/**
* Performs {@link AccessControlManager#setAuthenticationCredentials(String, String)} or {@link
* AccessControlManager#setFullAuthenticationCredentials(String, String)}, depending on whether
* the authPassword or authApiPassword parameter is specified.
*
* <p>TODO: auth requests should be factorised to an Access service (they're not used by other WS
* requests). TODO: it's being done in an inefficient way (authentication done twice).
*/
@POST
@Path("/login")
@Produces(MediaType.APPLICATION_XML)
public User setAuthenticationCredentials(
@FormParam("login") String authEmail,
@FormParam("login-pwd") String authPassword,
@FormParam("login-secret") String authApiPassword)
throws SecurityException {
AccessControlManager mgr = getAccessControlManager(authEmail, authPassword, authApiPassword);
User result =
authPassword == null
? mgr.setAuthenticationCredentials(authEmail, authApiPassword)
: mgr.setFullAuthenticationCredentials(authEmail, authPassword);
mgr.close();
return result;
}
