Announcement Announcement Module
Collapse
No announcement yet.
Internationalizing ConcurrentLoginException? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Internationalizing ConcurrentLoginException?

    Hi all,

    We have ConcurrentLoginException working fine, but we need to Internationalize it. We typically use a resource bundle for this. In the case of BadCredentialsException, for example, we pass in a constant that can be converted in the presentation layer.

    We tried struts global exceptions, but of course, its a filter and all this happens before struts.

    Any ideas?
    iksrazal

  • #2
    OK, the problem appears to be a hard coded error string in ConcurrentSessionControllerImpl:

    Code:
    //The user is AT their max, toss them out
    throw new ConcurrentLoginException(principal
        + " has reached the maximum concurrent logins");
    Unfortunately, since this all happens in a filter, there is no easy way I could find to capture the exception. The solution I came up with was to capture the Spring event, and override onUnsuccessfulAuthentication() . Like so:


    Code:
    public class SWAAuthenticationProcessingFilter extends
            AuthenticationProcessingFilter implements ApplicationListener {
    
        public static final String MULTIPLE_LOGIN_ERROR = 
            "loginForm.login.multiple";
        /**
         * Checks for ConcurrentSessionViolationEvent and sets treatment flag.
         * @param event Spring bean event
         */
        public void onApplicationEvent(ApplicationEvent event) {
            if (event instanceof ConcurrentSessionViolationEvent) {
                synchronized (this) {
                    isMultipleLoginError = true;                
                }
            }
        }
    
        /**
         * Perform logging, and exeception handling tasks if necessary, after 
         * an authentication failure. 
         * @param request HttpServletRequest
         * @param response HttpServletResponse
         * @throws IOException IOException 
         */
        protected void onUnsuccessfulAuthentication(HttpServletRequest request,
                HttpServletResponse response) throws IOException {
            
            // Ugly hack - several acegi exceptions are hard coded and cannot be 
            // internationalized easily. Since the login failure process occurs 
            // in a filter, we are unable to utilize struts globabl exceptions, 
            // etc.
            if (isMultipleLoginError) {
    
                String error = (String) request.getSession().
                        getAttribute("ACEGI_SECURITY_LAST_EXCEPTION").toString();
                
                logger.error("authentication failed, last error: " + error); 
                if (error.indexOf("maximum concurrent logins") != -1) {
                    try {
                        String login = request.getParameter(
                                LOGIN_KEY);
                        request.getSession().setAttribute(
                                ACEGI_SECURITY_LAST_EXCEPTION_KEY,
                                new ConcurrentLoginException(MULTIPLE_LOGIN_ERROR));
                    } catch (Exception ignored) {
                        logger.error("Error occurred while setting: " 
                                + MULTIPLE_LOGIN_ERROR);
                    }
                }
                synchronized (this) {
                    isMultipleLoginError = false;                
                }
            }
        }
    I sure would like to see a better way to do this, or internationalization for error messages.

    Regards,
    iksrazal

    Comment


    • #3
      There is no way of doing this more easily at present. I've added your suggestion to the relevant JIRA task: http://opensource2.atlassian.com/pro.../browse/SEC-10

      Comment

      Working...
      X