package br.com.company.service;import java.util.Date;import javax.ws.rs.Cons

1. package br.com.company.service;
2.  
3. import java.util.Date;
4.  
5. import javax.ws.rs.Consumes;
6. import javax.ws.rs.DefaultValue;
7. import javax.ws.rs.GET;
8. import javax.ws.rs.Path;
9. import javax.ws.rs.Produces;
10. import javax.ws.rs.QueryParam;
11. import javax.ws.rs.core.MediaType;
12. import javax.ws.rs.core.Response;
13. import javax.ws.rs.core.Response.ResponseBuilder;
14.  
15. import br.com.rodrigolazoti.vraptor.authentication.AuthenticationControl;
16. import br.com.company.application.dao.UserDAO;
17. import br.com.company.application.model.User;
18. import br.com.company.framework.util.auth.PasswordValidator;
19.  
20. import com.sun.jersey.api.client.ClientResponse.Status;
21. import com.sun.jersey.core.spi.factory.ResponseBuilderImpl;
22.  
23. @Path("/")
24. public class AuthenticationService {
25.  
26. private final AuthenticationControl authControl = GambiInjector.instanceFor(AuthenticationControl.class);
27. private final UserDAO daoUser = GambiInjector.instanceFor(UserDAO.class);
28.  
29. @POST
30. @Path("login")
31. public Response login(
32. @DefaultValue("") @FormParam("u") String username,
33. @DefaultValue("") @FormParam("p") String password)
34. {
35. final ResponseBuilder res = new ResponseBuilderImpl();
36. final User existingUser = daoUser.findByUsername(username);
37. final boolean validated = existingUser == null
38. ? false
39. : PasswordValidator.validatePassword(existingUser, password);
40. if (!validated) {
41. // TODO: Protect against timing & brute-force attacks.
42. res.status(Status.UNAUTHORIZED);
43. } else {
44. existingUser.setLastLogin(new Date());
45. daoUser.save(existingUser);
46. authControl.createSession(existingUser);
47. res.status(Status.OK);
48. }
49. return res.build();
50. }
51.  
52. }