isAuthSuccess = authenticator.authenticate(username, password);
if (!isWhitelistUser(username))
{
if (!isAuthSuccess)
{
UserLockout lockout = userLockoutDAO.findByUser(user);
lockout = (null == lockout) ? new UserLockout(user, 0) : lockout;
int failCount = lockout.getFailCount() + 1;
if (failCount >= failedLoginThreshold)
{
lockout.setFailCount(0);
user.setActiveFlag(false);
LOG.debug("UserLockoutAuthenticator: "+username+" is locked out");
auditLogger.log(new Date(), username, ServerSessionUtil.getIP(), "lockout", username, true, "user disabled");
}
else
{
lockout.setFailCount(failCount);
}
userLockoutDAO.makePersistent(lockout);
}
else
{
UserLockout lockout = userLockoutDAO.findByUser(user);
if (null != lockout)
{
lockout.setFailCount(0);
}
}
}
}