private void authenticateAndRedirect(HttpServletRequest req, HttpServletResponse rsp) throws IOException { AuthRequest areq = new AuthRequest(user.getExternalId()); AuthResult arsp; try { String claimedIdentifier = user.getClaimedIdentity(); if (!Strings.isNullOrEmpty(claimedIdentifier)) { if (!authenticateWithIdentityClaimedDuringHandshake(areq, rsp, claimedIdentifier)) { return; } } else if (linkMode) { if (!authenticateWithLinkedIdentity(areq, rsp)) { return; } } areq.setUserName(user.getUserName()); areq.setEmailAddress(user.getEmailAddress()); areq.setDisplayName(user.getDisplayName()); arsp = accountManager.authenticate(areq); } catch (AccountException e) { log.error("Unable to authenticate user \"" + user + "\"", e); rsp.sendError(HttpServletResponse.SC_FORBIDDEN); return; } webSession.get().login(arsp, true); String suffix = redirectToken.substring(OAuthWebFilter.GERRIT_LOGIN.length() + 1); StringBuilder rdr = new StringBuilder(urlProvider.get(req)); rdr.append(Url.decode(suffix)); rsp.sendRedirect(rdr.toString()); }