if (session!=null) {
// delete any session authentication information first
if (realm==null) {
DBConnection connection = db.getConnection();
try {
connection.update(AuthDB.DELETE_USER_AUTHENTICATION, new DBUpdateHandler() {
public void prepare(PreparedStatement s)
throws SQLException
{
s.setInt(1,id);
s.setString(2,session.toString());
}
});
} finally {
db.release(connection);
}
} else {
DBConnection connection = db.getConnection();
try {
connection.update(AuthDB.DELETE_REALM_USER_AUTHENTICATION, new DBUpdateHandler() {
public void prepare(PreparedStatement s)
throws SQLException
{
s.setInt(1,id);
s.setInt(2,realm.getId());
s.setString(3,session.toString());
}
});
} finally {
db.release(connection);
}
}
}
// delete any expired sessions for the user
final Timestamp created = new Timestamp(System.currentTimeMillis());
DBConnection connection = db.getConnection();
try {
connection.update(AuthDB.DELETE_EXPIRED_SESSIONS, new DBUpdateHandler() {
public void prepare(PreparedStatement s)
throws SQLException
{
s.setInt(1,id);
s.setTimestamp(2,created);
}
});
} finally {
db.release(connection);
}
// check the internal password
if (checkPassword(password)) {
// We have the correct password
int dbid = -1;
if (expires>0) {
//construct an auth record with a session id
final UUID theSession = session==null ? UUID.randomUUID() : session;
final Timestamp expiration = new Timestamp(created.getTime()+expires);
connection = db.getConnection();
try {
connection.update(AuthDB.CREATE_AUTHENTICATED, new DBUpdateHandler() {
public void prepare(PreparedStatement s)
throws SQLException
{
s.setInt(1,id);
if (realm==null) {