private boolean handleLoginFailure()

in src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java [964:1044]

• 66 lines of code
• 16 McCabe index (conditional complexity)

    private boolean handleLoginFailure(
            final HttpServletRequest request,
            final HttpServletResponse response,
            final AuthenticationInfo authInfo,
            final Exception reason) {

        String user = authInfo.getUser();
        boolean processRequest = false;
        if (reason.getClass().getName().contains("TooManySessionsException")) {

            // to many users, send a 503 Service Unavailable
            log.info("handleLoginFailure: Too many sessions for {}: {}", user, reason.getMessage());

            try {
                response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE, "SlingAuthenticator: Too Many Users");
            } catch (IOException ioe) {
                log.error("handleLoginFailure: Cannot send status 503 to client", ioe);
            }

        } else if (reason instanceof LoginException) {
            log.info("handleLoginFailure: Unable to authenticate {}: {}", user, reason.getMessage());
            if (isAnonAllowed(request)
                    && !expectAuthenticationHandler(request)
                    && !AuthUtil.isValidateRequest(request)) {
                log.debug(
                        "handleLoginFailure: LoginException on an anonymous resource, fallback to getAnonymousResolver");
                processRequest = getAnonymousResolver(request, response, new AuthenticationInfo(null));
            } else {
                // request authentication information and send 403 (Forbidden)
                // if no handler can request authentication information.

                FAILURE_REASON_CODES code = FailureCodesMapper.getFailureReason(authInfo, reason);
                String message = null;
                switch (code) {
                    case ACCOUNT_LOCKED:
                        message = "Account is locked";
                        break;
                    case ACCOUNT_NOT_FOUND:
                        message = "Account was not found";
                        break;
                    case PASSWORD_EXPIRED:
                        message = "Password expired";
                        break;
                    case PASSWORD_EXPIRED_AND_NEW_PASSWORD_IN_HISTORY:
                        message = "Password expired and new password found in password history";
                        break;
                    case EXPIRED_TOKEN:
                        message = "Expired authentication token";
                        break;
                    case UNKNOWN:
                    case INVALID_LOGIN:
                    default:
                        message = "User name and password do not match";
                        break;
                }

                // preset a reason for the login failure
                request.setAttribute(JakartaAuthenticationHandler.FAILURE_REASON_CODE, code);
                ensureAttribute(request, JakartaAuthenticationHandler.FAILURE_REASON, message);

                doLogin(request, response);
            }

        } else {

            if (log.isErrorEnabled()) {
                // general problem, send a 500 Internal Server Error
                log.error(String.format("handleLoginFailure: Unable to authenticate %s", user), reason);
            }

            try {
                response.sendError(
                        HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
                        "SlingAuthenticator: data access error, reason="
                                + reason.getClass().getSimpleName());
            } catch (IOException ioe) {
                log.error("handleLoginFailure: Cannot send status 500 to client", ioe);
            }
        }
        return processRequest;
    }