AccountExpiredException and CredentialExpiredException

[Sergio]

Well,

After having the login phase completely solved by jaas through acegi container integration i find that now i need to support and throw both

javax.security.auth.login.CredentialExpiredExcepti on
javax.security.auth.login.AccountExpiredException

From inside JBossAcegiLoginModule. At first i thought it would be easy, but i think there is no corresponding exception on the acegi hierarchy.

Do you have plans on supporting those 2 states on the authentication layer?

Right now i need to implement them for my project, so if you have any directive regarding how would you like them implemented just let me now and i'll lend you a hand.

Regards,

Sergio.

[Sergio]

Just for the ref,

Im implementing them now extending DaoAuthenticationProvider with a new DaoExpirationAuthenticationProvider and 2 new exceptions at the net.sf.acegisecurity level.

I will also extend a new UserDetails interface with isAccountExpired and isCredentialExpired methods.

[Ben Alex]

So you need to differentiate between a disabled account (currently supported) and expired credentials (password) and an expired account? You could extend the UserDetails as you mention and rather than create a DaoExpirationAuthenticationProvider, just have it detect if the object returned from AuthenticationDao implements ExtendedUserDetails and obtain the information from there. The exceptions belong in the top level package as you mention and should subclass AuthenticationException. Please feel free to email me directly with a CVS diff for DaoAuthenticationProvider and the new classes/interfaces.