package org.codehaus.plexus.security.ui.web.action;

import com.opensymphony.xwork.Action;
import org.codehaus.plexus.security.authentication.AuthenticationDataSource;
import org.codehaus.plexus.security.authentication.AuthenticationException;
import org.codehaus.plexus.security.policy.AccountLockedException;
import org.codehaus.plexus.security.system.SecuritySession;
import org.codehaus.plexus.security.system.SecuritySystem;
import org.codehaus.plexus.security.ui.web.util.AutoLoginCookies;
import org.codehaus.plexus.security.user.UserNotFoundException;

/* loaded from: input_file:WEB-INF/lib/plexus-security-ui-web-integration-1.0-alpha-5.jar:org/codehaus/plexus/security/ui/web/action/AbstractAuthenticationAction.class */
public abstract class AbstractAuthenticationAction extends AbstractSecurityAction {
    static final String LOGIN_SUCCESS = "security-login-success";
    static final String LOGIN_CANCEL = "security-login-cancel";
    static final String PASSWORD_CHANGE = "must-change-password";
    static final String ACCOUNT_LOCKED = "security-login-locked";
    private AutoLoginCookies autologinCookies;

    /* JADX INFO: Access modifiers changed from: protected */
    public String webLogin(SecuritySystem securitySystem, AuthenticationDataSource authenticationDataSource, boolean z) {
        setAuthTokens(null);
        clearErrorsAndMessages();
        try {
            SecuritySession authenticate = securitySystem.authenticate(authenticationDataSource);
            if (!authenticate.getAuthenticationResult().isAuthenticated()) {
                getLogger().debug(new StringBuffer().append("Login Action failed against principal : ").append(authenticate.getAuthenticationResult().getPrincipal()).toString(), authenticate.getAuthenticationResult().getException());
                addActionError("Authentication failed");
                return Action.ERROR;
            }
            setAuthTokens(authenticate);
            this.autologinCookies.setRememberMe(authenticationDataSource.getPrincipal());
            this.autologinCookies.setSingleSignon(authenticationDataSource.getPrincipal());
            return authenticate.getUser().isPasswordChangeRequired() ? PASSWORD_CHANGE : LOGIN_SUCCESS;
        } catch (AuthenticationException e) {
            addActionError(e.getMessage());
            return Action.ERROR;
        } catch (AccountLockedException e2) {
            addActionError("Your Account is Locked.");
            return ACCOUNT_LOCKED;
        } catch (UserNotFoundException e3) {
            addActionError(e3.getMessage());
            return Action.ERROR;
        }
    }
}
