Announcement Announcement Module
No announcement yet.
AuthenticationTimeoutException? Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • AuthenticationTimeoutException?

    Newbie question...

    If an AuthenticationProvider does not get a response from its authentication store within the timeout period of the underlying connector (JDBC, LDAP, etc), what AuthenticationException should the AuthenticationProvider throw?

    For example, if my RDBMS gets really slow and unresponsive, I do not want the login to hang forever, so I throw an AuthenticationException. It does not look like any of the provided AuthenticationExceptions really fit and I prefer not to create my own, non-standard subclass.

    I am probably missing something.
    Thanks for the feedback.

  • #2
    I'm not sure this is really a security issue at all. It's a system error and you would want to propagate a "Please try again later" kind of message to the user. So I don't see anything wrong in creating your own exception and mapping it to some kind of error screen in your application.

    How do you throw an exception during a call to your database? Doesn't the JDBC call timeout anyway?


    • #3
      Thanks for the feedback.