From 053d0cfbc56af7787a1e0dc75e21ce4386835740 Mon Sep 17 00:00:00 2001 From: Miguel Reboiro-Jato Date: Wed, 24 Feb 2016 11:53:33 +0100 Subject: [PATCH] LoginFilter adds the login to the HTTP session When a user is correctly logged in, the LoginFilter adds the user login to the HTTP session. This allows, for example, the REST layer to retrieve the current logged user. --- src/main/java/es/uvigo/esei/daa/LoginFilter.java | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/main/java/es/uvigo/esei/daa/LoginFilter.java b/src/main/java/es/uvigo/esei/daa/LoginFilter.java index 4860187..22ba558 100644 --- a/src/main/java/es/uvigo/esei/daa/LoginFilter.java +++ b/src/main/java/es/uvigo/esei/daa/LoginFilter.java @@ -47,6 +47,7 @@ public class LoginFilter implements Filter { try { if (isLogoutPath(httpRequest)) { + destroySession(httpRequest); removeTokenCookie(httpResponse); redirectToIndex(httpRequest, httpResponse); } else if (isIndexPath(httpRequest) || checkToken(httpRequest)) { @@ -54,8 +55,10 @@ public class LoginFilter implements Filter { } else if (checkLogin(httpRequest, httpResponse)) { continueWithRedirect(httpRequest, httpResponse); } else if (isRestPath(httpRequest)) { + destroySession(httpRequest); httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN); } else { + destroySession(httpRequest); redirectToIndex(httpRequest, httpResponse); } } catch (IllegalArgumentException iae) { @@ -109,6 +112,10 @@ public class LoginFilter implements Filter { response.addCookie(cookie); } + private void destroySession(HttpServletRequest request) { + request.getSession().invalidate(); + } + private boolean checkLogin( HttpServletRequest request, HttpServletResponse response @@ -122,6 +129,7 @@ public class LoginFilter implements Filter { final Credentials credentials = new Credentials(login, password); response.addCookie(new Cookie("token", credentials.toToken())); + request.getSession().setAttribute("login", login); return true; } else { -- 2.18.1