Announcement Announcement Module
Collapse
No announcement yet.
why does spring place an exception on a valid login in my session @ open id? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • why does spring place an exception on a valid login in my session @ open id?

    Code:
    Object value = request.getSession().getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY);
    if (value != null && value instanceof BadCredentialsException)
    {
    	BadCredentialsException badCredentialsException = (BadCredentialsException) value;
    	out.print("Error logging in:" + badCredentialsException.getMessage());
    }
    else
    {
    	//Assuming that session conains the user header object...
    	out.print("Login sucessful");
    }
    this was my code for a simple form based authentication in a jsp file,

    now I wanted to expand this code to detect open id based authentication success,

    I found that the following code works:

    Code:
    Object value = request.getSession().getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY);
    if (value != null && value instanceof BadCredentialsException)
    {
    	BadCredentialsException badCredentialsException = (BadCredentialsException) value;
    	out.print("Error logging in:" + badCredentialsException.getMessage());
    }
    else if (value !=null && value instanceof OpenIDAuthenticationRequiredException)
    {
    	SecurityContext ctx = SecurityContextHolder.getContext();
    	out.print("Login sucessful:" + ctx.getAuthentication().getName());
    }
    else
    {
    	out.print("Login sucessful");
    }
    basically I wanted a different message for a normal login and a different message for a openid login

    so, why does spring place an OpenIDAuthenticationRequiredException in my code @ a valid openid login?
    Last edited by salvin18; Dec 7th, 2009, 02:01 AM. Reason: forgot to write reason for the code approach.

  • #2
    Surely an OpenIDAuthenticationRequiredException indicates an authentication problem, not a successful login (as your code interprets it)?

    Unfortunately the 2.0.x JavaDoc doesn't explain this exception, and it's no longer present in 3.0.x. But based on its name, I'd say it means the user has yet to authenticate with their OpenID provider. To be sure, you'd have to inspect the Spring Security source code for references to this exception.

    Comment


    • #3
      Originally posted by andrews View Post
      Surely an OpenIDAuthenticationRequiredException indicates an authentication problem, not a successful login (as your code interprets it)?

      Unfortunately the 2.0.x JavaDoc doesn't explain this exception, and it's no longer present in 3.0.x. But based on its name, I'd say it means the user has yet to authenticate with their OpenID provider. To be sure, you'd have to inspect the Spring Security source code for references to this exception.
      as my post says,
      This happens at a 'valid login' : successful login.

      Comment

      Working...
      X