/** @since Servlet 3.0 */
@Override
public void login(String username, String password) throws ServletException {
WebApp webApp = getWebApp();
Authenticator auth = webApp.getConfiguredAuthenticator();
if (auth == null)
throw new ServletException(
L.l("No authentication mechanism is configured for '{0}'", getWebApp()));
// server/1aj0
Login login = webApp.getLogin();
if (login == null)
throw new ServletException(L.l("No login mechanism is configured for '{0}'", getWebApp()));
if (!login.isPasswordBased())
throw new ServletException(
L.l("Authentication mechanism '{0}' does not support password authentication", login));
removeAttribute(Login.LOGIN_USER);
removeAttribute(Login.LOGIN_PASSWORD);
Principal principal = login.getUserPrincipal(this);
if (principal != null)
throw new ServletException(L.l("UserPrincipal object has already been established"));
setAttribute(Login.LOGIN_USER, username);
setAttribute(Login.LOGIN_PASSWORD, password);
try {
login.login(this, getResponse(), false);
} finally {
removeAttribute(Login.LOGIN_USER);
removeAttribute(Login.LOGIN_PASSWORD);
}
principal = login.getUserPrincipal(this);
if (principal == null) throw new ServletException("can't authenticate a user");
}
