package startupdemo.controller;import java.sql.Connection;import java.sql.

1. package startupdemo.controller;
2.  
3. import java.sql.Connection;
4. import java.sql.ResultSet;
5. import java.sql.Statement;
6.  
7. import javax.annotation.Resource;
8.  
9. import java.util.concurrent.locks.ReentrantLock;
10.  
11. import org.jboss.logging.Logger;
12. import org.springframework.ui.Model;
13. import org.springframework.web.bind.annotation.RequestMapping;
14. import org.springframework.web.bind.annotation.RequestMethod;
15. import org.springframework.web.bind.annotation.RequestParam;
16. import org.springframework.web.bind.annotation.RestController;
17. import org.springframework.web.servlet.mvc.support.RedirectAttributes;
18.  
19. import startupdemo.service.MysqlService;
20. import startupdemo.service.UserService;
21.  
22.  
23. @RestController
24. @RequestMapping("/login")
25. public class LoginController
26. {
27.     private static Logger LOG = Logger.getLogger(LoginController.class);
28.  
29.     private static String REDIRECT_PREFIX = "redirect:";
30.  
31.     @Resource(name = "userService")
32.     private UserService userService;
33.  
34.     @Resource(name = "mysqlService")
35.     private MysqlService mysqlService;
36.  
37.     private final ReentrantLock lock = new ReentrantLock();
38.  
39.     private String firstname;
40.  
41.     @RequestMapping(method = RequestMethod.GET)
42.     public String getLoginPage()
43.     {
44.         return "login";
45.     }
46.  
47.     @RequestMapping(method = RequestMethod.POST)
48.     public String loginUser(@RequestParam(value = "username", required = true) final String username,
49.             @RequestParam(value = "password", required = true) final String password,
50.             final Model model, final RedirectAttributes redirectAttributes)
51.     {
52.         final boolean loginsuccess = authenticateUser(username, password);
53.         if (loginsuccess)
54.         {
55.             // SUD-14 add customer greeting
56.             redirectAttributes.addFlashAttribute("message", "Welcome to startupdemo, " + firstname + "!");
57.  
58.             LOG.info("Login successful. Redirecting user to main application.");
59.             return REDIRECT_PREFIX + "/startupdemo";
60.         }
61.  
62.         LOG.info("Login failed.");
63.         model.addAttribute("errorMessage", "Could not login user " + username + ". Invalid username or password.");
64.         return "login";
65.     }
66.  
67.     private boolean authenticateUser(final String username, final String password)
68.     {
69.         boolean result = false;
70.         try
71.         {
72.             final Connection connection = mysqlService.openMysqlConnection();
73.  
74.             final Statement s = connection.createStatement();
75.             final String q = "SELECT * FROM users WHERE username = '" + username + "' AND password = '" + password + "'";
76.  
77.             lock.lock();
78.             final ResultSet rs = s.executeQuery(q);
79.             lock.unlock();
80.  
81.             if (rs.next())
82.             {
83.                 result = true;
84.                 userService.setCurrentUser(username);
85.                 firstname = rs.getString("firstname");
86.             }
87.             rs.close();
88.             s.close();
89.  
90.             mysqlService.closeMysqlConnection();
91.         }
92.         catch (final Exception e)
93.         {
94.             LOG.error("Error happened while authenticating user.");
95.         }
96.         return result;
97.     }
98.  
99. }