password expiry and i18n...

[RoyBatty]

Hello fellas,

i am trying to implement a password expiry function for my site. I've got it working by including a "exceptionTranslationFilter", having the right exception forward to an "enter old+new password" page, as such:
<beansrop key="org.springframework.security.authentication.C redentialsExpiredException">/security/passwordexpired.jsp</beansrop>

My problem is that my userdetailservice that i've written knows the language of the user that tried to login (and had "ispasswordnonexpired" to false), but then an exception is thrown, it redirects to that jsp page, and in there i have no concept of the user that logged in...

Anybody have any flash ideas? Would be appreciated.

[Rob Winch]

Your AuthenticationProvider could include that in the exception that is thrown. For example throw a CredentialsExpriredException that says "The credentials for "+username+" are expired". Naturally you would want to use a Spring MessageSource to internationalize the message though. If you want you could extend the exception and add the username as a distinct member variable too....its really up to you.

[RoyBatty]

Right, i hear you, but when the server reaches the code in my jsp file, how to i get hold of the exception? Does the exceptionTranslationHandler somehow include the exception in the context?? My jsp is called by the handler's exception mappings.

Optimally i would like to set the locale somehow, so that when i use an fmt-tag with a resourcebundle, it would just pick the language i've set somehow.

[Rob Winch]

Right, i hear you, but when the server reaches the code in my jsp file, how to i get hold of the exception? Does the exceptionTranslationHandler somehow include the exception in the context??

You can use the session attribute SPRING_SECURITY_LAST_EXCEPTION. Refer to the sample applications for details.

Optimally i would like to set the locale somehow, so that when i use an fmt-tag with a resourcebundle, it would just pick the language i've set somehow.

Typically with Spring Security the exception has already been localized (therefore you would just output the message from the exception). If you have problems with doing i18n look at the current filters and search the forums as this has been discussed a few times on how to support localization with Spring Security. There is also some doc on it in the reference.

[RoyBatty]

Many thanks for your replies.

Basically, i'm not so much after the username as the language that is associated with my logged in user. If he/she logges in but the password is expired, i'd want to pass the language (well, and perhaps the username...) back to set the locale somewhere (in the view/jsp i guess), so that i can get the right string from my resourcebundle. I'm not so sure on how Spring decides on the language, and moreover i'd rather present my own fault messages if you see what i mean.

OK, i guess i'll take another round of threading...

[Rob Winch]

With the way that Spring Security does i18n you can change the message by changing the resource bundles. Please read the link I posted to learn how Spring Security does i18n. For general knowledge of Spring doing i18n refer to the Spring reference.