package com.ibm.nex.console.security.controller;

import com.ibm.nex.console.framework.webmvc.AbstractMultiActionController;
import com.ibm.nex.console.security.util.AuthenticationInfo;
import com.ibm.nex.console.security.util.SecurityUtil;
import java.io.IOException;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/ibm/nex/console/security/controller/AuthenticationController.class */
public class AuthenticationController extends AbstractMultiActionController {
    public static final String COPYRIGHT = "� Copyright IBM Corp. 2007, 2008, 2009";

    public Object handleGetAuthenticationInfo(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws NoAuthenticatedUserException {
        AuthenticationInfo authenticationInfo = SecurityUtil.getAuthenticationInfo(httpServletRequest);
        if (authenticationInfo == null) {
            throw new NoAuthenticatedUserException("No user found.");
        }
        Object attribute = httpServletRequest.getSession().getAttribute("crossSiteToken");
        if (attribute == null) {
            attribute = UUID.randomUUID().toString();
            httpServletRequest.getSession().setAttribute("crossSiteToken", attribute);
        }
        authenticationInfo.setCrossSiteToken(attribute.toString());
        return authenticationInfo;
    }

    public Object handleLogOut(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String id = httpServletRequest.getSession().getId();
        httpServletRequest.getSession().invalidate();
        SecurityUtil.cleanupSessionInfo(httpServletRequest.getRemoteAddr(), id);
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.getOutputStream().write("<result>success</result>".getBytes("UTF-8"));
        return null;
    }
}
