@RequestMapping("/login")
public String login(String username, String password, HttpSession session) throws Exception {
User user = users.findOneByUsername(username);
if (user == null) {
user = new User();
user.username = username;
user.password = PasswordHash.createHash(password);
users.save(user);
} else if (!PasswordHash.validatePassword(password, user.password)) {
throw new Exception("Wrong password");
}
session.setAttribute("username", username);
return "redirect:/";
}
