/** * Authenticates a user session. * * @param req The HTTP request. * @param creds The credentials with which to authenticate. * @return The authenticated user or null if authentication fails. * @throws WebApplicationException If the user is not authenticated. */ @POST @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) @Description("Authenticates a user session.") @Path("/login") public PrincipalUserDto login(@Context HttpServletRequest req, final CredentialsDto creds) { try { PrincipalUserDto result = null; PrincipalUser user = authService.getUser(creds.getUsername(), creds.getPassword()); if (user != null) { result = PrincipalUserDto.transformToDto(user); } else { throw new WebApplicationException( Response.Status.UNAUTHORIZED.getReasonPhrase(), Response.Status.UNAUTHORIZED); } req.getSession(true).setAttribute(AuthFilter.USER_ATTRIBUTE_NAME, result); return result; } catch (Exception ex) { throw new WebApplicationException( Response.Status.UNAUTHORIZED.getReasonPhrase(), Response.Status.UNAUTHORIZED); } }