package startupdemo.controller;import java.sql.Connection;import java.sql.

1. package startupdemo.controller;
2.  
3. import java.sql.Connection;
4. import java.sql.ResultSet;
5. import java.sql.Statement;
6.  
7. import javax.annotation.Resource;
8.  
9. import java.util.concurrent.locks.ReentrantLock;
10.  
11. import org.jboss.logging.Logger;
12. import org.springframework.ui.Model;
13. import org.springframework.web.bind.annotation.RequestMapping;
14. import org.springframework.web.bind.annotation.RequestMethod;
15. import org.springframework.web.bind.annotation.RequestParam;
16. import org.springframework.web.bind.annotation.RestController;
17. import org.springframework.web.servlet.mvc.support.RedirectAttributes;
18.  
19. import startupdemo.service.MysqlService;
20. import startupdemo.service.UserService;
21.  
22.  
23. @RestController
24. @RequestMapping("/login")
25. public class LoginController
26. {
27.     private static Logger LOG = Logger.getLogger(LoginController.class);
28.  
29.     private static String REDIRECT_PREFIX = "redirect:";
30.  
31.     @Resource(name = "userService")
32.     private UserService userService;
33.  
34.     @Resource(name = "mysqlService")
35.     private MysqlService mysqlService;
36.  
37.     private final ReentrantLock lock = new ReentrantLock();
38.  
39.     private String firstname;
40.  
41.     @RequestMapping(method = RequestMethod.GET)
42.     public String getLoginPage()
43.     {
44.         return "login";
45.     }
46.  
47.     @RequestMapping(method = RequestMethod.POST)
48.     public String loginUser(@RequestParam(value = "username", required = true) final String username,
49.             @RequestParam(value = "password", required = true) final String password,
50.             final Model model, final RedirectAttributes redirectAttributes)
51.     {
52.         final boolean loginsuccess = authenticateUser(username, password);
53.         if (loginsuccess)
54.         {
55.             // SUD-14 add customer greeting
56.             redirectAttributes.addFlashAttribute("message", "Welcome to startupdemo, " + firstname + "!");
57.  
58.             LOG.info("Login successful. Redirecting user to main application.");
59.             return REDIRECT_PREFIX + "/startupdemo";
60.         }
61.  
62.         LOG.info("Login failed.");
63.         model.addAttribute("errorMessage", "Could not login user " + username + ". Invalid username or password.");
64.         return "login";
65.     }
66.  
67.     private boolean authenticateUser(final String username, final String password)
68.     {
69.         boolean result = false;
70.         try
71.         {
72.             lock.lock();
73.             final Connection connection = mysqlService.openMysqlConnection();
74.  
75.             final Statement s = connection.createStatement();
76.             final String q = "SELECT * FROM users WHERE username = '" + username + "' AND password = '" + password + "'";
77.             final ResultSet rs = s.executeQuery(q);
78.             if (rs.next())
79.             {
80.                 result = true;
81.                 userService.setCurrentUser(username);
82.                 firstname = rs.getString("firstname");
83.             }
84.             rs.close();
85.             s.close();
86.  
87.             mysqlService.closeMysqlConnection();
88.  
89.             lock.unlock();
90.         }
91.         catch (final Exception e)
92.         {
93.             LOG.error("Error happened while authenticating user.");
94.         }
95.         return result;
96.     }
97.  
98. }