package org.appfuse.webapp.controller; import java.util.Locale; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.appfuse.Constants; import org.appfuse.model.User; import org.appfuse.service.RoleManager; import org.appfuse.service.UserExistsException; import org.appfuse.webapp.util.RequestUtil; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.mail.MailException; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Controller; import org.springframework.validation.BindingResult; import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.tuckey.web.filters.urlrewrite.utils.StringUtils; /** * Controller to signup new users. * * @author <a href="mailto:matt@raibledesigns.com">Matt Raible</a> */ @Controller @RequestMapping("/signup*") public class SignupController extends BaseFormController { private RoleManager roleManager; @Autowired public void setRoleManager(final RoleManager roleManager) { this.roleManager = roleManager; } public SignupController() { setCancelView("redirect:login"); setSuccessView("redirect:home"); } @ModelAttribute @RequestMapping(method = RequestMethod.GET) public User showForm() { return new User(); } @RequestMapping(method = RequestMethod.POST) public String onSubmit(final User user, final BindingResult errors, final HttpServletRequest request, final HttpServletResponse response) throws Exception { if (request.getParameter("cancel") != null) { return getCancelView(); } if (validator != null) { // validator is null during testing validator.validate(user, errors); if (StringUtils.isBlank(user.getPassword())) { errors.rejectValue("password", "errors.required", new Object[] { getText("user.password", request.getLocale()) }, "Password is a required field."); } if (errors.hasErrors()) { return "signup"; } } final Locale locale = request.getLocale(); user.setEnabled(true); // Set the default user role on this new user user.addRole(roleManager.getRole(Constants.USER_ROLE)); // unencrypted users password to log in user automatically final String password = user.getPassword(); try { this.getUserManager().saveUser(user); } catch (final AccessDeniedException ade) { // thrown by UserSecurityAdvice configured in aop:advisor userManagerSecurity log.warn(ade.getMessage()); response.sendError(HttpServletResponse.SC_FORBIDDEN); return null; } catch (final UserExistsException e) { errors.rejectValue("username", "errors.existing.user", new Object[] { user.getUsername(), user.getEmail() }, "duplicate user"); return "signup"; } saveMessage(request, getText("user.registered", user.getUsername(), locale)); request.getSession().setAttribute(Constants.REGISTERED, Boolean.TRUE); // log user in automatically final UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken( user.getUsername(), password, user.getAuthorities()); auth.setDetails(user); SecurityContextHolder.getContext().setAuthentication(auth); // Send user an e-mail if (log.isDebugEnabled()) { log.debug("Sending user '" + user.getUsername() + "' an account information e-mail"); } // Send an account information e-mail message.setSubject(getText("signup.email.subject", locale)); try { sendUserMessage(user, getText("signup.email.message", locale), RequestUtil.getAppURL(request)); } catch (final MailException me) { saveError(request, me.getMostSpecificCause().getMessage()); } return getSuccessView(); } }