Geek Answers Handbook

Throwing custom exceptions and display error messages from custom AuthenticationProvider

This is a continuation of this issue .

I have a custom AuthenticationProvider that extends AbstractUserDetailsAuthenticationProvider. At addAuthenticationChecks, I do some of my own authentication work, and part of this process is to display some messages to the user on the login screen. Currently, for testing, I have created a UserNotActivatedException:

class UserNotActivatedException extends AuthenticationException { public UserNotActivatedException(String message, Throwable t) { super(message, t) } public UserNotActivatedException(String message) { super(message) } public UserNotActivatedException(String message, Object extraInformation) { super(message, extraInformation) } }

And in addAuthenticationChecks I just drop it for testing. Now I need to know what I need to do so that my own error message appears on the login screen. In the spring-security-core default configuration, we can override the following:

 errors.login.disabled = "Sorry, your account is disabled." errors.login.expired = "Sorry, your account has expired." errors.login.passwordExpired = "Sorry, your password has expired." errors.login.locked = "Sorry, your account is locked." errors.login.fail = "Sorry, we were not able to find a user with that username and password."

But I do not see how to add my own additional messages.

+4
source share
1 answer

It seems that these messages are simply used by authfail action, which is generated in grails-app/controllers . Here is the code from the template (in the plugin):

 /** * Callback after a failed login. Redirects to the auth page with a warning message. */ def authfail = { def username = session[UsernamePasswordAuthenticationFilter.SPRING_SECURITY_LAST_USERNAME_KEY] String msg = '' def exception = session[WebAttributes.AUTHENTICATION_EXCEPTION] if (exception) { if (exception instanceof AccountExpiredException) { msg = SpringSecurityUtils.securityConfig.errors.login.expired } else if (exception instanceof CredentialsExpiredException) { msg = SpringSecurityUtils.securityConfig.errors.login.passwordExpired } else if (exception instanceof DisabledException) { msg = SpringSecurityUtils.securityConfig.errors.login.disabled } else if (exception instanceof LockedException) { msg = SpringSecurityUtils.securityConfig.errors.login.locked } else { msg = SpringSecurityUtils.securityConfig.errors.login.fail } } if (springSecurityService.isAjax(request)) { render([error: msg] as JSON) } else { flash.message = msg redirect action: auth, params: params } }

(from ~ / .grails / 1.3.7 / projects / project-name / plugins / spring-security-core-1.1.2 / src / templates / LoginController.groovy.template)

You can probably just add your UserNotActivatedException type to the conditions.

+3
source

More articles:


All Articles