Skip to content

Instantly share code, notes, and snippets.

@munsif3

munsif3/LoginController.java

Last active October 7, 2018 16:17
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save munsif3/57fe5b7961b880f5e8c5dbafc45e0f9a to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save munsif3/57fe5b7961b880f5e8c5dbafc45e0f9a to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. munsif3 revised this gist Oct 7, 2018. 1 changed file with 0 additions and 10 deletions.
    10 changes: 0 additions & 10 deletions LoginController.java
    View file
    Original file line number Diff line number Diff line change
    @@ -4,8 +4,6 @@
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;

    import org.slf4j.Logger;
    import org.slf4j.LoggerFactory;
    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.stereotype.Controller;
    import org.springframework.web.bind.annotation.ModelAttribute;
    @@ -18,8 +16,6 @@
    @Controller
    public class MainController {

    private Logger logger = LoggerFactory.getLogger(MainController.class);

    @Autowired
    private AuthenticationService authenticationService;

    @@ -38,14 +34,12 @@ public String login(@ModelAttribute User credentials, HttpServletResponse respon
    String password = credentials.getPassword();

    if (authenticationService.isValidUser(username, password)) {
    logger.debug("Successfully authenticated/validated user...");
    Cookie sessionCookie = new Cookie("sessionID", authenticationService.generateSessionId(username));
    Cookie userCookie = new Cookie("username", username);
    response.addCookie(sessionCookie);
    response.addCookie(userCookie);
    return "redirect:/";
    }
    logger.debug("Failed to authenticate user...");
    return "redirect:/login?status=failed";
    }

    @@ -68,13 +62,9 @@ public String blog(@ModelAttribute Blog blog, HttpServletRequest request) {

    if (authenticationService.isAuthenticated(cookies)) {
    if (authenticationService.validateCSRFToken(sessionId, blogToken)) {
    logger.debug("Blog post successful. Session Token is validated...");
    return "redirect:/home?status=success";
    } else {
    logger.debug("Session Token is Invalid...");
    }
    }
    logger.debug("Session Cookie is Invalid...");
    return "redirect:/home?status=failed";
    }

  2. munsif3 revised this gist Oct 7, 2018. No changes.
  3. munsif3 created this gist Oct 7, 2018.
    81 changes: 81 additions & 0 deletions LoginController.java
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,81 @@
    package com.munsif.ssd.csrfsynchronizer.controller;

    import javax.servlet.http.Cookie;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;

    import org.slf4j.Logger;
    import org.slf4j.LoggerFactory;
    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.stereotype.Controller;
    import org.springframework.web.bind.annotation.ModelAttribute;
    import org.springframework.web.bind.annotation.PostMapping;

    import com.munsif.ssd.csrfsynchronizer.model.Blog;
    import com.munsif.ssd.csrfsynchronizer.model.User;
    import com.munsif.ssd.csrfsynchronizer.service.AuthenticationService;;

    @Controller
    public class MainController {

    private Logger logger = LoggerFactory.getLogger(MainController.class);

    @Autowired
    private AuthenticationService authenticationService;

    /**
    * Handles Login request. Generates sessionCookie for keeping track of the
    * session. Generates userCookie to keep track of the user who interacts with
    * the application.
    *
    * @param credentials
    * @param response
    * @return request is redirected to the root request
    */
    @PostMapping("/login")
    public String login(@ModelAttribute User credentials, HttpServletResponse response) {
    String username = credentials.getUsername();
    String password = credentials.getPassword();

    if (authenticationService.isValidUser(username, password)) {
    logger.debug("Successfully authenticated/validated user...");
    Cookie sessionCookie = new Cookie("sessionID", authenticationService.generateSessionId(username));
    Cookie userCookie = new Cookie("username", username);
    response.addCookie(sessionCookie);
    response.addCookie(userCookie);
    return "redirect:/";
    }
    logger.debug("Failed to authenticate user...");
    return "redirect:/login?status=failed";
    }

    /**
    * Handles the Add Blog request. Extracts the cookies from the request (if any).
    * Retrieves the sessionID from the cookie. Checks if the user is authenticated.
    * Validates the CSRF Token provided, with that of what is in the HashMap.
    * Returns with status as "success" or "failed"
    *
    * @param blog
    * @param request
    * @return
    */
    @PostMapping("/blog")
    public String blog(@ModelAttribute Blog blog, HttpServletRequest request) {
    Cookie[] cookies = request.getCookies();
    String blogToken = blog.getToken();

    String sessionId = authenticationService.sessionIdFromCookies(cookies);

    if (authenticationService.isAuthenticated(cookies)) {
    if (authenticationService.validateCSRFToken(sessionId, blogToken)) {
    logger.debug("Blog post successful. Session Token is validated...");
    return "redirect:/home?status=success";
    } else {
    logger.debug("Session Token is Invalid...");
    }
    }
    logger.debug("Session Cookie is Invalid...");
    return "redirect:/home?status=failed";
    }

    }