public String[] authenticate(final String username, final char[] password) {
log(FINEST, "Authenticating user {0}", username);
final boolean authenticated = hasValidCredentials(username, password);
final String[] groups = authenticated ? convertToArray(getGroups(username)) : null;
log(
FINEST,
"User {0}, authenticated {1} has groups {2}",
username,
authenticated,
Arrays.deepToString(groups));
return groups;
}
private boolean isValidPassword(
final String username, final char[] givenPassword, final ResultSet resultSet)
throws SQLException {
if (!resultSet.next()) {
return logAndReturnFalse(INFO, "No user found for username {0}!", username);
}
String databasePassword = resultSet.getString(1);
if (databasePassword == null) {
// Password should be required so log with warning
return logAndReturnFalse(WARNING, "Username {0} has NO Password!", username);
}
char[] transformedPassword = transformer.transform(givenPassword);
char[] trimmedDatabasePassword = databasePassword.trim().toCharArray();
boolean passwordsEqual = Arrays.equals(trimmedDatabasePassword, transformedPassword);
if (!passwordsEqual) {
return logAndReturnFalse(INFO, "Invalid Password entered for username {0}!", username);
}
log(FINEST, "Username {0} has valid Password.", username);
return true;
}
