@Override
public Authentication authenticate(Authentication req) throws AuthenticationException {
logger.debug("Processing authentication request for " + req.getName());
if (req.getCredentials() == null) {
BadCredentialsException e = new BadCredentialsException("No password supplied");
publish(new AuthenticationFailureBadCredentialsEvent(req, e));
throw e;
}
UaaUser user;
try {
user = userDatabase.retrieveUserByName(req.getName().toLowerCase(Locale.US));
} catch (UsernameNotFoundException e) {
user = dummyUser;
}
final boolean passwordMatches =
encoder.matches((CharSequence) req.getCredentials(), user.getPassword());
if (!accountLoginPolicy.isAllowed(user, req)) {
logger.warn(
"Login policy rejected authentication for "
+ user.getUsername()
+ ", "
+ user.getId()
+ ". Ignoring login request.");
BadCredentialsException e =
new BadCredentialsException("Login policy rejected authentication");
publish(new AuthenticationFailureLockedEvent(req, e));
throw e;
}
if (passwordMatches) {
logger.debug("Password successfully matched");
Authentication success =
new UaaAuthentication(
new UaaPrincipal(user),
user.getAuthorities(),
(UaaAuthenticationDetails) req.getDetails());
publish(new UserAuthenticationSuccessEvent(user, success));
return success;
}
if (user == dummyUser) {
logger.debug("No user named '" + req.getName() + "' was found");
publish(new UserNotFoundEvent(req));
} else {
logger.debug("Password did not match for user " + req.getName());
publish(new UserAuthenticationFailureEvent(user, req));
}
BadCredentialsException e = new BadCredentialsException("Bad credentials");
publish(new AuthenticationFailureBadCredentialsEvent(req, e));
throw e;
}
