String password = (String) credentials;
Principal user = new BasicPrincipal(uid);
PasswordCredentials pwdCred = new PasswordCredentials(password);
if (auth.authenticate(user, pwdCred, null) == null) {
throw new NotAuthorizedException(L.l("'{0}' has invalid credentials",
uid));
}
}
else if (server.getAdminCookie() == null && credentials == null) {