@Override public String authenticate( String command, Map<String, Object[]> params, HttpSession session, String remoteAddress, String responseType, StringBuilder auditTrailSb, final HttpServletResponse resp) throws ServerApiException { // FIXME: ported from ApiServlet, refactor and cleanup final String[] username = (String[]) params.get(ApiConstants.USERNAME); final String[] password = (String[]) params.get(ApiConstants.PASSWORD); String[] domainIdArr = (String[]) params.get(ApiConstants.DOMAIN_ID); if (domainIdArr == null) { domainIdArr = (String[]) params.get(ApiConstants.DOMAIN__ID); } final String[] domainName = (String[]) params.get(ApiConstants.DOMAIN); Long domainId = null; if ((domainIdArr != null) && (domainIdArr.length > 0)) { try { // check if UUID is passed in for domain domainId = _apiServer.fetchDomainId(domainIdArr[0]); if (domainId == null) { domainId = Long.parseLong(domainIdArr[0]); } auditTrailSb.append(" domainid=" + domainId); // building the params for POST call } catch (final NumberFormatException e) { s_logger.warn("Invalid domain id entered by user"); auditTrailSb.append( " " + HttpServletResponse.SC_UNAUTHORIZED + " " + "Invalid domain id entered, please enter a valid one"); throw new ServerApiException( ApiErrorCode.UNAUTHORIZED, _apiServer.getSerializedApiError( HttpServletResponse.SC_UNAUTHORIZED, "Invalid domain id entered, please enter a valid one", params, responseType)); } } String domain = null; if (domainName != null) { domain = domainName[0]; auditTrailSb.append(" domain=" + domain); if (domain != null) { // ensure domain starts with '/' and ends with '/' if (!domain.endsWith("/")) { domain += '/'; } if (!domain.startsWith("/")) { domain = "/" + domain; } } } String serializedResponse = null; if (username != null) { final String pwd = ((password == null) ? null : password[0]); try { return ApiResponseSerializer.toSerializedString( _apiServer.loginUser( session, username[0], pwd, domainId, domain, remoteAddress, params), responseType); } catch (final CloudAuthenticationException ex) { // TODO: fall through to API key, or just fail here w/ auth error? (HTTP 401) try { session.invalidate(); } catch (final IllegalStateException ise) { } auditTrailSb.append( " " + ApiErrorCode.ACCOUNT_ERROR + " " + ex.getMessage() != null ? ex.getMessage() : "failed to authenticate user, check if username/password are correct"); serializedResponse = _apiServer.getSerializedApiError( ApiErrorCode.ACCOUNT_ERROR.getHttpCode(), ex.getMessage() != null ? ex.getMessage() : "failed to authenticate user, check if username/password are correct", params, responseType); } } // We should not reach here and if we do we throw an exception throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR, serializedResponse); }