@Controller
@RequestMapping(value = "/common/security/*")
public class SecurityController {
@Inject
private UserService userService;
@RequestMapping(value = "/login")
public String login(String loginName, String password,
HttpServletResponse response, HttpServletRequest request) throws Exception {
User user = userService.getUserByLogin(loginName);
if (null != user) {
setLogin(loginInfoVO.getUserId(), loginInfoVO.getUserId());
return "redirect:/common/security/welcome";
} else {
return "redirect:/common/path?path=showLogin";
}
};
public static final void setLogin(String userId, String password) {
Subject currentUser = SecurityUtils.getSubject();
if (!currentUser.isAuthenticated()) {
//collect user principals and credentials in a gui specific manner
//such as username/password html form, X509 certificate, OpenID, etc.
//We'll use the username/password example here since it is the most common.
//(do you know what movie this is from? ;)
UsernamePasswordToken token = new UsernamePasswordToken(userId, password);
//this is all you have to do to support 'remember me' (no config - built in!):
token.setRememberMe(true);
currentUser.login(token);
}
};
@RequestMapping(value="/logout")
@ResponseBody
public void logout(HttpServletRequest request){
Subject subject = SecurityUtils.getSubject();
if (subject != null) {
subject.logout();
}
request.getSession().invalidate();
};
}