Nov 30th, 2004, 05:24 AM
AccountExpiredException and CredentialExpiredException
After having the login phase completely solved by jaas through acegi container integration i find that now i need to support and throw both
From inside JBossAcegiLoginModule. At first i thought it would be easy, but i think there is no corresponding exception on the acegi hierarchy.
Do you have plans on supporting those 2 states on the authentication layer?
Right now i need to implement them for my project, so if you have any directive regarding how would you like them implemented just let me now and i'll lend you a hand.
Nov 30th, 2004, 06:21 AM
Just for the ref,
Im implementing them now extending DaoAuthenticationProvider with a new DaoExpirationAuthenticationProvider and 2 new exceptions at the net.sf.acegisecurity level.
I will also extend a new UserDetails interface with isAccountExpired and isCredentialExpired methods.
Nov 30th, 2004, 02:03 PM
So you need to differentiate between a disabled account (currently supported) and expired credentials (password) and an expired account? You could extend the UserDetails as you mention and rather than create a DaoExpirationAuthenticationProvider, just have it detect if the object returned from AuthenticationDao implements ExtendedUserDetails and obtain the information from there. The exceptions belong in the top level package as you mention and should subclass AuthenticationException. Please feel free to email me directly with a CVS diff for DaoAuthenticationProvider and the new classes/interfaces.