package org.secnod.shiro.test.integration.webapp;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.secnod.example.webapp.User;
import org.secnod.shiro.jaxrs.Auth;

@Produces({"text/plain"})
@Path("/session")
/* loaded from: input_file:org/secnod/shiro/test/integration/webapp/SessionResource.class */
public class SessionResource {
    @POST
    public String login(@FormParam("username") String str, @FormParam("password") String str2, @FormParam("rememberMe") @DefaultValue("false") boolean z) {
        SecurityUtils.getSubject().login(new UsernamePasswordToken(str, str2.toCharArray(), z));
        return "Logged in as " + str + "\n";
    }

    @GET
    public String sessionUser(@Auth User user) {
        return "Current user: " + user + "\n";
    }

    @DELETE
    public String invalidateHttpSession(@Context HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            throw new WebApplicationException(Response.Status.BAD_REQUEST);
        }
        session.invalidate();
        return "session invalidated";
    }
}
