Package org.broadleafcommerce.core.web.controller.account

Class BroadleafLoginController

java.lang.Object
org.broadleafcommerce.common.web.controller.BroadleafAbstractController
org.broadleafcommerce.core.web.controller.account.BroadleafLoginController
public class BroadleafLoginController extends org.broadleafcommerce.common.web.controller.BroadleafAbstractController
The controller responsible for login and login related activities including forgot username, forgot password, and reset password.

The actual login processing is done via Spring Security.

Author:
apazzolini, bpolster

  • Field Details

    • CHANGE_PASSWORD_USERNAME_REQUEST_ATTR

      protected static final String CHANGE_PASSWORD_USERNAME_REQUEST_ATTR
      See Also:

    • loginView

      protected static String loginView

    • forgotPasswordView

      protected static String forgotPasswordView

    • forgotUsernameView

      protected static String forgotUsernameView

    • forgotPasswordSuccessView

      protected static String forgotPasswordSuccessView

    • resetPasswordView

      protected static String resetPasswordView

    • resetPasswordErrorView

      protected static String resetPasswordErrorView

    • resetPasswordSuccessView

      protected static String resetPasswordSuccessView

    • resetPasswordFormView

      protected static String resetPasswordFormView

    • forcedPasswordChangeView

      protected static String forcedPasswordChangeView

    • forcedPasswordChangeSuccessView

      protected static String forcedPasswordChangeSuccessView

    • customerService

      protected org.broadleafcommerce.profile.core.service.CustomerService customerService

    • resetPasswordValidator

      protected org.broadleafcommerce.profile.core.service.validator.ResetPasswordValidator resetPasswordValidator

    • loginService

      protected org.broadleafcommerce.profile.web.core.service.login.LoginService loginService

  • Constructor Details

    • BroadleafLoginController

      public BroadleafLoginController()

  • Method Details

    • login

      public String login(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.ui.Model model)
      Redirects to the login view.
      Parameters:
      request -
      response -
      model -
      Returns:
      the return view

    • forgotPassword

      public String forgotPassword(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.ui.Model model)
      Redirects to te forgot password view.
      Parameters:
      request -
      response -
      model -
      Returns:
      the return view

    • processForgotPassword

      public String processForgotPassword(String username, jakarta.servlet.http.HttpServletRequest request, org.springframework.ui.Model model)
      Looks up the passed in username and sends an email to the address on file with a reset password token.

      Returns error codes for invalid username.

      Parameters:
      username -
      request -
      model -
      Returns:
      the return view

    • forcedPasswordChange

      public String forcedPasswordChange(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.ui.Model model)

    • processForcedPasswordChange

      public String processForcedPasswordChange(String username, jakarta.servlet.http.HttpServletRequest request, org.springframework.ui.Model model)

    • forgotUsername

      public String forgotUsername(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.ui.Model model)
      Returns the forgot username view.
      Parameters:
      request -
      response -
      model -
      Returns:
      the return view

    • processForgotUsername

      public String processForgotUsername(String email, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.ui.Model model)
      Looks up an account by email address and if found, sends an email with the associated username.
      Parameters:
      email -
      request -
      response -
      model -
      Returns:
      the return view

    • resetPassword

      public String resetPassword(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.ui.Model model)
      Displays the reset password view. Expects a valid resetPasswordToken to exist that was generated by processForgotPassword(String, HttpServletRequest, Model) or similar. Returns an error view if the token is invalid or expired.
      Parameters:
      request -
      response -
      model -
      Returns:
      the return view

    • processResetPassword

      public String processResetPassword(ResetPasswordForm resetPasswordForm, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.ui.Model model, org.springframework.validation.BindingResult errors) throws org.broadleafcommerce.common.exception.ServiceException
      Processes the reset password token and allows the user to change their password. Ensures that the password and confirm password match, that the token is valid, and that the token matches the provided email address.
      Parameters:
      resetPasswordForm -
      request -
      response -
      model -
      errors -
      Returns:
      the return view
      Throws:
      org.broadleafcommerce.common.exception.ServiceException

    • buildRedirectToLoginWithMessage

      protected String buildRedirectToLoginWithMessage(String message)
      By default, redirects to the login page with a message.
      Parameters:
      message -
      Returns:
      the return view

    • initResetPasswordForm

      public ResetPasswordForm initResetPasswordForm(jakarta.servlet.http.HttpServletRequest request)
      Initializes the reset password by ensuring that the passed in token URL parameter initializes the hidden form field.

      Also, if the reset password request is in the same session as the forgotPassword request, the username will auto-populate

      Parameters:
      request -
      Returns:
      the return view

    • getLoginView

      public String getLoginView()
      Returns:
      the view representing the login page.

    • getForgotUsernameView

      public String getForgotUsernameView()
      Returns:
      the view displayed for the forgot username form.

    • getForgotPasswordView

      public String getForgotPasswordView()
      Returns:
      the view displayed for the forgot password form.

    • getResetPasswordView

      public String getResetPasswordView()
      Returns:
      the view displayed for the reset password form.

    • getForgotPasswordSuccessView

      public String getForgotPasswordSuccessView()
      Returns:
      the view returned after a successful forgotPassword email has been sent.

    • getForcedPasswordChangeView

      public String getForcedPasswordChangeView()
      Returns:
      the view displayed for the forced password change form.

    • getForcedPasswordChangeSuccessView

      public String getForcedPasswordChangeSuccessView()
      Returns:
      the view returned after a successful forgotPassword email has been sent.

    • getResetPasswordFormView

      public String getResetPasswordFormView()
      Returns:
      the view name to use for the reset password model..

    • getResetPasswordScheme

      public String getResetPasswordScheme(jakarta.servlet.http.HttpServletRequest request)

    • getResetPasswordPort

      public String getResetPasswordPort(jakarta.servlet.http.HttpServletRequest request, String scheme)

    • getResetPasswordUrl

      public String getResetPasswordUrl(jakarta.servlet.http.HttpServletRequest request)

    • getResetPasswordErrorView

      public String getResetPasswordErrorView()
      View user is directed to if they try to access the resetPasswordForm with an invalid token.
      Returns:
      the error view

    • getResetPasswordSuccessView

      public String getResetPasswordSuccessView()
      View that a user is sent to after a successful reset password operations. Should be a redirect (e.g. start with "redirect:" since this will cause the entire SpringSecurity pipeline to be fulfilled.