API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 6th, 2020
311
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Java 3.53 KB | None | 0 0
raw download clone embed print report
  1. package py.una.cnc.htroot.controllers;
  2.  
  3. import javax.servlet.http.HttpServletRequest;
  4. import org.apache.commons.lang.StringUtils;
  5. import org.springframework.beans.factory.annotation.Autowired;
  6. import org.springframework.context.annotation.Scope;
  7. import org.springframework.security.core.context.SecurityContextHolder;
  8. import org.springframework.stereotype.Controller;
  9. import org.springframework.ui.ModelMap;
  10. import org.springframework.web.bind.annotation.RequestMapping;
  11. import org.springframework.web.bind.annotation.RequestMethod;
  12. import org.springframework.web.bind.annotation.RequestParam;
  13. import py.una.cnc.htroot.domain.User;
  14. import py.una.cnc.htroot.main.ApplicationContextProvider;
  15. import py.una.cnc.htroot.main.Message;
  16. import py.una.cnc.htroot.main.UserSession;
  17. import py.una.cnc.htroot.security.SecurityConfig;
  18. import py.una.cnc.lib.core.util.AppLogger;
  19.  
  20. @Controller
  21. @Scope("request")
  22. public class Login {
  23.  
  24.     @Autowired
  25.     private Message msg;
  26.     private final AppLogger logger = new AppLogger(Login.class);
  27.     @Autowired
  28.     private SecurityConfig securityConfig;
  29.  
  30.     @RequestMapping(value = "/login", method = RequestMethod.GET)
  31.     public String login(ModelMap model, @RequestParam(value = "error", required = false) String error,
  32.             HttpServletRequest request) {
  33.  
  34.         if (securityConfig.isCasEnabled()) {
  35.             return "redirect:" + securityConfig.getCasLoginUrl();
  36.         }
  37.         UserSession userSession = (UserSession) ApplicationContextProvider.getBeanStatic("userSession");
  38.  
  39.         if (userSession.isActive()) {
  40.             User user = userSession.getUser();
  41.             logger.info("Sesión activa: {} {} {}", user.getUsername(), user.getName(), user.getSurname());
  42.             return "redirect:/inicio";
  43.         }
  44.  
  45.         /*
  46.          * Puede ser un error de permission_denied por ejemplo, entonces va a
  47.          * ocurrir error en UserRoleService
  48.          */
  49.         String loginError = (String) userSession.getObject("loginError");
  50.         if (StringUtils.isNotBlank(loginError)) {
  51.             model.addAttribute("error", loginError);
  52.             userSession.addObject("loginError", null);
  53.             return "login";
  54.         }
  55.  
  56.         /*
  57.          * Existen casos en que al iniciar sesión, el usuario no tiene permisos
  58.          * para proceder, por lo tanto se cierra sesión y se pone un mensaje de
  59.          * error para mostrar al usuario.
  60.          *
  61.          * SecurityContextHolder.clearContext();
  62.          * request.getSession().invalidate();
  63.          * request.getSession().setAttribute("error",
  64.          * msg.get("usuario.admin.requerido"));
  65.          */
  66.         error = (String) request.getSession().getAttribute("error");
  67.         if (StringUtils.isNotBlank(error)) {
  68.             model.addAttribute("error", error);
  69.             return "login";
  70.         }
  71.  
  72.         if (userSession.getUserTmp() != null) {
  73.             model.addAttribute("error", msg.get("wrong_user_or_pass"));
  74.         }
  75.  
  76.         return "login";
  77.     }
  78.  
  79.     @RequestMapping(value = "/logout", method = RequestMethod.POST)
  80.     public String logout(ModelMap model, HttpServletRequest request) {
  81.  
  82.         SecurityContextHolder.clearContext();
  83.         request.getSession().invalidate();
  84.  
  85.         return "redirect:/login";
  86.     }
  87.  
  88.     @RequestMapping(value = "/403")
  89.     public String accessDenied(ModelMap model, HttpServletRequest request,
  90.             @RequestParam(value = "error", required = false) String error) {
  91.  
  92.         /**
  93.          * Cuando usuario deja sistema inactivo por determinado tiempo, se
  94.          * cierra sesión y al hacer la petición se produce el error 403. Por lo
  95.          * tanto, en este punto verificamos si sesión está activa
  96.          */
  97.         UserSession userSession = (UserSession) ApplicationContextProvider.getBeanStatic("userSession");
  98.         if (!userSession.isActive()) {
  99.             return logout(model, request);
  100.         }
  101.         return "403";
  102.     }
  103. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!