@Handle public JSONObject handle( HttpServletRequest request ) throws Exception { final String username = UrlUtils.urlDecode(request.getParameter("username")).trim().toLowerCase(); User user = userRepository.findByUsername(username); if (user == null) { // For form based authentication, username and displayName will be the same String randomPassword = UserRepository.createRandomPassword(); user = userRepository.findOrAddUser( username, username, null, randomPassword ); } AuthorizationContext authorizationContext = new UserNameAuthorizationContext( username, RemoteAddressUtil.getClientIpAddr(request) ); userRepository.updateUser(user, authorizationContext); CurrentUser.set(request, user.getUserId(), user.getUsername()); auditService.auditLogin(user); JSONObject json = new JSONObject(); json.put("status", "OK"); return json; } }