/**
* Authenticate the user and returns a new client {@link Context} instance.
*
* @return client context
* @throws LoginException login exception
*/
public Context authenticate() throws LoginException {
final byte[] address = token(req.getRemoteAddr());
try {
if (user == null || user.isEmpty() || pass == null || pass.isEmpty())
throw new LoginException(NOPASSWD);
final Context ctx = new Context(context(), null);
ctx.user = ctx.users.get(user);
if (ctx.user == null || !ctx.user.password.equals(md5(pass))) throw new LoginException();
context.blocker.remove(address);
return ctx;
} catch (final LoginException ex) {
// delay users with wrong passwords
for (int d = context.blocker.delay(address); d > 0; d--) Performance.sleep(100);
throw ex;
}
}
