cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thorsten Scherler <scher...@gmail.com>
Subject [c3] bug in "controller-aware-string-template"? (was Re: svn commit: r1195029 )
Date Sat, 29 Oct 2011 21:03:49 GMT
On Sat, 2011-10-29 at 20:49 +0000, thorsten@apache.org wrote:
> Propchange: cocoon/cocoon3/trunk/cocoon-shiro/rcl.properties
> ------------------------------------------------------------------------------
>     svn:eol-style = native
> 
> Added:
> cocoon/cocoon3/trunk/cocoon-shiro/src/main/java/org/apache/cocoon/shiro/rest/AbstractShiroLogin.java
> URL:
> http://svn.apache.org/viewvc/cocoon/cocoon3/trunk/cocoon-shiro/src/main/java/org/apache/cocoon/shiro/rest/AbstractShiroLogin.java?rev=1195029&view=auto
> ==============================================================================
> ---
> cocoon/cocoon3/trunk/cocoon-shiro/src/main/java/org/apache/cocoon/shiro/rest/AbstractShiroLogin.java
(added)
> +++
> cocoon/cocoon3/trunk/cocoon-shiro/src/main/java/org/apache/cocoon/shiro/rest/AbstractShiroLogin.java
Sat Oct 29 20:49:09 2011
> @@ -0,0 +1,113 @@
> +/*
> + * Licensed to the Apache Software Foundation (ASF) under one
> + * or more contributor license agreements.  See the NOTICE file
> + * distributed with this work for additional information
> + * regarding copyright ownership.  The ASF licenses this file
> + * to you under the Apache License, Version 2.0 (the
> + * "License"); you may not use this file except in compliance
> + * with the License.  You may obtain a copy of the License at
> + *
> + *     http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing,
> + * software distributed under the License is distributed on an
> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> + * KIND, either express or implied.  See the License for the
> + * specific language governing permissions and limitations
> + * under the License.
> + */
> +package org.apache.cocoon.shiro.rest;
> +
> +import java.util.HashMap;
> +import java.util.Map;
> +
> +import org.apache.cocoon.rest.controller.annotation.RESTController;
> +import org.apache.cocoon.rest.controller.annotation.RequestParameter;
> +import org.apache.cocoon.rest.controller.method.Get;
> +import org.apache.cocoon.rest.controller.method.Post;
> +import org.apache.cocoon.rest.controller.response.RedirectResponse;
> +import org.apache.cocoon.rest.controller.response.RestResponse;
> +import org.apache.cocoon.rest.controller.response.URLResponse;
> +import org.apache.commons.lang3.StringUtils;
> +import org.apache.shiro.SecurityUtils;
> +import org.apache.shiro.authc.IncorrectCredentialsException;
> +import org.apache.shiro.authc.UnknownAccountException;
> +import org.apache.shiro.authc.UsernamePasswordToken;
> +import org.apache.shiro.session.Session;
> +import org.apache.shiro.subject.Subject;
> +import org.apache.shiro.web.util.SavedRequest;
> +import org.apache.shiro.web.util.WebUtils;
> +import org.slf4j.Logger;
> +import org.slf4j.LoggerFactory;
> +
> +@RESTController
> +public abstract class AbstractShiroLogin implements Post, Get{
> +    
> +    protected abstract String getErrorLogin() ;
> +    protected abstract String getDefaultTo();
> +    protected abstract String getLoginPage() ;
> +    
> +    @RequestParameter
> +    private String username;
> +    @RequestParameter
> +    private String password;
> +    @RequestParameter
> +    protected String to;
> +    protected static final Logger LOG =
> LoggerFactory.getLogger(AbstractShiroLogin.class);
> +
> +    public RestResponse doPost() throws Exception {
> +        // create a UsernamePasswordToken using the
> +        // username and password provided by the user
> +        UsernamePasswordToken token = new
> UsernamePasswordToken(username,
> +                password);
> +        Subject subject = SecurityUtils.getSubject();
> +        boolean error = true;
> +        try {
> +            subject.login(token);
> +            error = false;
> +        } catch (UnknownAccountException ex) {
> +            LOG.error("UnknownAccountException", ex);
> +        } catch (IncorrectCredentialsException ex) {
> +            // password provided did not match password found in
> database
> +            // for the username provided
> +            LOG.error("IncorrectCredentialsException", ex);
> +        } catch (Exception e) {
> +            LOG.error("Exception", e);
> +        } finally {
> +            token.clear();
> +        }
> +        // clear the information stored in the token
> +        if (error) {
> +            Map<String, Object> data = new HashMap<String, Object>();
> +            data.put("error", true);
> +            data.put("to", getTo());
> +            return new URLResponse(getErrorLogin(), data);
> +        } else {
> +            return new RedirectResponse(getTo());
> +        }
> +    }
> +
> +    public RestResponse doGet() throws Exception {
> +        Subject subject = SecurityUtils.getSubject();
> +        Session session = subject.getSession();
> +        SavedRequest savedRequest = (SavedRequest) session
> +                .getAttribute(WebUtils.SAVED_REQUEST_KEY);
> +        if (null != savedRequest) {
> +            to = savedRequest.getRequestURI();
> +            // now remove the session again
> +            session.setAttribute(WebUtils.SAVED_REQUEST_KEY, null);
> +        }
> +        Map<String, Object> data = new HashMap<String, Object>();
> +        data.put("to", getTo());
> +        // FIXME: If we activate the following $if(error)$ will kick
> in even if it should not!
> +        //data.put("error", false);
> +        return new URLResponse(getLoginPage(), data);

Mind the "FIXME: If we activate the following $if(error)$ will kick in
even if it should not!
//data.put("error", false);"

We use in the sitemap:

+      <map:match pattern="screen/login">
+        <map:generate src="login.xml"
+          type="controller-aware-string-template" />
+        <map:serialize type="xhtml" />
+      </map:match>

and in the screen
$if(error)$
      <strong>error: $error$ There has been an error in the
login.</strong>
      $endif$

@Francesco can it be that the controller-aware-string-template needs the
same treatment and the other to activate the $if(boolean)$?

salu2
-- 
Thorsten Scherler <thorsten.at.apache.org>
codeBusters S.L. - web based systems
<consulting, training and solutions>
http://www.codebusters.es/


Mime
View raw message