/**
* delegate to the authentication system for boolean authentication checks, if the result is
* authentic then pull the user object from the user manager and add it to the session. If the
* result is false return the result in an authenticated session and a null user object.
*
* <p>in the event of a successful authentication and a lack of corresponding user in the
* usermanager return a null user as well
*
* <p>//todo should this last case create a user in the usermanager?
*
* @param source
* @return
* @throws AuthenticationException
* @throws UserNotFoundException
* @throws MustChangePasswordException
* @throws AccountLockedException
*/
public SecuritySession authenticate(AuthenticationDataSource source)
throws AuthenticationException, UserNotFoundException, AccountLockedException {
// Perform Authentication.
AuthenticationResult result = authnManager.authenticate(source);
getLogger().debug("authnManager.authenticate() result: " + result);
// Process Results.
if (result.isAuthenticated()) {
getLogger().debug("User '" + result.getPrincipal() + "' authenticated.");
if (userManager.userExists(result.getPrincipal())) {
getLogger().debug("User '" + result.getPrincipal() + "' exists.");
User user = userManager.findUser(result.getPrincipal());
getLogger().debug("User: "******"User '" + result.getPrincipal() + "' DOES NOT exist.");
return new DefaultSecuritySession(result);
}
} else {
getLogger().debug("User '" + result.getPrincipal() + "' IS NOT authenticated.");
return new DefaultSecuritySession(result);
}
}
