Revision 57531
Added by Michele Artini over 4 years ago
| HomeController.java | ||
|---|---|---|
| 1 | 1 |
package eu.dnetlib.organizations.controller; |
| 2 | 2 |
|
| 3 |
import java.io.IOException; |
|
| 4 |
import java.security.Principal; |
|
| 5 |
import java.util.UUID; |
|
| 6 |
|
|
| 7 |
import javax.servlet.http.Cookie; |
|
| 8 |
import javax.servlet.http.HttpServletResponse; |
|
| 9 |
|
|
| 10 |
import org.apache.commons.io.IOUtils; |
|
| 11 |
import org.springframework.http.HttpStatus; |
|
| 12 | 3 |
import org.springframework.stereotype.Controller; |
| 13 |
import org.springframework.web.bind.annotation.CookieValue;
|
|
| 4 |
import org.springframework.web.bind.annotation.GetMapping;
|
|
| 14 | 5 |
import org.springframework.web.bind.annotation.RequestMapping; |
| 15 | 6 |
import org.springframework.web.bind.annotation.RequestMethod; |
| 16 | 7 |
|
| 17 | 8 |
@Controller |
| 18 | 9 |
public class HomeController {
|
| 19 | 10 |
|
| 20 |
private static final String TEMPORARY_AUTH_CODE = "TEMP_COOKIE"; |
|
| 11 |
@GetMapping("/")
|
|
| 12 |
public String home() {
|
|
| 13 |
return "/user"; |
|
| 14 |
} |
|
| 21 | 15 |
|
| 22 |
@RequestMapping(value = "/", method = RequestMethod.GET)
|
|
| 23 |
public void logout(@CookieValue(name = "auth_code", required = false) final String authCode, final HttpServletResponse res, final Principal principal)
|
|
| 24 |
throws IOException {
|
|
| 25 |
res.setContentType("text/html");
|
|
| 16 |
@GetMapping("/login")
|
|
| 17 |
public String login() {
|
|
| 18 |
return "/login";
|
|
| 19 |
}
|
|
| 26 | 20 |
|
| 27 |
if (authCode == null) {
|
|
| 28 |
res.addCookie(new Cookie("auth_code", TEMPORARY_AUTH_CODE));
|
|
| 29 |
IOUtils.copy(getClass().getResourceAsStream("/templates/redirect.html"), res.getOutputStream());
|
|
| 30 |
} else if (authCode.equals(TEMPORARY_AUTH_CODE) || principal == null) {
|
|
| 31 |
res.setStatus(HttpStatus.UNAUTHORIZED.value()); |
|
| 32 |
res.setHeader("WWW-Authenticate", "Basic realm=\"Realm\"");
|
|
| 33 |
res.setHeader("X-Content-Type-Options", "nosniff");
|
|
| 34 |
res.setHeader("X-XSS-Protection", "1; mode=block");
|
|
| 35 |
res.setHeader("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate");
|
|
| 36 |
res.setHeader("Pragma", "no-cache");
|
|
| 37 |
res.setHeader("Expires", "0");
|
|
| 38 |
res.setHeader("X-Frame-Options", "DENY");
|
|
| 21 |
@GetMapping("/403")
|
|
| 22 |
public String error403() {
|
|
| 23 |
return "/403"; |
|
| 24 |
} |
|
| 39 | 25 |
|
| 40 |
final Cookie cookie = new Cookie("auth_code", UUID.randomUUID().toString());
|
|
| 41 |
cookie.setMaxAge(-1); |
|
| 26 |
@RequestMapping(value = { "/doc", "/swagger" }, method = RequestMethod.GET)
|
|
| 27 |
public String apiDoc() {
|
|
| 28 |
return "redirect:swagger-ui.html"; |
|
| 29 |
} |
|
| 42 | 30 |
|
| 43 |
res.addCookie(cookie); |
|
| 44 |
IOUtils.copy(getClass().getResourceAsStream("/templates/redirect.html"), res.getOutputStream());
|
|
| 45 |
} else {
|
|
| 46 |
IOUtils.copy(getClass().getResourceAsStream("/templates/home.html"), res.getOutputStream());
|
|
| 47 |
} |
|
| 48 |
|
|
| 49 |
} |
|
| 50 | 31 |
} |
Also available in: Unified diff
new authentication