scheme = (AuthenticationScheme) request.getSession().getAttribute(Constants.AUTH_SESSION);
}
}
if (scheme != null) {
AuthenticationModule module = scheme.currentAuthenticationModule();
if (module == null) {
log.error("No authentication module.");
request.getSession().removeAttribute(Constants.AUTH_SESSION);
return mapping.findForward("logon");
}
try {
// If there is no user in the scheme then it is an invalid login
if(scheme.getUser() == null) {
throw new InvalidLoginCredentialsException();
}
// Check the account is enabled and not locked
if(!PolicyUtil.isEnabled(scheme.getUser())) {
throw new AccountLockedException(scheme.getUsername(), "Account disabled.", true, 0);
}
// Check for locks
LogonControllerFactory.getInstance().checkForAccountLock(scheme.getUsername(), scheme.getUser().getRealm().getResourceName());
// Authenticate
authenticate(scheme, request);
// Check logon is currently allowed
String logonNotAllowedReason = LogonControllerFactory.getInstance().checkLogonAllowed(
scheme.getUser());
if (logonNotAllowedReason != null) {
log.warn("Logon not allowed because '" + logonNotAllowedReason + "'");
msgs.add(Globals.ERROR_KEY, new ActionMessage("login.logonNotAllowed", logonNotAllowedReason));
saveErrors(request, msgs);
return new RedirectWithMessages(mapping.findForward("logon"), request);
}
// Check for the next authentication modules
AuthenticationModule nextModule = scheme.nextAuthenticationModule();
if (nextModule != null && request.getSession().getAttribute(Constants.SESSION_LOCKED) == null) {
if (log.isDebugEnabled())
log.debug("There are more authentication modules to satisfy (current mapping = " + mapping.getPath());
ActionForward fw = new RedirectWithMessages(mapping.findForward("logon"), request);
return fw;