"Data");
return false;
}
RegistryService registryService = WebSealAuthBEDataHolder.getInstance().getRegistryService();
RealmService realmService = WebSealAuthBEDataHolder.getInstance().getRealmService();
String tenantDomain = UserCoreUtil.getTenantDomain(realmService, username);
username = UserCoreUtil.getTenantLessUsername(username);
UserRealm realm = AnonymousSessionUtil.getRealmByTenantDomain(registryService,
realmService, tenantDomain);
boolean isAuthenticated = realm.getUserStoreManager().authenticate(username, password);
if (!isAuthenticated) {
CarbonAuthenticationUtil.onFailedAdminLogin(httpSess, username, -1, remoteAddress,
"Data");
return false;
}
// If we are to trust the user who delegates identity - he should be
// in a role having
// delegate-identity permission.
boolean isDelegateToAuthorized = realm.getAuthorizationManager().isUserAuthorized(
username, "System", "delegate-identity");
// authenticatedUser user should have the permission to login to the
// system.
boolean isLoginToAuthorized = realm.getAuthorizationManager().isUserAuthorized(
authenticatedUser, "System", "login");
int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
if (isDelegateToAuthorized && isLoginToAuthorized) {
CarbonAuthenticationUtil.onSuccessAdminLogin(httpSess, username, tenantId,
tenantDomain, remoteAddress);
log.info("Identity delegation by " + username + " on behalf of "
+ authenticatedUser + " from IP address " + remoteAddress);