CredentialsWrapper cw = new CredentialsWrapper(this.username, this.password);
try {
if (this.username.equals(SystemPrincipal.getUsername())) {
if (!cw.equals(SystemPrincipal.getCredentials())) {
throw new AuthenticationException("Wrong password");
}
} else if (!this.username.equals(AnonymousPrincipal.getUsername())) {
//FIXME Tout le monde peut lire les comptes utilisateurs ??
boolean exists = UserDao.createInstance().exists(this.username, this.password);
//Warning, user is detached
if (!exists) {
throw new AuthenticationException("Wrong username and/or password");
}
}
HttpServletRequest request = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
request.getSession(true).setAttribute(SESSION_REF, this);