/* (non-Javadoc)
  * @see net.webpasswordsafe.client.LoginService#logout()
  */
 @Override
 public boolean logout() {
   auditLogger.log(
       new Date(),
       ServerSessionUtil.getUsername(),
       ServerSessionUtil.getIP(),
       "logout",
       "",
       true,
       "");
   ServerSessionUtil.setUsername(null);
   ServerSessionUtil.setRoles(null);
   ServerSessionUtil.invalidateSession();
   return true;
 }
 /* (non-Javadoc)
  * @see net.webpasswordsafe.client.LoginService#login(java.lang.String, java.lang.String)
  */
 @Override
 @Transactional(propagation = Propagation.REQUIRED)
 public boolean login(String username, String password) {
   boolean isValidLogin = false;
   Date now = new Date();
   String message = "";
   username = trimUsername(username);
   if (authenticator.authenticate(username, password)) {
     User user = userDAO.findActiveUserByUsername(username);
     if (null != user) {
       isValidLogin = true;
       user.setLastLogin(now);
       userDAO.makePersistent(user);
       ServerSessionUtil.setUsername(username);
       ServerSessionUtil.setRoles(roleRetriever.retrieveRoles(user));
     } else {
       message = "user not found";
     }
   } else {
     message = "authentication failed";
   }
   auditLogger.log(now, username, ServerSessionUtil.getIP(), "login", "", isValidLogin, message);
   return isValidLogin;
 }