try { eventDispatcher.raiseEvent(event, eventData); logger.ctinfo("CTTXN0014"); } catch (HandlerException e) { String propName = "TXN0011"; if ("SUBMIT".equalsIgnoreCase(action)) { propName = "TXN0012"; } else if ("AUTH_TXN".equalsIgnoreCase(action)) { propName = "TXN0013"; } if ("REJECT_TXN".equalsIgnoreCase(action)) { propName = "TXN0014"; } logger.cterror("CTTXN0011", e, mReader.retrieveProperty(propName)); throw new ProcessingErrorException(propName, mReader.retrieveProperty(propName)); } } /** * This method fetch the all the user-no's except the maker * * @param refNo * @return * @throws OnlineException */ private List getRecipientList(String refNo) throws ProcessingErrorException { PaymentInstruction paymentInstruction = new PaymentInstruction(); List recepientList = null; try { List tempList = paymentInstruction.getRecipients(refNo); recepientList = new ArrayList(); String key = "OD_USER_NO"; for (int i = 0; i < tempList.size(); i++) { Map tmpMap = (HashMap) tempList.get(i); recepientList.add(tmpMap.get(key)); } } catch (DatabaseException dbException) { logger.cterror("CTTXN0039", dbException, mReader.retrieveProperty("TXN0015")); throw new ProcessingErrorException("TXN0015", mReader.retrieveProperty("TXN0015")); } return recepientList; } private String getMakerUserNo(String refNo) throws ProcessingErrorException { String maker = null; PaymentInstruction paymentInstruction = new PaymentInstruction(); try { Map makerMap = paymentInstruction.getMaker(refNo); maker = (String) makerMap.get("USER_NO"); } catch (DatabaseException dbException) { logger.cterror("CTTXN0039", dbException, mReader.retrieveProperty("TXN0016")); throw new ProcessingErrorException("TXN0015", mReader.retrieveProperty("TXN0016")); } return maker; } private static final String REF_NO = "REFERENCE_NO"; private static final int DEVICETYPE_INDEX_IN_VECTOR = 10; private static final Logger logger = Logger.getLogger(TxnRequestHandler.class); }

7. Specify the Handler (Java) class in the handler properties:
   

   Code Block
   language text
   SESSIONTESTHOST_Handler = com.intellectdesign.app.iquiz.handler.SessionTestHandler

8. Create a Authentication Provider (Java) class to fail the user authentication and set some logon failure message in the setuserValue -> setInfo. A Sample reference is as follows:
   

   Code Block
   language java
   package com.intellectdesign.modelhouse; import com.intellectdesign.canvas.logger.Logger; import com.intellectdesign.canvas.security.AuthenticationException; import com.intellectdesign.canvas.security.IAuthenticationServiceProvider; import com.intellectdesign.canvas.value.IUserValue; import javax.servlet.http.HttpServletRequest; import java.util.HashMap; import java.util.List; import java.util.Map; public class QuizAuthenticationProvider implements IAuthenticationServiceProvider { private static final Logger logger = Logger.getLogger(QuizAuthenticationProvider.class); @SuppressWarnings("unused") @Override public void authenticateUser(IUserValue uValue) throws AuthenticationException { Map customSSOProperties = uValue.getCustomSSOProperties(); logger.cterror("Inside AuthenticationProvider class....."); uValue.setTransactionStatus(IAuthenticationServiceProvider.Status.failure.name()); String info = "SESSION TEST FAILURE MODE"; uValue.setInfo(info); } @Override public void changeCredentials(IUserValue uValue) throws AuthenticationException { // Nothing to do here } @Override public void dispose() { // Nothing to do here } @Override public void extractUserCredentials(HttpServletRequest request, IUserValue uValue) throws AuthenticationException { // Nothing to do here } @Override public void forceReset(IUserValue uValue) throws AuthenticationException { // Nothing to do here } @Override public IUserValue getPreferences(HttpServletRequest request, IUserValue uValue) throws AuthenticationException { return null; } @Override public void initialize() throws AuthenticationException { // Nothing to do here. } @Override public boolean isRSARollValidated(HashMap inputParams) throws AuthenticationException { return false; } @Override public boolean isRSATxnValidated(Object userData) throws AuthenticationException { return false; } @Override public void logoutUser(IUserValue uValue) throws AuthenticationException { uValue.setStatusFlag("T"); } @Override public void logoutUser(String userId) throws AuthenticationException { // Nothing to do here } @Override public void onExtendSession(IUserValue uValue) throws AuthenticationException { // TODO: Referesh ticket here uValue.setInfo("User session has been extended"); } @Override public void resetRSAPWD(IUserValue uValue) throws AuthenticationException { // Nothing to do here } @Override public List<IUserValue> retrieveUserDetails(List<String> usersList) throws AuthenticationException { return null; } @Override public boolean validateSession(HttpServletRequest request) throws AuthenticationException { return true; } }

9. Specify the authentication provider in the securityconfig.properties file:
   

   Code Block
   language text
   # This is the default authentication provider that is to be used during login / logout / re-authentication purposes AUTH_SERV_PROV_CLASS = com.intellectdesign.modelhouse.QuizAuthenticationProvider

10. Check that the user authentication is validated using AJAX in the application.
    
    For example, user ‘terrim’ logons to the Modelhouse application in the following screen shot:
    

    Image Added

    
    In the Authentication Provider (Java) class, the user authentication is made to fail in the authenticateUser function. Hence, the following error message is shown to indicate that the user authentication is validated using AJAX:
    

    Image Added