Announcement Announcement Module
Collapse
No announcement yet.
AccountExpiredException and CredentialExpiredException Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • AccountExpiredException and CredentialExpiredException

    Well,

    After having the login phase completely solved by jaas through acegi container integration i find that now i need to support and throw both

    javax.security.auth.login.CredentialExpiredExcepti on
    javax.security.auth.login.AccountExpiredException

    From inside JBossAcegiLoginModule. At first i thought it would be easy, but i think there is no corresponding exception on the acegi hierarchy.

    Do you have plans on supporting those 2 states on the authentication layer?

    Right now i need to implement them for my project, so if you have any directive regarding how would you like them implemented just let me now and i'll lend you a hand.

    Regards,

    Sergio.

  • #2
    Just for the ref,

    Im implementing them now extending DaoAuthenticationProvider with a new DaoExpirationAuthenticationProvider and 2 new exceptions at the net.sf.acegisecurity level.

    I will also extend a new UserDetails interface with isAccountExpired and isCredentialExpired methods.

    Comment


    • #3
      So you need to differentiate between a disabled account (currently supported) and expired credentials (password) and an expired account? You could extend the UserDetails as you mention and rather than create a DaoExpirationAuthenticationProvider, just have it detect if the object returned from AuthenticationDao implements ExtendedUserDetails and obtain the information from there. The exceptions belong in the top level package as you mention and should subclass AuthenticationException. Please feel free to email me directly with a CVS diff for DaoAuthenticationProvider and the new classes/interfaces.

      Comment

      Working...
      X