SecurityController.java
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.shiro.samples.sprhib.web;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
/**
* Web MVC controller that handles security-related web requests, such as login and logout.
*/
@Controller
public class SecurityController {
private LoginValidator loginValidator = new LoginValidator();
@RequestMapping(value="/login",method= RequestMethod.GET)
public String showLoginForm(Model model, @ModelAttribute LoginCommand command ) {
return "login";
}
@RequestMapping(value="/login",method= RequestMethod.POST)
public String login(Model model, @ModelAttribute LoginCommand command, BindingResult errors) {
loginValidator.validate(command, errors);
if( errors.hasErrors() ) {
return showLoginForm(model, command);
}
UsernamePasswordToken token = new UsernamePasswordToken(command.getUsername(), command.getPassword(), command.isRememberMe());
try {
SecurityUtils.getSubject().login(token);
} catch (AuthenticationException e) {
errors.reject( "error.login.generic", "Invalid username or password. Please try again." );
}
if( errors.hasErrors() ) {
return showLoginForm(model, command);
} else {
return "redirect:/s/home";
}
}
@RequestMapping("/logout")
public String logout() {
SecurityUtils.getSubject().logout();
return "redirect:/";
}
}