for ( UserManager userManager : userManagers )
{
try
{
log.debug( "Authenticate: {} with userManager: {}", source, userManager.getId() );
User user = userManager.findUser( source.getUsername() );
username = user.getUsername();
if ( user.isLocked() )
{
//throw new AccountLockedException( "Account " + source.getUsername() + " is locked.", user );
AccountLockedException e =
new AccountLockedException( "Account " + source.getUsername() + " is locked.", user );
log.warn( "{}", e.getMessage() );
resultException = e;
authnResultErrors.add(
new AuthenticationFailureCause( AuthenticationConstants.AUTHN_LOCKED_USER_EXCEPTION,
e.getMessage() ) );
}
if ( user.isPasswordChangeRequired() && source.isEnforcePasswordChange() )
{
//throw new MustChangePasswordException( "Password expired.", user );
MustChangePasswordException e = new MustChangePasswordException( "Password expired.", user );
log.warn( "{}", e.getMessage() );
resultException = e;
authnResultErrors.add(
new AuthenticationFailureCause( AuthenticationConstants.AUTHN_MUST_CHANGE_PASSWORD_EXCEPTION,
e.getMessage() ) );
}
PasswordEncoder encoder = securityPolicy.getPasswordEncoder();
log.debug( "PasswordEncoder: {}", encoder.getClass().getName() );
boolean isPasswordValid = encoder.isPasswordValid( user.getEncodedPassword(), source.getPassword() );
if ( isPasswordValid )
{
log.debug( "User {} provided a valid password", source.getUsername() );
try
{
securityPolicy.extensionPasswordExpiration( user );
authenticationSuccess = true;
//REDBACK-151 do not make unnessesary updates to the user object
if ( user.getCountFailedLoginAttempts() > 0 )
{
user.setCountFailedLoginAttempts( 0 );
if ( !userManager.isReadOnly() )
{
userManager.updateUser( user );
}
}
return new AuthenticationResult( true, source.getUsername(), null );
}
catch ( MustChangePasswordException e )
{
user.setPasswordChangeRequired( true );
//throw e;
resultException = e;
authnResultErrors.add( new AuthenticationFailureCause(
AuthenticationConstants.AUTHN_MUST_CHANGE_PASSWORD_EXCEPTION, e.getMessage() ).user( user ) );
}