Details
-
Improvement
-
Resolution: Timed out
-
Low
-
None
-
0.7.6
-
None
-
true
Description
As the LoginFilter does call the beforeLogin method of the interceptors but this method may not throw an AuthenticatorException it is not possible to effectively prevent a login by the use of such an interceptor. But this might be desired if for example users should be disabled. Therefore I would suggest to either add AuthenticatorException within the throws clause of the beforeLogin method or to add a special runtime exception "InterceptorException" that is handled within the LoginFilter in such a way that if it occurs the LOGIN_FAILED attribute is set. So the following code sniplet shows a possible solution within the LoginFilter for this issue.
try
{
for (Iterator iterator = interceptors.iterator(); iterator.hasNext()
loggedIn = getAuthenticator().login(request, response, username, password, persistentLogin);
if (loggedIn)
{ log.debug("Login was successful - setting attribute to \"Success\""); request.setAttribute(OS_AUTHSTATUS_KEY, LOGIN_SUCCESS); }else
{ log.debug("Login was not successful - setting attribute to \"Failed\""); request.setAttribute(OS_AUTHSTATUS_KEY, LOGIN_FAILED); } }
catch (InterceptorException e)
catch (AuthenticatorException e)
{ log.debug("Login was not successful, and exception was thrown - setting attribute to \"Error\""); request.setAttribute(OS_AUTHSTATUS_KEY, LOGIN_ERROR); e.printStackTrace(); log.warn("Exception was thrown whilst logging in: " + e.getMessage(), e); }