Revision 57531
Added by Michele Artini over 4 years ago
HomeController.java | ||
---|---|---|
1 | 1 |
package eu.dnetlib.organizations.controller; |
2 | 2 |
|
3 |
import java.io.IOException; |
|
4 |
import java.security.Principal; |
|
5 |
import java.util.UUID; |
|
6 |
|
|
7 |
import javax.servlet.http.Cookie; |
|
8 |
import javax.servlet.http.HttpServletResponse; |
|
9 |
|
|
10 |
import org.apache.commons.io.IOUtils; |
|
11 |
import org.springframework.http.HttpStatus; |
|
12 | 3 |
import org.springframework.stereotype.Controller; |
13 |
import org.springframework.web.bind.annotation.CookieValue;
|
|
4 |
import org.springframework.web.bind.annotation.GetMapping;
|
|
14 | 5 |
import org.springframework.web.bind.annotation.RequestMapping; |
15 | 6 |
import org.springframework.web.bind.annotation.RequestMethod; |
16 | 7 |
|
17 | 8 |
@Controller |
18 | 9 |
public class HomeController { |
19 | 10 |
|
20 |
private static final String TEMPORARY_AUTH_CODE = "TEMP_COOKIE"; |
|
11 |
@GetMapping("/") |
|
12 |
public String home() { |
|
13 |
return "/user"; |
|
14 |
} |
|
21 | 15 |
|
22 |
@RequestMapping(value = "/", method = RequestMethod.GET)
|
|
23 |
public void logout(@CookieValue(name = "auth_code", required = false) final String authCode, final HttpServletResponse res, final Principal principal)
|
|
24 |
throws IOException {
|
|
25 |
res.setContentType("text/html");
|
|
16 |
@GetMapping("/login")
|
|
17 |
public String login() {
|
|
18 |
return "/login";
|
|
19 |
}
|
|
26 | 20 |
|
27 |
if (authCode == null) { |
|
28 |
res.addCookie(new Cookie("auth_code", TEMPORARY_AUTH_CODE)); |
|
29 |
IOUtils.copy(getClass().getResourceAsStream("/templates/redirect.html"), res.getOutputStream()); |
|
30 |
} else if (authCode.equals(TEMPORARY_AUTH_CODE) || principal == null) { |
|
31 |
res.setStatus(HttpStatus.UNAUTHORIZED.value()); |
|
32 |
res.setHeader("WWW-Authenticate", "Basic realm=\"Realm\""); |
|
33 |
res.setHeader("X-Content-Type-Options", "nosniff"); |
|
34 |
res.setHeader("X-XSS-Protection", "1; mode=block"); |
|
35 |
res.setHeader("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate"); |
|
36 |
res.setHeader("Pragma", "no-cache"); |
|
37 |
res.setHeader("Expires", "0"); |
|
38 |
res.setHeader("X-Frame-Options", "DENY"); |
|
21 |
@GetMapping("/403") |
|
22 |
public String error403() { |
|
23 |
return "/403"; |
|
24 |
} |
|
39 | 25 |
|
40 |
final Cookie cookie = new Cookie("auth_code", UUID.randomUUID().toString()); |
|
41 |
cookie.setMaxAge(-1); |
|
26 |
@RequestMapping(value = { "/doc", "/swagger" }, method = RequestMethod.GET) |
|
27 |
public String apiDoc() { |
|
28 |
return "redirect:swagger-ui.html"; |
|
29 |
} |
|
42 | 30 |
|
43 |
res.addCookie(cookie); |
|
44 |
IOUtils.copy(getClass().getResourceAsStream("/templates/redirect.html"), res.getOutputStream()); |
|
45 |
} else { |
|
46 |
IOUtils.copy(getClass().getResourceAsStream("/templates/home.html"), res.getOutputStream()); |
|
47 |
} |
|
48 |
|
|
49 |
} |
|
50 | 31 |
} |
Also available in: Unified diff
new authentication