- String username = request.getParameter("username");
- String password = request.getParameter("password");
- if (username != null && password != null) {
- try {
- lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER,
- new HttpRequestCallbackHandler(request, response) {
- public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
- for (Callback callback : callbacks) {
- if (callback instanceof NameCallback && username != null)
- ((NameCallback) callback).setName(username);
- else if (callback instanceof PasswordCallback && password != null)
- ((PasswordCallback) callback).setPassword(password.toCharArray());
- else if (callback instanceof HttpRequestCallback) {
- ((HttpRequestCallback) callback).setRequest(request);
- ((HttpRequestCallback) callback).setResponse(response);
- }
- }
- }
- });
- lc.login();
-
- CmsSessionId cmsSessionId = (CmsSessionId) lc.getSubject().getPrivateCredentials(CmsSessionId.class)
- .toArray()[0];
- Authorization authorization = (Authorization) lc.getSubject().getPrivateCredentials(Authorization.class)
- .toArray()[0];
-
- JsonWriter jsonWriter = gson.newJsonWriter(response.getWriter());
- jsonWriter.beginObject();
- // Authorization
- jsonWriter.name("username").value(authorization.getName());
- jsonWriter.name("displayName").value(authorization.toString());
- // Roles
- jsonWriter.name("roles").beginArray();
- for (String role : authorization.getRoles())
- if (!role.equals(authorization.getName()))
- jsonWriter.value(role);
- jsonWriter.endArray();
- // CMS session
- jsonWriter.name("cmsSession").beginObject();
- jsonWriter.name("uuid").value(cmsSessionId.getUuid().toString());
- jsonWriter.endObject();
-
- jsonWriter.endObject();
-
- String redirectTo = redirectTo(request);
- if (redirectTo != null)
- response.sendRedirect(redirectTo);
- } catch (LoginException e) {
- response.setStatus(403);
+ String username = request.getParameter(PARAM_USERNAME);
+ String password = request.getParameter(PARAM_PASSWORD);
+ try {
+ lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request, response) {
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (Callback callback : callbacks) {
+ if (callback instanceof NameCallback && username != null)
+ ((NameCallback) callback).setName(username);
+ else if (callback instanceof PasswordCallback && password != null)
+ ((PasswordCallback) callback).setPassword(password.toCharArray());
+ else if (callback instanceof HttpRequestCallback) {
+ ((HttpRequestCallback) callback).setRequest(request);
+ ((HttpRequestCallback) callback).setResponse(response);
+ }
+ }
+ }
+ });
+ lc.login();
+
+ Subject subject = lc.getSubject();
+ CmsSessionId cmsSessionId = extractFrom(subject.getPrivateCredentials(CmsSessionId.class));
+ if (cmsSessionId == null) {
+ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);