final HttpServletRequest request,
final HttpServletResponse response)
throws OmhException {
// Create the authentication request from parameters.
AuthenticationToken token =
handleRequest(
request,
response,
new AuthenticationRequest(username, password));
// Add a cookie for the authentication token.
Cookie cookie =
new Cookie(PARAM_AUTHENTICATION_AUTH_TOKEN, token.getToken());
// Set the expiration on the cookie.
cookie
.setMaxAge(
new Long(
(token.getExpires() - System.currentTimeMillis()) / 1000)
.intValue());
// Build the path without the "auth" part.
String requestUri = request.getRequestURI();
cookie.setPath(requestUri.substring(0, requestUri.length() - 5));
// Make sure the cookie is only used with HTTPS.
cookie.setSecure(true);
// Add the cookie to the response.
response.addCookie(cookie);
// Return the token.
return token.getToken();
}