private ModelAndView performLogin(HttpServletRequest request, User user) { if (user.isDisabled()) throw new RuntimeException("User " + user.getUsername() + " is disabled. Aborting login"); // Update the last login time. new UserDao().recordLogin(user.getId()); // Add the user object to the session. This indicates to the rest of the application whether the // user is logged // in or not. Will replace any existing user object. Common.setUser(request, user); if (logger.isDebugEnabled()) logger.debug("User object added to session"); if (user.isFirstLogin()) return new ModelAndView(new RedirectView(newUserUrl)); if (!StringUtils.isBlank(user.getHomeUrl())) return new ModelAndView(new RedirectView(user.getHomeUrl())); for (AuthenticationDefinition def : ModuleRegistry.getDefinitions(AuthenticationDefinition.class)) def.postLogin(user); return new ModelAndView(new RedirectView(successUrl)); }
@Override protected ModelAndView onSubmit( HttpServletRequest request, HttpServletResponse response, Object command, BindException errors) throws Exception { LoginForm login = (LoginForm) command; // Check if the user exists User user = new UserDao().getUser(login.getUsername()); if (user == null) ValidationUtils.rejectValue(errors, "username", "login.validation.noSuchUser"); else if (user.isDisabled()) ValidationUtils.reject(errors, "login.validation.accountDisabled"); else { boolean authenticated = false; for (AuthenticationDefinition def : ModuleRegistry.getDefinitions(AuthenticationDefinition.class)) { authenticated = def.authenticate(request, response, user, login.getPassword(), errors); if (authenticated) break; } if (!authenticated) { String passwordHash = Common.encrypt(login.getPassword()); // Validating the password against the database. if (!passwordHash.equals(user.getPassword())) ValidationUtils.reject(errors, "login.validation.invalidLogin"); } } if (errors.hasErrors()) return showForm(request, response, errors); return performLogin(request, user); }
@Override protected ModelAndView showForm( HttpServletRequest request, HttpServletResponse response, BindException errors, @SuppressWarnings("rawtypes") Map controlModel) throws Exception { LoginForm loginForm = (LoginForm) errors.getTarget(); if (!errors.hasErrors()) checkDomain(request, errors); if (!errors.hasErrors()) { User user = null; for (AuthenticationDefinition def : ModuleRegistry.getDefinitions(AuthenticationDefinition.class)) { user = def.preLoginForm(request, response, loginForm, errors); if (user != null) break; } if (user != null) return performLogin(request, user); } return super.showForm(request, response, errors, controlModel); }