/** * Performs {@link AccessControlManager#setAuthenticationCredentials(String, String)} or {@link * AccessControlManager#setFullAuthenticationCredentials(String, String)}, depending on whether * the authPassword or authApiPassword parameter is specified. * * <p>TODO: auth requests should be factorised to an Access service (they're not used by other WS * requests). TODO: it's being done in an inefficient way (authentication done twice). */ @POST @Path("/login") @Produces(MediaType.APPLICATION_XML) public User setAuthenticationCredentials( @FormParam("login") String authEmail, @FormParam("login-pwd") String authPassword, @FormParam("login-secret") String authApiPassword) throws SecurityException { AccessControlManager mgr = getAccessControlManager(authEmail, authPassword, authApiPassword); User result = authPassword == null ? mgr.setAuthenticationCredentials(authEmail, authApiPassword) : mgr.setFullAuthenticationCredentials(authEmail, authPassword); mgr.close(); return result; }