@RequestMapping(method = RequestMethod.POST) public String onSubmit( UserForm userForm, BindingResult errors, HttpServletRequest request, HttpServletResponse response) throws Exception { if (validator != null) { // validator is null during testing validator.validate(userForm, errors); if (request.getParameter(Constants.SECURITY_SUPERVISION_CODE) == null) { // don't validate when supervision if (!validateCaptcha(request)) { errors.rejectValue("captcha", "errors.captcha", new Object[] {}, "captcha error"); } if (errors.hasErrors()) { return "signup"; } } } Locale locale = request.getLocale(); // Set the default user role on this new user userForm.addRole(roleManager.getRole(Constants.USER_ROLE)); try { this.getUserManager().savePerson(userForm); } catch (UserExistsException e) { if (e.isContainsType(StateEnum.USERNAME_EXISTENCE)) errors.rejectValue( "username", "errors.existing.user", new Object[] {userForm.getUsername()}, "duplicate user"); if (e.isContainsType(StateEnum.EMAIL_EXISTENCE)) errors.rejectValue( "email", "errors.existing.email", new Object[] {userForm.getEmail()}, "duplicate user email"); userForm.setPassword(userForm.getConfirmPassword()); // redisplay the unencrypted passwords return "signup"; } catch (Exception e) { log.warn(e.getMessage()); response.sendError(HttpServletResponse.SC_FORBIDDEN); return null; } saveMessage(request, getText("user.registered", userForm.getUsername(), locale)); request.getSession().setAttribute(Constants.REGISTERED, Boolean.TRUE); // log user in automatically UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken( userForm.getUsername(), userForm.getConfirmPassword(), userForm.getAuthorities()); auth.setDetails(userForm); SecurityContextHolder.getContext().setAuthentication(auth); // cas SecurityContext.addCasSignin( centralAuthenticationService, ticketGrantingTicketCookieGenerator, userForm.getUsername(), userForm.getConfirmPassword(), true, false, response); // Send user an e-mail if (log.isDebugEnabled()) { log.debug("Sending user '" + userForm.getUsername() + "' an account information e-mail"); } // Send an account information e-mail message.setSubject(getText("signup.email.subject", locale)); try { RequestUtil.setCookie( response, Constants.STATES_EMAIL_VERIFIED, Long.toString(System.currentTimeMillis()), "/"); sendUserMessage( userForm, getText("signup.email.message", locale), RequestUtil.getAppURL(request) + "/hint?" + AuthCodeUtil.wrap(userForm.getUsername()) + "&activation"); } catch (MailException me) { saveError(request, me.getMostSpecificCause().getMessage()); } return getRedirectView("/login", request.getParameter("service")); }