...
| Code Block | ||
|---|---|---|
| ||
protected void doPost(HttpServletRequest request,
HttpServletResponse response) {
// validate input (omitted)
String username = request.getParameter("username");
char[] password = request.getParameter("password").toCharArray();
boolean rememberMe = Boolean.valueOf(request.getParameter("rememberme"));
LoginService loginService = new LoginServiceImpl();
boolean validated = false;
if (rememberMe) {
if (request.getCookies()[0] != null
&& request.getCookies()[0].getValue() != null) {
String[] value = request.getCookies()[0].getValue().split(";");
if(value.length != 2) {
// set error and return
}
if (!loginService.mappingExists(value[0], value[1])) { // (username, random)
validated = loginService.isUserValid(username, password);
if (!validated) {
// set error and return
}
}
String newRandom = loginService.getRandomString();
// reset the random every time
loginService.mapUserForRememberMe(username, newRandom);
HttpSession session = request.getSession();
session.invalidate();
session = request.getSession(true);
// Set session timeout to one hour
session.setMaxInactiveInterval(60 * 60);
// Store user attribute and a random attribute in session scope
session.setAttribute("user", loginService.getUsername());
Cookie loginCookie = new Cookie("rememberme", username + ";"
+ newRandom);
response.addCookie(loginCookie);
// ... forward to welcome page
} else {
// ...authenticate using isUserValid() and if failed, set error
}
Arrays.fill(password, ' ');
}
|
...