- // authorization = userAdmin.getAuthorization(user);
- // assert authorization != null;
- //
- // sharedState.put(CmsAuthUtils.SHARED_STATE_AUTHORIZATION,
- // authorization);
+ if (password != null) {
+ // try bind first
+ try {
+ AuthenticatingUser authenticatingUser = new AuthenticatingUser(user.getName(), password);
+ bindAuthorization = userAdmin.getAuthorization(authenticatingUser);
+ // TODO check tokens as well
+ if (bindAuthorization != null) {
+ authenticatedUser = user;
+ return true;
+ }
+ } catch (Exception e) {
+ // silent
+ if (log.isTraceEnabled())
+ log.trace("Bind failed", e);
+ }
+
+ // works only if a connection password is provided
+ if (!user.hasCredential(null, password)) {
+ return false;
+ }
+ } else if (certificateChain != null) {
+ // TODO check CRLs/OSCP validity?
+ // NB: authorization in commit() will work only if an LDAP connection password
+ // is provided
+ } else if (singleUser) {
+ // TODO verify IP address?
+ } else {
+ throw new CredentialNotFoundException("No credentials provided");
+ }
+
+ authenticatedUser = user;