use of org.obiba.shiro.web.filter.UserBannedException in project mica2 by obiba.
the class SessionsResource method createSession.
@POST
@Path("/sessions")
public Response createSession(@SuppressWarnings("TypeMayBeWeakened") @Context HttpServletRequest servletRequest, @FormParam("username") String username, @FormParam("password") String password) {
try {
ObibaRealm.Subject profile = userProfileService.getProfile(username);
String realUsername = profile == null ? username : profile.getUsername();
authenticationExecutor.login(new UsernamePasswordToken(realUsername, password));
Subject subject = SecurityUtils.getSubject();
String sessionId = subject.getSession().getId().toString();
log.info("Successful session creation for user '{}' session ID is '{}'.", realUsername, sessionId);
String locale = getPreferredLocale(subject);
Response.ResponseBuilder builder = Response.created(UriBuilder.fromPath(JerseyConfiguration.WS_ROOT).path(SessionResource.class).build(sessionId));
if (!Strings.isNullOrEmpty(locale))
builder.cookie(new NewCookie("NG_TRANSLATE_LANG_KEY", locale, micaConfigService.getContextPath() + "/", null, DEFAULT_VERSION, null, DEFAULT_MAX_AGE, null, false, false));
return builder.build();
} catch (UserBannedException e) {
throw e;
} catch (AuthenticationException e) {
log.info("Authentication failure of user '{}' at ip: '{}': {}", username, servletRequest.getRemoteAddr(), e.getMessage());
// When a request contains credentials and they are invalid, the 403 (Forbidden) should be returned.
return Response.status(Response.Status.FORBIDDEN).cookie().build();
}
}
Aggregations