if(isAuthenticated()) {
throw new ServletException("Cannot perform login for '"
+ username + "' already authenticated as '"
+ getRemoteUser() + "'");
}
AuthenticationManager authManager = authenticationManager;
if(authManager == null) {
logger.debug("authenticationManager is null, so allowing original HttpServletRequest to handle login");
super.login(username, password);
return;
}
Authentication authentication;
try {
authentication = authManager.authenticate(new UsernamePasswordAuthenticationToken(username,password));
} catch(AuthenticationException loginFailed) {
SecurityContextHolder.clearContext();
throw new ServletException(loginFailed.getMessage(), loginFailed);
}
SecurityContextHolder.getContext().setAuthentication(authentication);