Announcement Announcement Module
No announcement yet.
Account locked and redirection Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Account locked and redirection

    Hello, after having an account been locked due to too many unsuccessful login attempts I would like to send the user to a different page than the login failure one.
    May you give me some advice about what would be the best way to achieve that?
    Thank you very much.

  • #2
    Couldn't you simply add a filter to handle this for you?


    • #3
      I was think about adding a field accountLockedUrl in the AbstractProcessingFilter.
      By this way if the field is populated the unsuccessAuthentication method could redirect the user to this url if the thrown exception is of type LockedException. If no value for the accountLockedUrl field is provided then user will be redirected to global failure url as it is right now.
      Same could apply with account disabled or expired etc.

      It seems natural for me to have all these urls defined in a same place as the others when declaring the authenticationProcessingFilter.

      What do you think about that approach?


      • #4
        Reading the javadoc for the AbstractProcessingFilter class I found that we can configure redirection to specific pages for a specific AuthenticationException using exceptionMappings property.
        So to redirect to a particular page when an account is locked it seems that I should just have to add the following configuration section in my AuthenticationProcessingFilter declaration:

        <property name="exceptionMappings">
            <prop key="org.acegisecurity.LockedException">/myLockedPage.jsp</prop>
        Tell me if I am wrong.


        • #5
          No you're right I forgot all about this, I'd do it that way .