+
+ private void loginSession(HttpServletRequest req, User user) {
+ req.getSession().invalidate();
+ HttpSession hs = req.getSession();
+ hs.setAttribute(LOGGEDIN, true);
+ hs.setAttribute(Language.SESSION_ATTRIB_NAME, user.getPreferredLocale());
+ hs.setAttribute(USER, user);
+ }
+
+ @Override
+ public boolean isPermitted(User u) {
+ return u == null;
+ }