@RequestMapping(value = "/logout", method = RequestMethod.POST)
@AccessUser
public void logout() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication instanceof SecurityToken) {
SecurityToken token = (SecurityToken) authentication;
tokenService.evict(token.getToken());
} else {
throw new InvalidSubtypeTypeException(Authentication.class, authentication.getClass());
}
}
@RequestMapping(value = "/login", method = RequestMethod.POST)
public AuthenticationToken login(@RequestBody AuthenticationData authenticationData)
throws AuthenticationInvalidException {
User user;
user = userRepository.getUserByMail(authenticationData.getMail());
if (user == null) {
throw new AuthenticationInvalidException();
}
if (user.getPassword().equals(authenticationData.getPassword())) {
// Login successful
SecurityToken token = tokenService.generateNewToken(user);
tokenService.store(token);
return new AuthenticationToken(
SecurityConfig.TokenType, token.getToken()); // TODO: create session and token
} else {
// Password invalid
throw new AuthenticationInvalidException();
}
}