Beispiel #1
0
 @RequestMapping(value = "/search*.jspx", method = RequestMethod.GET)
 public String index(HttpServletRequest request, HttpServletResponse response, ModelMap model) {
   CmsSite site = CmsUtils.getSite(request);
   // 将request中所有参数保存至model中。
   model.putAll(RequestUtils.getQueryParams(request));
   FrontUtils.frontData(request, model, site);
   FrontUtils.frontPageData(request, model);
   String q = RequestUtils.getQueryParam(request, "q");
   if (q.equals("?") || q.equals("*")) {
     return FrontUtils.getTplPath(request, site.getSolutionPath(), TPLDIR_SPECIAL, SEARCH_ERROR);
   }
   if (q.startsWith("?") || q.startsWith("*")) {
     model.addAttribute("oldq", q);
     q = q.substring(1);
     // 替换关键词
     model.addAttribute("q", q);
   }
   String channelId = RequestUtils.getQueryParam(request, "channelId");
   if (StringUtils.isBlank(q) && StringUtils.isBlank(channelId)) {
     model.remove("q");
     model.remove("channelId");
     return FrontUtils.getTplPath(request, site.getSolutionPath(), TPLDIR_SPECIAL, SEARCH_INPUT);
   } else {
     return FrontUtils.getTplPath(request, site.getSolutionPath(), TPLDIR_SPECIAL, SEARCH_RESULT);
   }
 }
  @RequestMapping(value = {"/{login:login;?.*}"})
  // spring3.2.2 bug see http://jinnianshilongnian.iteye.com/blog/1831408
  public String loginForm(HttpServletRequest request, ModelMap model) {
    // 表示退出
    if (!StringUtils.isEmpty(request.getParameter("logout"))) {
      model.addAttribute(
          Constants.MESSAGE, messageSource.getMessage("user.logout.success", null, null));
    }

    // 表示用户删除了 @see org.apache.shiro.web.filter.user.SysUserFilter
    if (!StringUtils.isEmpty(request.getParameter("notfound"))) {
      model.addAttribute(Constants.ERROR, messageSource.getMessage("user.notfound", null, null));
    }

    // 表示用户被管理员强制退出
    if (!StringUtils.isEmpty(request.getParameter("forcelogout"))) {
      model.addAttribute(Constants.ERROR, messageSource.getMessage("user.forcelogout", null, null));
    }

    // 表示用户输入的验证码错误
    if (!StringUtils.isEmpty(request.getParameter("jcaptchaError"))) {
      model.addAttribute(
          Constants.ERROR, messageSource.getMessage("jcaptcha.validate.error", null, null));
    }

    // 表示用户锁定了 @see org.apache.shiro.web.filter.user.SysUserFilter
    if (!StringUtils.isEmpty(request.getParameter("blocked"))) {
      User user = (User) request.getAttribute(Constants.CURRENT_USER);
      String reason = userStatusHistoryService.getLastReason(user);
      model.addAttribute(
          Constants.ERROR, messageSource.getMessage("user.blocked", new Object[] {reason}, null));
    }

    if (!StringUtils.isEmpty(request.getParameter("unknown"))) {
      model.addAttribute(
          Constants.ERROR, messageSource.getMessage("user.unknown.error", null, null));
    }

    // 登录失败了 提取错误消息
    Exception shiroLoginFailureEx =
        (Exception) request.getAttribute(FormAuthenticationFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME);
    if (shiroLoginFailureEx != null) {
      model.addAttribute(Constants.ERROR, shiroLoginFailureEx.getMessage());
    }

    // 如果用户直接到登录页面 先退出一下
    // 原因:isAccessAllowed实现是subject.isAuthenticated()---->即如果用户验证通过 就允许访问
    // 这样会导致登录一直死循环
    Subject subject = SecurityUtils.getSubject();
    if ((subject != null) && subject.isAuthenticated()) {
      subject.logout();
    }

    // 如果同时存在错误消息 和 普通消息 只保留错误消息
    if (model.containsAttribute(Constants.ERROR)) {
      model.remove(Constants.MESSAGE);
    }

    return "front/login";
  }