if (user!=null && AuthUtil.verifyPassword(password, user.getHashPassword())) {
logger.info("event=login_admin_ui user_name=" + userName + " user_id=" + user.getUserId());
session.setAttribute("USER", user);
} else if (user==null && CMBProperties.getInstance().getCNSUserName().equals(userName) && CMBProperties.getInstance().getCNSUserPassword().equals(password)) {
logger.warn("event=login_admin_ui action=created_missing_admin_user user_name=" + userName);
userHandler.createUser(userName, password, true);
user = userHandler.getUserByName(userName);
session.setAttribute("USER", user);
} else {
logger.warn("event=login_admin_ui user_name=" + userName);
user = null;