On Sat, 2011-10-29 at 20:49 +0000, thors...@apache.org wrote:
> Propchange: cocoon/cocoon3/trunk/cocoon-shiro/rcl.properties
> ------------------------------------------------------------------------------
> svn:eol-style = native
>
> Added:
> cocoon/cocoon3/trunk/cocoon-shiro/src/main/java/org/apache/cocoon/shiro/rest/AbstractShiroLogin.java
> URL:
> http://svn.apache.org/viewvc/cocoon/cocoon3/trunk/cocoon-shiro/src/main/java/org/apache/cocoon/shiro/rest/AbstractShiroLogin.java?rev=1195029&view=auto
> ==============================================================================
> ---
> cocoon/cocoon3/trunk/cocoon-shiro/src/main/java/org/apache/cocoon/shiro/rest/AbstractShiroLogin.java
> (added)
> +++
> cocoon/cocoon3/trunk/cocoon-shiro/src/main/java/org/apache/cocoon/shiro/rest/AbstractShiroLogin.java
> Sat Oct 29 20:49:09 2011
> @@ -0,0 +1,113 @@
> +/*
> + * Licensed to the Apache Software Foundation (ASF) under one
> + * or more contributor license agreements. See the NOTICE file
> + * distributed with this work for additional information
> + * regarding copyright ownership. The ASF licenses this file
> + * to you under the Apache License, Version 2.0 (the
> + * "License"); you may not use this file except in compliance
> + * with the License. You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing,
> + * software distributed under the License is distributed on an
> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> + * KIND, either express or implied. See the License for the
> + * specific language governing permissions and limitations
> + * under the License.
> + */
> +package org.apache.cocoon.shiro.rest;
> +
> +import java.util.HashMap;
> +import java.util.Map;
> +
> +import org.apache.cocoon.rest.controller.annotation.RESTController;
> +import org.apache.cocoon.rest.controller.annotation.RequestParameter;
> +import org.apache.cocoon.rest.controller.method.Get;
> +import org.apache.cocoon.rest.controller.method.Post;
> +import org.apache.cocoon.rest.controller.response.RedirectResponse;
> +import org.apache.cocoon.rest.controller.response.RestResponse;
> +import org.apache.cocoon.rest.controller.response.URLResponse;
> +import org.apache.commons.lang3.StringUtils;
> +import org.apache.shiro.SecurityUtils;
> +import org.apache.shiro.authc.IncorrectCredentialsException;
> +import org.apache.shiro.authc.UnknownAccountException;
> +import org.apache.shiro.authc.UsernamePasswordToken;
> +import org.apache.shiro.session.Session;
> +import org.apache.shiro.subject.Subject;
> +import org.apache.shiro.web.util.SavedRequest;
> +import org.apache.shiro.web.util.WebUtils;
> +import org.slf4j.Logger;
> +import org.slf4j.LoggerFactory;
> +
> +@RESTController
> +public abstract class AbstractShiroLogin implements Post, Get{
> +
> + protected abstract String getErrorLogin() ;
> + protected abstract String getDefaultTo();
> + protected abstract String getLoginPage() ;
> +
> + @RequestParameter
> + private String username;
> + @RequestParameter
> + private String password;
> + @RequestParameter
> + protected String to;
> + protected static final Logger LOG =
> LoggerFactory.getLogger(AbstractShiroLogin.class);
> +
> + public RestResponse doPost() throws Exception {
> + // create a UsernamePasswordToken using the
> + // username and password provided by the user
> + UsernamePasswordToken token = new
> UsernamePasswordToken(username,
> + password);
> + Subject subject = SecurityUtils.getSubject();
> + boolean error = true;
> + try {
> + subject.login(token);
> + error = false;
> + } catch (UnknownAccountException ex) {
> + LOG.error("UnknownAccountException", ex);
> + } catch (IncorrectCredentialsException ex) {
> + // password provided did not match password found in
> database
> + // for the username provided
> + LOG.error("IncorrectCredentialsException", ex);
> + } catch (Exception e) {
> + LOG.error("Exception", e);
> + } finally {
> + token.clear();
> + }
> + // clear the information stored in the token
> + if (error) {
> + Map<String, Object> data = new HashMap<String, Object>();
> + data.put("error", true);
> + data.put("to", getTo());
> + return new URLResponse(getErrorLogin(), data);
> + } else {
> + return new RedirectResponse(getTo());
> + }
> + }
> +
> + public RestResponse doGet() throws Exception {
> + Subject subject = SecurityUtils.getSubject();
> + Session session = subject.getSession();
> + SavedRequest savedRequest = (SavedRequest) session
> + .getAttribute(WebUtils.SAVED_REQUEST_KEY);
> + if (null != savedRequest) {
> + to = savedRequest.getRequestURI();
> + // now remove the session again
> + session.setAttribute(WebUtils.SAVED_REQUEST_KEY, null);
> + }
> + Map<String, Object> data = new HashMap<String, Object>();
> + data.put("to", getTo());
> + // FIXME: If we activate the following $if(error)$ will kick
> in even if it should not!
> + //data.put("error", false);
> + return new URLResponse(getLoginPage(), data);
Mind the "FIXME: If we activate the following $if(error)$ will kick in
even if it should not!
//data.put("error", false);"
We use in the sitemap:
+ <map:match pattern="screen/login">
+ <map:generate src="login.xml"
+ type="controller-aware-string-template" />
+ <map:serialize type="xhtml" />
+ </map:match>
and in the screen
$if(error)$
<strong>error: $error$ There has been an error in the
login.</strong>
$endif$
@Francesco can it be that the controller-aware-string-template needs the
same treatment and the other to activate the $if(boolean)$?
salu2
--
Thorsten Scherler <thorsten.at.apache.org>
codeBusters S.L. - web based systems
<consulting, training and solutions>
http://www.codebusters.es/
