Results 1 to 3 of 3

Thread: why does spring place an exception on a valid login in my session @ open id?

Hybrid View

  1. Dec 7th, 2009, 12:58 AM #1
    salvin18
    salvin18 is offline Junior Member
    Join Date
    Oct 2009
    Posts
    13

    Unhappy why does spring place an exception on a valid login in my session @ open id?

    Code:
    Object value = request.getSession().getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY);
if (value != null && value instanceof BadCredentialsException)
{
	BadCredentialsException badCredentialsException = (BadCredentialsException) value;
	out.print("Error logging in:" + badCredentialsException.getMessage());
}
else
{
	//Assuming that session conains the user header object...
	out.print("Login sucessful");
}
    this was my code for a simple form based authentication in a jsp file,

    now I wanted to expand this code to detect open id based authentication success,

    I found that the following code works:

    Code:
    Object value = request.getSession().getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY);
if (value != null && value instanceof BadCredentialsException)
{
	BadCredentialsException badCredentialsException = (BadCredentialsException) value;
	out.print("Error logging in:" + badCredentialsException.getMessage());
}
else if (value !=null && value instanceof OpenIDAuthenticationRequiredException)
{
	SecurityContext ctx = SecurityContextHolder.getContext();
	out.print("Login sucessful:" + ctx.getAuthentication().getName());
}
else
{
	out.print("Login sucessful");
}
    basically I wanted a different message for a normal login and a different message for a openid login

    so, why does spring place an OpenIDAuthenticationRequiredException in my code @ a valid openid login?
    Last edited by salvin18; Dec 7th, 2009 at 01:01 AM. Reason: forgot to write reason for the code approach.
  2. Dec 8th, 2009, 10:42 PM #2
    Andrew Swan
    Andrew Swan is offline Senior Member Spring Team
    Join Date
    May 2005
    Location
    Sydney, Australia
    Posts
    667

    Lightbulb

    Surely an OpenIDAuthenticationRequiredException indicates an authentication problem, not a successful login (as your code interprets it)?

    Unfortunately the 2.0.x JavaDoc doesn't explain this exception, and it's no longer present in 3.0.x. But based on its name, I'd say it means the user has yet to authenticate with their OpenID provider. To be sure, you'd have to inspect the Spring Security source code for references to this exception.
    Andrew Swan
    "Now is the EJB of our discontent made glorious Spring"
  3. Dec 19th, 2009, 11:55 AM #3
    salvin18
    salvin18 is offline Junior Member
    Join Date
    Oct 2009
    Posts
    13

    Default

    Quote Originally Posted by andrews View Post
    Surely an OpenIDAuthenticationRequiredException indicates an authentication problem, not a successful login (as your code interprets it)?

    Unfortunately the 2.0.x JavaDoc doesn't explain this exception, and it's no longer present in 3.0.x. But based on its name, I'd say it means the user has yet to authenticate with their OpenID provider. To be sure, you'd have to inspect the Spring Security source code for references to this exception.
    as my post says,
    This happens at a 'valid login' : successful login.
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules