...
Code Block | ||
---|---|---|
| ||
protected void doPost(HttpServletRequest request, HttpServletResponse response) { // validate input (omitted) String username = request.getParameter("username"); char[] password = request.getParameter("password").toCharArray(); boolean rememberMe = Boolean.valueOf(request.getParameter("rememberme")); LoginService loginService = new LoginServiceImpl(); boolean validated = false; if (rememberMe) { if (request.getCookies()[0] != null && request.getCookies()[0].getValue() != null) { String[] value = request.getCookies()[0].getValue().split(";"); if(value.length != 2) { // set error and return } ifif (!loginService.mappingExists(value[0], value[1])) { // (username, random) // set error and return } } else { validated = loginService.isUserValid(username, password); if (!validated) { // set error and return } } String newRandom = loginService.getRandomString(); // reset the random every time loginService.mapUserForRememberMe(username, newRandom); HttpSession session = request.getSession(); session.invalidate(); session = request.getSession(true); // Set session timeout to one hour session.setMaxInactiveInterval(60 * 60); // Store user attribute and a random attribute in session scope session.setAttribute("user", loginService.getUsername()); Cookie loginCookie = new Cookie("rememberme", username + ";" + newRandom); response.addCookie(loginCookie); // ... forward to welcome page } else { // ...authenticate using isUserValid() and if failed, set error } Arrays.fill(password, ' '); } |
...