Java tutorial
/** * Copyright (C) 2011 Flamingo Project (http://www.opencloudengine.org). * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ package io.uengine.web.system; import io.uengine.common.security.SessionUtils; import io.uengine.util.DateUtils; import io.uengine.util.JsonUtils; import io.uengine.web.configuration.DefaultController; import io.uengine.web.security.AESPasswordEncoder; import org.apache.commons.codec.binary.Base64; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.security.access.annotation.Secured; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.io.IOException; import java.util.Date; import java.util.HashMap; import java.util.Map; /** * Security Auth Controller * * @author Seungpil PARK * @since 2.0 */ @Controller @RequestMapping("/auth") public class UserController extends DefaultController { @Autowired private UserService userService; @Autowired @Qualifier("passwordEncoder") private AESPasswordEncoder passwordEncoder; /** * SLF4J Logging */ private Logger logger = LoggerFactory.getLogger(UserController.class); @RequestMapping(value = "/login", method = RequestMethod.GET) public ModelAndView login(HttpSession session) { return new ModelAndView("/auth/login"); } @RequestMapping(value = "/forgetPasswd", method = RequestMethod.GET) public ModelAndView forgetPasswd(HttpSession session) { return new ModelAndView("/auth/forgetPasswd"); } @RequestMapping(value = "/fail", method = RequestMethod.GET) public ModelAndView fail(HttpSession session) { return new ModelAndView("/auth/fail"); } /** * ? ??? ? ??? . */ @RequestMapping(value = "/sendPasswd", method = RequestMethod.POST) public ModelAndView registerRequest(@RequestParam String email) { try { //? if (userService.getUser(email) == null) { ModelAndView mav = new ModelAndView(); mav.setViewName("/auth/sendPasswdFail"); mav.addObject("responseEmail", email); return mav; } //? ? ? ?? ??. userService.sendPasswdMail(email); ModelAndView mav = new ModelAndView(); mav.setViewName("/auth/sendPasswdSuccess"); return mav; } catch (Exception ex) { ModelAndView mav = new ModelAndView(); mav.setViewName("/auth/sendPasswdFail"); mav.addObject("responseEmail", email); return mav; } } @RequestMapping(value = "/passwdConfirm", method = RequestMethod.GET) public ModelAndView confirm(HttpServletResponse res, @RequestParam String userid, @RequestParam String token) throws IOException { long tokenTimestamp = Long.parseLong(new String(Base64.decodeBase64(token))); if (DateUtils.getDiffDays(new Date(), new Date(tokenTimestamp)) > 1) { ModelAndView mav = new ModelAndView(); mav.setViewName("/auth/error-401"); return mav; } try { if (userService.reqPasswdExist(userid, token)) { ModelAndView mav = new ModelAndView(); mav.setViewName("/auth/repasswd"); return mav; } else { ModelAndView mav = new ModelAndView(); mav.setViewName("/auth/error-401"); return mav; } } catch (Exception ex) { ModelAndView mav = new ModelAndView(); mav.setViewName("/auth/error-401"); return mav; } } /** * ? ?? . */ @RequestMapping(value = "/repasswdProc", method = RequestMethod.POST) @Secured({ "ROLE_ADMIN", "ROLE_USER" }) public ModelAndView changePassword(@RequestParam String password, @RequestParam String newPassword, @RequestParam String confirmNewPassword) { String email = SessionUtils.getEmail(); // ? if (!passwordEncoder.matches(password, SessionUtils.getPasswd())) { ModelAndView mav = new ModelAndView(); mav.setViewName("/auth/invalidPasswd"); return mav; } Map map = new HashMap(); map.put("email", email); map.put("password", passwordEncoder.encode(newPassword)); userService.updatePassword(map); ModelAndView mav = new ModelAndView(); mav.setViewName("/auth/passwdChanged"); return mav; } /** * ? .( ) * * @param userString ? JsonString */ @RequestMapping(value = "/updateUserInfo", method = RequestMethod.POST) @Secured({ "ROLE_ADMIN", "ROLE_USER" }) public ModelAndView updateUserInfo(@RequestBody String userString) { try { Map userMap = JsonUtils.unmarshal(userString); userService.updateUserInfo(userMap); ModelAndView mav = new ModelAndView(); mav.setViewName("/auth/reviewUserInfo"); return mav; } catch (Exception ex) { ModelAndView mav = new ModelAndView(); mav.setViewName("/auth/updateUserInfoFailed"); return mav; } } }