/**
* Authenticates the user and returns the user token which has to be sent in the header of every
* request
*
* @see fr.emse.ewall.security.LdapAuthenticationFilter
*/
@RequestMapping(
value = "/login",
method = RequestMethod.POST,
consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE,
produces = MediaType.APPLICATION_JSON_VALUE)
@JsonView(FlatView.class)
public ResponseEntity<User> authenticate(
HttpServletRequest request, HttpServletResponse response) {
String[] username = request.getParameterValues("username");
String[] password = request.getParameterValues("password");
if (username == null || password == null) {
throw new IllegalArgumentException("User and password are required");
}
// We now call the LDAP to control the password
User user = ldapService.checkUser(username[0], password[0]);
cookieService.setCookieInResponse(response, user, true);
return ResponseEntity.ok().body(user);
}
/** When a user log out we regenerate a new token */
@RequestMapping(value = "/logout")
public void logout(HttpServletResponse response) {
CurrentUser currentUser = applicationContext.getBean(CurrentUser.class);
cookieService.setCookieInResponse(response, currentUser.getCredentials().orElse(null), false);
}