Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package br.com.company.service;
- import java.util.Date;
- import javax.ws.rs.Consumes;
- import javax.ws.rs.DefaultValue;
- import javax.ws.rs.GET;
- import javax.ws.rs.Path;
- import javax.ws.rs.Produces;
- import javax.ws.rs.QueryParam;
- import javax.ws.rs.core.MediaType;
- import javax.ws.rs.core.Response;
- import javax.ws.rs.core.Response.ResponseBuilder;
- import br.com.rodrigolazoti.vraptor.authentication.AuthenticationControl;
- import br.com.company.application.dao.UserDAO;
- import br.com.company.application.model.User;
- import br.com.company.framework.util.auth.PasswordValidator;
- import com.sun.jersey.api.client.ClientResponse.Status;
- import com.sun.jersey.core.spi.factory.ResponseBuilderImpl;
- @Path("/")
- public class AuthenticationService {
- private final AuthenticationControl authControl = GambiInjector.instanceFor(AuthenticationControl.class);
- private final UserDAO daoUser = GambiInjector.instanceFor(UserDAO.class);
- @POST
- @Path("login")
- public Response login(
- @DefaultValue("") @FormParam("u") String username,
- @DefaultValue("") @FormParam("p") String password)
- {
- final ResponseBuilder res = new ResponseBuilderImpl();
- final User existingUser = daoUser.findByUsername(username);
- final boolean validated = existingUser == null
- ? false
- : PasswordValidator.validatePassword(existingUser, password);
- if (!validated) {
- // TODO: Protect against timing & brute-force attacks.
- res.status(Status.UNAUTHORIZED);
- } else {
- existingUser.setLastLogin(new Date());
- daoUser.save(existingUser);
- authControl.createSession(existingUser);
- res.status(Status.OK);
- }
- return res.build();
- }
- }
Add Comment
Please, Sign In to add comment