PrintWriter out = response.getWriter();
Map<?, ?> parameters = request.getParameterMap();
String userName = request.getParameter("user");
userName = userName == null ? "" : userName;
String password = request.getParameter("passwd");
IUserPersistence userHandler = PersistenceFactory.getUserPersistence();
User user = null;
if (parameters.containsKey("Login")) {
try {
user = userHandler.getUserByName(userName);
HttpSession session = request.getSession(true);
if (user!=null && AuthUtil.verifyPassword(password, user.getHashPassword())) {
logger.info("event=login_admin_ui user_name=" + userName + " user_id=" + user.getUserId());
session.setAttribute("USER", user);
} else if (user==null && CMBProperties.getInstance().getCNSUserName().equals(userName) && CMBProperties.getInstance().getCNSUserPassword().equals(password)) {
logger.warn("event=login_admin_ui action=created_missing_admin_user user_name=" + userName);
userHandler.createUser(userName, password, true);
user = userHandler.getUserByName(userName);
session.setAttribute("USER", user);
} else {
logger.warn("event=login_admin_ui user_name=" + userName);
user = null;
session.removeAttribute("USER");