HttpServletRequest request, HttpServletResponse response,
ModelMap model) {
Integer errorRemaining = unifiedUserMng.errorRemaining(username);
CmsSite site = CmsUtils.getSite(request);
String sol = site.getSolutionPath();
WebErrors errors = validateSubmit(username, password, captcha,
errorRemaining, request, response);
if (!errors.hasErrors()) {
try {
String ip = RequestUtils.getIpAddr(request);
Authentication auth = authMng.login(username, password, ip,
request, response, session);
// 是否需要在这里加上登录次数的更新?按正常的方式,应该在process里面处理的,不过这里处理也没大问题。
cmsUserMng.updateLoginInfo(auth.getUid(), ip);
CmsUser user = cmsUserMng.findById(auth.getUid());
if (user.getDisabled()) {
// 如果已经禁用,则推出登录。
authMng.deleteById(auth.getId());
session.logout(request, response);
throw new DisabledException("user disabled");
}
removeCookieErrorRemaining(request, response);
String view = getView(processUrl, returnUrl, auth.getId());
if (view != null) {
return view;
} else {
FrontUtils.frontData(request, model, site);
return "redirect:login.jspx";
}
} catch (UsernameNotFoundException e) {
errors.addErrorString(e.getMessage());
} catch (BadCredentialsException e) {
errors.addErrorString(e.getMessage());
} catch (DisabledException e) {
errors.addErrorString(e.getMessage());
}
}
// 登录失败
writeCookieErrorRemaining(errorRemaining, request, response, model);
errors.toModel(model);
FrontUtils.frontData(request, model, site);
if (!StringUtils.isBlank(processUrl)) {
model.addAttribute(PROCESS_URL, processUrl);
}
if (!StringUtils.isBlank(returnUrl)) {