Search in sources :

Example 1 with UserBannedException

use of org.obiba.shiro.web.filter.UserBannedException in project mica2 by obiba.

the class SessionsResource method createSession.

@POST
@Path("/sessions")
public Response createSession(@SuppressWarnings("TypeMayBeWeakened") @Context HttpServletRequest servletRequest, @FormParam("username") String username, @FormParam("password") String password) {
    try {
        ObibaRealm.Subject profile = userProfileService.getProfile(username);
        String realUsername = profile == null ? username : profile.getUsername();
        authenticationExecutor.login(new UsernamePasswordToken(realUsername, password));
        Subject subject = SecurityUtils.getSubject();
        String sessionId = subject.getSession().getId().toString();
        log.info("Successful session creation for user '{}' session ID is '{}'.", realUsername, sessionId);
        String locale = getPreferredLocale(subject);
        Response.ResponseBuilder builder = Response.created(UriBuilder.fromPath(JerseyConfiguration.WS_ROOT).path(SessionResource.class).build(sessionId));
        if (!Strings.isNullOrEmpty(locale))
            builder.cookie(new NewCookie("NG_TRANSLATE_LANG_KEY", locale, micaConfigService.getContextPath() + "/", null, DEFAULT_VERSION, null, DEFAULT_MAX_AGE, null, false, false));
        return builder.build();
    } catch (UserBannedException e) {
        throw e;
    } catch (AuthenticationException e) {
        log.info("Authentication failure of user '{}' at ip: '{}': {}", username, servletRequest.getRemoteAddr(), e.getMessage());
        // When a request contains credentials and they are invalid, the 403 (Forbidden) should be returned.
        return Response.status(Response.Status.FORBIDDEN).cookie().build();
    }
}
Also used : Response(javax.ws.rs.core.Response) AuthenticationException(org.apache.shiro.authc.AuthenticationException) ObibaRealm(org.obiba.shiro.realm.ObibaRealm) UserBannedException(org.obiba.shiro.web.filter.UserBannedException) Subject(org.apache.shiro.subject.Subject) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) NewCookie(javax.ws.rs.core.NewCookie) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Aggregations

POST (javax.ws.rs.POST)1 Path (javax.ws.rs.Path)1 NewCookie (javax.ws.rs.core.NewCookie)1 Response (javax.ws.rs.core.Response)1 AuthenticationException (org.apache.shiro.authc.AuthenticationException)1 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)1 Subject (org.apache.shiro.subject.Subject)1 ObibaRealm (org.obiba.shiro.realm.ObibaRealm)1 UserBannedException (org.obiba.shiro.web.filter.UserBannedException)1