Ben, Finally I have jaas CredentialsExpiredException and AccountExpiredException working under acegi security integrated in JBoss container.
The modifications on acegi were quite simple.
First I have created 2 new Exceptions named:
net.sf.acegisecurity.AccountExpiredException
net.sf.acegisecurity.CredentialsExpiredException
I have also added 2 new container events
net.sf.acegisecurity.providers.dao.event.AccountExpiredEvent
net.sf.acegisecurity.providers.dao.event.CredentialExpiredEvent
And have added a new interface
net.sf.acegisecurity.ExpirationDetails
Which defines 2 methods isAccountExpired and isCredentialExpired
This interface is to be implemented by the same class that implements
UserDetails so that they can set appropriate values on these 2 methods.
Finally I have modified DaoAuthenticationProvider adding the following
lines
//account expiration check
if(ExpirationDetails.class.isAssignableFrom(user.getClass())){
ExpirationDetails expirationDetails=(ExpirationDetails)user;
if(expirationDetails.isAccountExpired()){
context.publishEvent(new AccountExpiredEvent(
authentication, user));
throw new AccountExpiredException("The provided login
account has expired");
}
if(expirationDetails.isCredentialExpired()){
context.publishEvent(new CredentialExpiredEvent(
authentication, user));
throw new CredentialExpiredException("The provided login
credential has expired");
}
}
I have added ExpirationDetails as a separate interface to keep backwards
compatibility with existing code that implementes UserDetails.
Finally I have modified JBossAcegiLoginModule so that it captures the new
exceptions and transforms them into the jaas corresponding exceptions.
} catch(CredentialExpiredException cee){
if (super.log.isDebugEnabled()) {
super.log.debug("Credential has expired");
}
throw new
javax.security.auth.login.CredentialExpiredException("The credential used
to identify the user has expired");
}catch(AccountExpiredException cee){
if (super.log.isDebugEnabled()) {
super.log.debug("Account has expired, throwing jaas
exception");
}
throw new javax.security.auth.login.AccountExpiredException("The
account specified in login has expired");
}catch (AuthenticationException failed) {
The main problem I have had is that JBoss on version 3.2.6 and 4.0 hid the
real exception and threw a general SecurityException ignoring the cause.
This has also been fixed by them on version 3.2.7 and next release of 4.0
as Scott confirmed.
So now the only thing left is to provide a test case and documentation. Do
you have any more comments or suggestions before I send you the final
code?
Sergio.
smime.p7s
Description: S/MIME cryptographic signature
