throws AuthenticationException, AccountLockedException
{
boolean authenticationSuccess = false;
String username = null;
Exception resultException = null;
PasswordBasedAuthenticationDataSource source = (PasswordBasedAuthenticationDataSource) ds;
Map authnResultExceptionsMap = new HashMap();
try
{
getLogger().debug( "Authenticate: " + source );
User user = userManager.findUser( source.getPrincipal() );
username = user.getUsername();
if ( user.isLocked() && !user.isPasswordChangeRequired() )
{
throw new AccountLockedException( "Account " + source.getPrincipal() + " is locked.", user );
}
PasswordEncoder encoder = securityPolicy.getPasswordEncoder();
getLogger().debug( "PasswordEncoder: " + encoder.getClass().getName() );
boolean isPasswordValid = encoder.isPasswordValid( user.getEncodedPassword(), source.getPassword() );
if ( isPasswordValid )
{
getLogger().debug( "User " + source.getPrincipal() + " provided a valid password" );
try
{
securityPolicy.extensionPasswordExpiration( user );
}
catch ( MustChangePasswordException e )
{
user.setPasswordChangeRequired( true );
}
authenticationSuccess = true;
user.setCountFailedLoginAttempts( 0 );
userManager.updateUser( user );
return new AuthenticationResult( true, source.getPrincipal(), null );
}
else
{
getLogger().warn( "Password is Invalid for user " + source.getPrincipal() + "." );
authnResultExceptionsMap.put( AuthenticationConstants.AUTHN_NO_SUCH_USER,
"Password is Invalid for user " + source.getPrincipal() + "." );
try
{
securityPolicy.extensionExcessiveLoginAttempts( user );
}
finally
{
userManager.updateUser( user );
}
return new AuthenticationResult( false, source.getPrincipal(), null, authnResultExceptionsMap );
}
}
catch ( UserNotFoundException e )
{
getLogger().warn( "Login for user " + source.getPrincipal() + " failed. user not found." );
resultException = e;
authnResultExceptionsMap.put( AuthenticationConstants.AUTHN_NO_SUCH_USER,
"Login for user \" + source.getPrincipal() + \" failed. user not found." );
}