* @throws AuthenticationException
*/
public static Principal getPrincipalForPassword(final PropertyKey<String> key, final String value, final String password) throws AuthenticationException {
String errorMsg = null;
Principal principal = null;
// FIXME: this might be slow, because the the property file needs to be read each time
final String superuserName = StructrApp.getConfigurationValue(Services.SUPERUSER_USERNAME);
final String superUserPwd = StructrApp.getConfigurationValue(Services.SUPERUSER_PASSWORD);
if (superuserName.equals(value) && superUserPwd.equals(password)) {
logger.log(Level.INFO, "############# Authenticated as superadmin! ############");
principal = new SuperUser();
} else {
try {
principal = StructrApp.getInstance().nodeQuery(Principal.class).and().or(key, value).or(AbstractUser.name, value).getFirst();
if (principal == null) {
logger.log(Level.INFO, "No principal found for {0} {1}", new Object[]{ key.dbName(), value });
errorMsg = STANDARD_ERROR_MSG;
} else {
if (principal.getProperty(Principal.blocked)) {
logger.log(Level.INFO, "Principal {0} is blocked", principal);
errorMsg = STANDARD_ERROR_MSG;
}
if (StringUtils.isEmpty(password)) {
logger.log(Level.INFO, "Empty password for principal {0}", principal);
errorMsg = "Empty password, should never happen here!";
} else {
String salt = principal.getProperty(Principal.salt);
String encryptedPasswordValue;
if (salt != null) {
encryptedPasswordValue = getHash(password, salt);
} else {
encryptedPasswordValue = getSimpleHash(password);
}
String pw = principal.getEncryptedPassword();
if (pw == null || !encryptedPasswordValue.equals(pw)) {
logger.log(Level.INFO, "Wrong password for principal {0}", principal);