@RequestMapping(value = "/user", method = RequestMethod.PUT)
@Transactional
public ResponseEntity<Client> doIt(@RequestBody Client client, Authentication authentication) {
List<String> errors = DomainValidator.checkForErrors(client);
if (!errors.isEmpty()) {
return new ResponseEntity<Client>(new Client(client, errors), HttpStatus.BAD_REQUEST);
}
HttpStatus status = null;
List<GrantedAuthority> authorities = new ArrayList<>();
authorities.add(new SimpleGrantedAuthority("USER"));
if (ApplicationSecurity.isRoot(authentication)) {
if (ApplicationSecurity.isRoot(client.getUsername())) {
return new ResponseEntity<Client>(
new Client(client, cannotChangeRootPassword), HttpStatus.BAD_REQUEST);
}
status = upsert(client, authorities);
} else if (StringUtils.equals(client.getUsername(), authentication.getName())) {
if (!userDetailsManager.userExists(client.getUsername())) {
return new ResponseEntity<Client>(new Client(client, mustBeRoot), HttpStatus.BAD_REQUEST);
}
User user = new User(client.getUsername(), client.getPassword(), authorities);
userDetailsManager.updateUser(user);
status = HttpStatus.OK;
} else {
return new ResponseEntity<Client>(HttpStatus.FORBIDDEN);
}
return new ResponseEntity<Client>(new Client(client), status);
}
public String createToken(Authentication authentication, Boolean rememberMe) {
String authorities = authentication.getAuthorities().stream()
.map(authority -> authority.getAuthority())
.collect(Collectors.joining(","));
long now = (new Date()).getTime();
Date validity = new Date(now);
if (rememberMe) {
validity = new Date(now + this.tokenValidityInSecondsForRememberMe);
} else {
validity = new Date(now + this.tokenValidityInSeconds);
}
return Jwts.builder()
.setSubject(authentication.getName())
.claim(AUTHORITIES_KEY, authorities)
.signWith(SignatureAlgorithm.HS512, secretKey)
.setExpiration(validity)
.compact();
}
@Override
protected void onLoginSuccess(HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication) {
String login = successfulAuthentication.getName();
log.debug("Creating new persistent login for user {}", login);
User user = userRepository.findOne(login);
PersistentToken token = new PersistentToken();
token.setSeries(generateSeriesData());
token.setUser(user);
token.setTokenValue(generateTokenData());
token.setTokenDate(new LocalDate());
token.setIpAddress(request.getRemoteAddr());
token.setUserAgent(request.getHeader("User-Agent"));
try {
persistentTokenRepository.saveAndFlush(token);
addCookie(token, request, response);
} catch (DataAccessException e) {
log.error("Failed to save persistent token ", e);
}
}
