private boolean validateKey(String key) { // If user loged in invalidate session first FacesContext ctx = FacesContext.getCurrentInstance(); HttpServletRequest req = (HttpServletRequest) ctx.getExternalContext().getRequest(); /* if (req.getRemoteUser() != null) { HttpSession session = (HttpSession) ctx.getExternalContext().getSession( false); if (null != session) { session.invalidate(); return false; } } */ Users user = mgr.getUserByUsername(username); if (user.getStatus() != PeopleAccountStatus.ACCOUNT_VERIFICATION.getValue()) { am.registerAccountChange( user, AccountsAuditActions.REGISTRATION.name(), AccountsAuditActions.FAILED.name(), "Could not verify the account due to wrnong status.", user); return false; } if (key.equals(user.getValidationKey())) { if (user.getMode() == PeopleAccountStatus.YUBIKEY_USER.getValue()) { mgr.changeAccountStatus( user.getUid(), "", PeopleAccountStatus.YUBIKEY_ACCOUNT_INACTIVE.getValue()); } else if (user.getMode() == PeopleAccountStatus.MOBILE_USER.getValue()) { mgr.changeAccountStatus( user.getUid(), "", PeopleAccountStatus.MOBILE_ACCOUNT_INACTIVE.getValue()); } am.registerAccountChange( user, AccountsAuditActions.REGISTRATION.name(), AccountsAuditActions.SUCCESS.name(), "Verified account email address.", user); mgr.resetKey(user.getUid()); return true; } int val = user.getFalseLogin(); mgr.increaseLockNum(user.getUid(), val + 1); if (val > AuthenticationConstants.ALLOWED_FALSE_LOGINS) { mgr.changeAccountStatus( user.getUid(), "SPAM Acccount", PeopleAccountStatus.SPAM_ACCOUNT.getValue()); mgr.resetKey(user.getUid()); mgr.resetKey(user.getUid()); am.registerAccountChange( user, AccountsAuditActions.REGISTRATION.name(), AccountsAuditActions.FAILED.name(), "Too many false activation attemps.", user); } return false; }