@RequestMapping(
     method = RequestMethod.POST,
     params = {"bind", "step!=1"})
 public String onBindSubmit(
     UserForm userForm,
     BindingResult errors,
     WebRequest webRequest,
     HttpServletRequest request,
     HttpServletResponse response)
     throws Exception {
   try {
     if (StringUtils.hasText(userForm.getConfirmPassword())) { // New User, Signup !
       onSubmit(userForm, errors, request, response);
     } else {
       SecurityContext.addCasSignin(
           centralAuthenticationService,
           ticketGrantingTicketCookieGenerator,
           userForm.getUsername(),
           userForm.getPassword(),
           false,
           false,
           response);
     }
     ProviderSignInUtils.handlePostSignUp(userForm.getUsername(), webRequest);
     return "redirect:/";
   } catch (Exception e) {
     e.fillInStackTrace();
     log.warn(e.getMessage());
     saveError(request, getText("bind.error.signup", request.getLocale()));
     return "signup";
   }
 }
 @ModelAttribute
 @RequestMapping(
     method = RequestMethod.GET,
     params = {"bind"})
 public ModelAndView showBindForm(HttpServletRequest request, WebRequest webRequest) {
   Connection<?> connection = ProviderSignInUtils.getConnection(webRequest);
   if (connection != null) {
     UserForm userForm = UserForm.fromProviderUserProfile(connection.fetchUserProfile());
     userForm.setAvataUrl(connection.getImageUrl());
     userForm.setProviderId(StringUtils.capitalize(connection.getKey().getProviderId()));
     saveMessage(request, getText("user.bound", userForm.getUsername(), request.getLocale()));
     saveMessage(
         request, getText("user.bound.tip", userForm.getProviderId(), request.getLocale()));
     return new ModelAndView("bind", "userForm", userForm);
   }
   saveError(request, getText("bind.error", "", request.getLocale()));
   return new ModelAndView("redirect:/");
 }
  @RequestMapping(method = RequestMethod.POST)
  public String onSubmit(
      UserForm userForm,
      BindingResult errors,
      HttpServletRequest request,
      HttpServletResponse response)
      throws Exception {
    if (validator != null) { // validator is null during testing
      validator.validate(userForm, errors);
      if (request.getParameter(Constants.SECURITY_SUPERVISION_CODE)
          == null) { // don't validate when supervision
        if (!validateCaptcha(request)) {
          errors.rejectValue("captcha", "errors.captcha", new Object[] {}, "captcha error");
        }
        if (errors.hasErrors()) {
          return "signup";
        }
      }
    }
    Locale locale = request.getLocale();
    // Set the default user role on this new user
    userForm.addRole(roleManager.getRole(Constants.USER_ROLE));
    try {
      this.getUserManager().savePerson(userForm);
    } catch (UserExistsException e) {
      if (e.isContainsType(StateEnum.USERNAME_EXISTENCE))
        errors.rejectValue(
            "username",
            "errors.existing.user",
            new Object[] {userForm.getUsername()},
            "duplicate user");
      if (e.isContainsType(StateEnum.EMAIL_EXISTENCE))
        errors.rejectValue(
            "email",
            "errors.existing.email",
            new Object[] {userForm.getEmail()},
            "duplicate user email");
      userForm.setPassword(userForm.getConfirmPassword()); // redisplay the unencrypted passwords
      return "signup";
    } catch (Exception e) {
      log.warn(e.getMessage());
      response.sendError(HttpServletResponse.SC_FORBIDDEN);
      return null;
    }
    saveMessage(request, getText("user.registered", userForm.getUsername(), locale));
    request.getSession().setAttribute(Constants.REGISTERED, Boolean.TRUE);
    // log user in automatically
    UsernamePasswordAuthenticationToken auth =
        new UsernamePasswordAuthenticationToken(
            userForm.getUsername(), userForm.getConfirmPassword(), userForm.getAuthorities());
    auth.setDetails(userForm);
    SecurityContextHolder.getContext().setAuthentication(auth);
    // cas
    SecurityContext.addCasSignin(
        centralAuthenticationService,
        ticketGrantingTicketCookieGenerator,
        userForm.getUsername(),
        userForm.getConfirmPassword(),
        true,
        false,
        response);

    // Send user an e-mail
    if (log.isDebugEnabled()) {
      log.debug("Sending user '" + userForm.getUsername() + "' an account information e-mail");
    }
    // Send an account information e-mail
    message.setSubject(getText("signup.email.subject", locale));
    try {
      RequestUtil.setCookie(
          response,
          Constants.STATES_EMAIL_VERIFIED,
          Long.toString(System.currentTimeMillis()),
          "/");
      sendUserMessage(
          userForm,
          getText("signup.email.message", locale),
          RequestUtil.getAppURL(request)
              + "/hint?"
              + AuthCodeUtil.wrap(userForm.getUsername())
              + "&activation");
    } catch (MailException me) {
      saveError(request, me.getMostSpecificCause().getMessage());
    }
    return getRedirectView("/login", request.getParameter("service"));
  }