View Javadoc

1   package org.appfuse.webapp.controller;
2   
3   import java.util.Locale;
4   
5   import javax.servlet.http.HttpServletRequest;
6   import javax.servlet.http.HttpServletResponse;
7   
8   import org.appfuse.Constants;
9   import org.appfuse.model.User;
10  import org.appfuse.service.RoleManager;
11  import org.appfuse.service.UserExistsException;
12  import org.appfuse.webapp.util.RequestUtil;
13  import org.springframework.beans.factory.annotation.Autowired;
14  import org.springframework.mail.MailException;
15  import org.springframework.security.access.AccessDeniedException;
16  import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
17  import org.springframework.security.core.context.SecurityContextHolder;
18  import org.springframework.stereotype.Controller;
19  import org.springframework.validation.BindingResult;
20  import org.springframework.web.bind.annotation.ModelAttribute;
21  import org.springframework.web.bind.annotation.RequestMapping;
22  import org.springframework.web.bind.annotation.RequestMethod;
23  import org.tuckey.web.filters.urlrewrite.utils.StringUtils;
24  
25  /**
26   * Controller to signup new users.
27   *
28   * @author <a href="mailto:matt@raibledesigns.com">Matt Raible</a>
29   */
30  @Controller
31  @RequestMapping("/signup*")
32  public class SignupController extends BaseFormController {
33      private RoleManager roleManager;
34  
35      @Autowired
36      public void setRoleManager(final RoleManager roleManager) {
37          this.roleManager = roleManager;
38      }
39  
40      public SignupController() {
41          setCancelView("redirect:login");
42          setSuccessView("redirect:home");
43      }
44  
45      @ModelAttribute
46      @RequestMapping(method = RequestMethod.GET)
47      public User showForm() {
48          return new User();
49      }
50  
51      @RequestMapping(method = RequestMethod.POST)
52      public String onSubmit(final User user, final BindingResult errors, final HttpServletRequest request, final HttpServletResponse response)
53              throws Exception {
54          if (request.getParameter("cancel") != null) {
55              return getCancelView();
56          }
57  
58          if (validator != null) { // validator is null during testing
59              validator.validate(user, errors);
60  
61              if (StringUtils.isBlank(user.getPassword())) {
62                  errors.rejectValue("password", "errors.required", new Object[] { getText("user.password", request.getLocale()) },
63                          "Password is a required field.");
64              }
65  
66              if (errors.hasErrors()) {
67                  return "signup";
68              }
69          }
70  
71          final Locale locale = request.getLocale();
72  
73          user.setEnabled(true);
74  
75          // Set the default user role on this new user
76          user.addRole(roleManager.getRole(Constants.USER_ROLE));
77  
78          // unencrypted users password to log in user automatically
79          final String password = user.getPassword();
80  
81          try {
82              this.getUserManager().saveUser(user);
83          } catch (final AccessDeniedException ade) {
84              // thrown by UserSecurityAdvice configured in aop:advisor userManagerSecurity
85              log.warn(ade.getMessage());
86              response.sendError(HttpServletResponse.SC_FORBIDDEN);
87              return null;
88          } catch (final UserExistsException e) {
89              errors.rejectValue("username", "errors.existing.user",
90                      new Object[] { user.getUsername(), user.getEmail() }, "duplicate user");
91  
92              return "signup";
93          }
94  
95          saveMessage(request, getText("user.registered", user.getUsername(), locale));
96          request.getSession().setAttribute(Constants.REGISTERED, Boolean.TRUE);
97  
98          // log user in automatically
99          final UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
100                 user.getUsername(), password, user.getAuthorities());
101         auth.setDetails(user);
102         SecurityContextHolder.getContext().setAuthentication(auth);
103 
104         // Send user an e-mail
105         if (log.isDebugEnabled()) {
106             log.debug("Sending user '" + user.getUsername() + "' an account information e-mail");
107         }
108 
109         // Send an account information e-mail
110         message.setSubject(getText("signup.email.subject", locale));
111 
112         try {
113             sendUserMessage(user, getText("signup.email.message", locale), RequestUtil.getAppURL(request));
114         } catch (final MailException me) {
115             saveError(request, me.getMostSpecificCause().getMessage());
116         }
117 
118         return getSuccessView();
119     }
120 }