java source code of SessionResource

package org.secnod.shiro.test.integration.webapp;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response.Status;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.secnod.example.webapp.User;
import org.secnod.shiro.jaxrs.Auth;

@Path("/session")
@Produces(MediaType.TEXT_PLAIN)
public class SessionResource {

    @Context
    HttpServletRequest request;

    @POST
    public String login(@FormParam("username") String username, @FormParam("password") String password,
            @FormParam("rememberMe") @DefaultValue("false") boolean rembemberMe) {
        SecurityUtils.getSubject().login(new UsernamePasswordToken(username, password.toCharArray(), rembemberMe));
        return "Logged in as " + username + "\n";
    }

    @GET
    public String sessionUser(@Auth User user) {
        return "Current user: " + user + "\n";
    }

    /**
     * Invalidate the session without logging out the Shiro subject. For testing the remember me token.
     */
    @DELETE
    public String invalidateHttpSession() {
        HttpSession session = request.getSession(false);
        if (session == null) throw new WebApplicationException(Status.BAD_REQUEST);

        session.invalidate();
        return "session invalidated";
    }
}