/** * Tries to authenticate with given credentials * * @return User object if authentication is successful or null if not */ public User authenticate(String login, String password) { User user = userDAO.findByLogin(login); if (user == null) { return null; } if (!passwordService.checkPassword(password, user.getPasswordSalt(), user.getPasswordHash())) { user.setLoginAttempts(user.getLoginAttempts() + 1); if (user.getLoginAttempts() >= configurationService.getInt( Constants.MAX_LOGIN_ATTEMPTS, Constants.MAX_LOGIN_ATTEMPTS_DEFAULT)) { user.setStatus(UserStatus.LOCKED_OUT); } return null; } else { if (user.getLoginAttempts() != 0) { user.setLoginAttempts(0); } if (user.getLastLogin() == null || System.currentTimeMillis() - user.getLastLogin().getTime() > configurationService.getLong( Constants.LAST_LOGIN_TIMEOUT, Constants.LAST_LOGIN_TIMEOUT_DEFAULT)) { user.setLastLogin(timestampService.getTimestamp()); } return user; } }