@Override protected User doAuthentication(ActionForm form, HttpServletRequest request) { final CasConfig casConfig = CoreConfiguration.casConfig(); if (casConfig != null && casConfig.isCasEnabled()) { throw AuthorizationException.authenticationFailed(); } final AuthenticationForm authenticationForm = (AuthenticationForm) form; final String username = authenticationForm.getUsername(); final String password = authenticationForm.getPassword(); return Authenticate.login(request.getSession(true), username, password); }