private HttpResponse handleRequestLogin(HttpApiRequest request) {
if (!HttpConstants.METHOD_POST.equals(request.getMethod()))
return new HttpResponse(HttpURLConnection.HTTP_BAD_METHOD, HttpConstants.MIME_TEXT_PLAIN, "Expected POST method");
String login = request.getParameter("login");
if (login == null)
return XSPReplyUtils.toHttpResponse(new XSPReplyApiError(ERROR_EXPECTED_QUERY_PARAMETERS, "'login'"), null);
String password = new String(request.getContent(), IOUtils.CHARSET);
XSPReply reply = login(request.getClient(), login, password);
if (!reply.isSuccess())
return XSPReplyUtils.toHttpResponse(reply, null);
String token = ((XSPReplyResult<String>) reply).getData();
HttpResponse response = new HttpResponse(HttpURLConnection.HTTP_OK, HttpConstants.MIME_JSON, getCurrentUser().serializedJSON());
response.addHeader(HttpConstants.HEADER_SET_COOKIE, AUTH_TOKEN + "=" + token +
"; Max-Age=" + Long.toString(securityTokenTTL) +
"; Path=" + PlatformHttp.getUriPrefixApi() +
"; Secure" +
"; HttpOnly");
return response;
}