Junior Member
Account locked and redirection
Hello, after having an account been locked due to too many unsuccessful login attempts I would like to send the user to a different page than the login failure one.
May you give me some advice about what would be the best way to achieve that?
Thank you very much.
Senior Member
Couldn't you simply add a filter to handle this for you?
Junior Member
I was think about adding a field accountLockedUrl in the AbstractProcessingFilter.
By this way if the field is populated the unsuccessAuthentication method could redirect the user to this url if the thrown exception is of type LockedException. If no value for the accountLockedUrl field is provided then user will be redirected to global failure url as it is right now.
Same could apply with account disabled or expired etc.
It seems natural for me to have all these urls defined in a same place as the others when declaring the authenticationProcessingFilter.
What do you think about that approach?
Junior Member
Reading the javadoc for the AbstractProcessingFilter class I found that we can configure redirection to specific pages for a specific AuthenticationException using exceptionMappings property.
So to redirect to a particular page when an account is locked it seems that I should just have to add the following configuration section in my AuthenticationProcessingFilter declaration:
Tell me if I am wrong.Code:<property name="exceptionMappings"> <props> <prop key="org.acegisecurity.LockedException">/myLockedPage.jsp</prop> </props> </property>
Senior Member
No you're right I forgot all about this, I'd do it that way.
Posting Permissions
