UserController.java

package com.aperture_software.glados_wiki.webmvc.controllers;

import com.aperture_software.glados_wiki.entities.User;
import com.aperture_software.glados_wiki.services.TimeZoneService;
import com.aperture_software.glados_wiki.services.UserService;
import com.aperture_software.glados_wiki.support.SecurityUtils2;
import com.google.common.base.Optional;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.annotation.RequiresUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;


/**
 * User: jhyun
 * Date: 13. 12. 2.
 * Time: 오후 11:48
 */
@RequestMapping(value = "/user")
@Controller
public class UserController {

    private static Logger LOG = LoggerFactory.getLogger(UserController.class);
    @Autowired
    private org.apache.shiro.mgt.SecurityManager securityManager;
    @Autowired
    private UserService userService;
    @Autowired
    private TimeZoneService timeZoneService;

    @RequestMapping(value = "loginForm")
    public ModelAndView loginForm(ModelMap m) {
        return new ModelAndView("user/loginForm", m);
    }

    @RequiresUser
    @RequestMapping(value = "changePasswordSelfForm")
    public ModelAndView changePasswordSelfForm(ModelMap m) {
        return new ModelAndView("user/changePasswordSelfForm", m);
    }

    @RequiresUser
    @ResponseBody
    @RequestMapping(value = "changePasswordSelf", method = {RequestMethod.POST}, produces = {MediaType.TEXT_PLAIN_VALUE})
    public String changePasswordSelf(
            @RequestParam(value = "curPassword", required = true) final String curPassword,
            @RequestParam(value = "newPassword1", required = true) final String newPassword1,
            @RequestParam(value = "newPassword2", required = true) final String newPassword2)
            throws Exception {
        //
        final String curUsername = SecurityUtils2.getUsername();
        //
        if (false == ObjectUtils.equals(newPassword1, newPassword2)) {
            throw new AuthorizationException("new-password-1 and new-password-2 mismatch.");
        }
        //
        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(curUsername, curPassword);
        AuthenticationInfo a = securityManager.authenticate(usernamePasswordToken);
        if (null == a) {
            throw new AuthenticationException("invalid current-password!");
        }
        //
        Optional<User> u = userService.getByUsername(curUsername);
        if (u.isPresent() == false) {
            throw new Exception(String.format("USER NOT FOUND [%s]", curUsername));
        }
        userService.setPassword(u.get(), newPassword1);
        //
        return "OK. CHANGED.";
    }

    @RequiresUser
    @RequestMapping(value = "editProfileSelfForm")
    public ModelAndView editProfileSelfForm(ModelMap m) throws Exception {
        m.put("TIMEZONE_IDS", timeZoneService.sortedTimeZoneIds());
        //
        final String curUsername = SecurityUtils2.getUsername();
        Optional<User> u = userService.getByUsername(curUsername);
        if (false == u.isPresent()) {
            throw new Exception(String.format("USER NOT FOUND [%s]", curUsername));
        }
        //
        m.put("user", u.get());
        //
        return new ModelAndView("user/editProfileSelfForm", m);
    }

    @RequiresUser
    @ResponseBody
    @RequestMapping(value = "editProfileSelf", method = {RequestMethod.POST}, produces = {MediaType.TEXT_PLAIN_VALUE})
    public String editProfileSelf(@RequestParam(value = "description", required = true) final String description,
                                  @RequestParam(value = "timezone", required = true) final String timezone) throws Exception {
        //
        final String curUsername = SecurityUtils2.getUsername();
        Optional<User> u = userService.getByUsername(curUsername);
        if (u.isPresent() == false) {
            throw new Exception(String.format("USER NOT FOUND [%s]", curUsername));
        }
        //
        User u2 = u.get();
        u2.setDescription(description);
        u2.setTimezone(timezone);
        userService.update(u2);
        timeZoneService.evictUserTimeZoneCache(curUsername);
        //
        return "OK. UPDATED.";
    }


}