if (auth == null)
throw new ServletException(L.l("No authentication mechanism is configured for '{0}'", getWebApp()));
// server/1aj0
Login login = webApp.getLogin();
if (login == null)
throw new ServletException(L.l("No login mechanism is configured for '{0}'", getWebApp()));
if (! login.isPasswordBased())
throw new ServletException(L.l("Authentication mechanism '{0}' does not support password authentication", login));
removeAttribute(Login.LOGIN_USER_NAME);
removeAttribute(Login.LOGIN_USER_PRINCIPAL);
removeAttribute(Login.LOGIN_PASSWORD);
Principal principal = login.getUserPrincipal(this);
if (principal != null)
throw new ServletException(L.l("UserPrincipal object has already been established"));
setAttribute(Login.LOGIN_USER_NAME, username);
setAttribute(Login.LOGIN_PASSWORD, password);
try {
login.login(this, getResponse(), false);
}
finally {
removeAttribute(Login.LOGIN_USER_NAME);
removeAttribute(Login.LOGIN_PASSWORD);
}
principal = login.getUserPrincipal(this);
if (principal == null)
throw new ServletException("can't authenticate a user");
}