protected void checkUserPassword(final String authUsername, final String authPassword, final SpringSecurityUser user) throws AuthenticationException { final String existingPassword = user.getPassword(); boolean hasUser = false; try { hasUser = m_userManager.hasUser(user.getUsername()); } catch (final Throwable e) { throw new AuthenticationServiceException("An error occurred while checking for " + authUsername + " in the UserManager", e); } if (hasUser) { if (!m_userManager.comparePasswords(authUsername, authPassword)) { LOG.warn("Password auth failed for user: " + authUsername); throw new BadCredentialsException("Bad credentials"); } } else { if (!m_userManager.checkSaltedPassword(authPassword, existingPassword)) { LOG.warn("Salted password auth failed for user: " + authUsername); throw new BadCredentialsException("Bad credentials"); } } }