Esempio n. 1
0
  /**
   * Authenticates the user and returns the user token which has to be sent in the header of every
   * request
   *
   * @see fr.emse.ewall.security.LdapAuthenticationFilter
   */
  @RequestMapping(
      value = "/login",
      method = RequestMethod.POST,
      consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE,
      produces = MediaType.APPLICATION_JSON_VALUE)
  @JsonView(FlatView.class)
  public ResponseEntity<User> authenticate(
      HttpServletRequest request, HttpServletResponse response) {
    String[] username = request.getParameterValues("username");
    String[] password = request.getParameterValues("password");

    if (username == null || password == null) {
      throw new IllegalArgumentException("User and password are required");
    }

    // We now call the LDAP to control the password
    User user = ldapService.checkUser(username[0], password[0]);
    cookieService.setCookieInResponse(response, user, true);

    return ResponseEntity.ok().body(user);
  }
Esempio n. 2
0
 /** When a user log out we regenerate a new token */
 @RequestMapping(value = "/logout")
 public void logout(HttpServletResponse response) {
   CurrentUser currentUser = applicationContext.getBean(CurrentUser.class);
   cookieService.setCookieInResponse(response, currentUser.getCredentials().orElse(null), false);
 }