Beispiel #1
0
 @Test
 public void activationTest() {
   User user = getUser(UserRole.ROLE_ORG_USER, UserRole.ROLE_GROUP_USER);
   user = userService.getByEmail(user.getEmail());
   assertFalse(user.isActivated());
   boolean activated = userService.activate(user.getId(), user.getActivationCode());
   assertTrue(activated);
   assertTrue(user.isActivated());
 }
  @Override
  public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
      throws IOException {
    HttpSession session = request.getSession();
    boolean redirect = false;

    if (session != null) {
      SecurityContext context = (SecurityContext) session.getAttribute("SPRING_SECURITY_CONTEXT");
      if (context != null) {
        if (context.getAuthentication() != null
            && context.getAuthentication().getPrincipal() != null
            && context.getAuthentication().getPrincipal() instanceof User) {
          User user = userService.getUserFromSecurityContext();

          String servletPath = request.getServletPath();

          if (!servletPath.startsWith("/auth")
              && !servletPath.startsWith("/resources")
              && user != null) {
            boolean skipValidation = false;

            if (user.isPasswordExpired()
                && !servletPath.startsWith("/profile/changePassword")
                && !servletPath.startsWith("/auth/forgotPassword")) {
              response.sendRedirect(request.getContextPath() + "/profile/changePassword");
              skipValidation = true;
              redirect = true;
            } else if (user.isPasswordExpired()
                && (servletPath.startsWith("/profile/changePassword")
                    || servletPath.startsWith("/auth/forgotPassword"))) {
              skipValidation = true;
            }

            if (!user.isActivated() && !servletPath.startsWith("/activate") && !skipValidation) {
              response.sendRedirect(request.getContextPath() + "/activate");
              redirect = true;
            }
          }
        }
      }
    }

    // We do not want the healthcheck to ever populate the WebRequest object
    if (request != null
        && !StringUtils.startsWithIgnoreCase(request.getServletPath(), "/healthcheck")) {
      String serverName;
      // If ApplicationDomain is set on the properties then use that as the server name, else use
      // what came off the request
      if (StringUtils.hasText(applicationDomain)
          && !("${" + SystemProperties.APPLICATION_DOMAIN + "}")
              .equalsIgnoreCase(applicationDomain)) {
        serverName = applicationDomain;
      } else {
        serverName = request.getServerName();
      }
      WebRequest.getInstance(
          request.getScheme(), serverName, request.getServerPort(), request.getContextPath());
    }

    if (redirect) {
      return false;
    }

    return true;
  }