Announcement Announcement Module
Collapse
No announcement yet.
whats the difference between Locked and Disabled exceptions? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • whats the difference between Locked and Disabled exceptions?

    I see that net.sf.acegisecurity.providers.dao.User has an isEnabled method, before I started using acegi I had a role named "LOGIN_ROLE" and this enabled the user to login, so this is what I mapped enabled to when using acegi, I also saw that there was a DisabledException thrown when the account was disabled and I simply display the user a message letting them know that their account has been disabled, anyhow, I also see this LockedException, how does this relate to DisabledException? how should it be used if ever?

  • #2
    Disabled indicates an account has been administratively or automatically disabled for some reason. Usually some action is required to release it.

    Locked indicates an account has been automatically suspended due to invalid login attempts. Usually the passage of time or (less often) requesting manual unlocking is required to release it.

    The distinction is not used by Acegi Security code aside from providing more informative errors to the user. There is also an order in which different exceptions should be returned, so that a disabled or locked account for instance will not return a bad credentials exception. Refer to the JavaDocs for more details.

    Comment

    Working...
    X