[Acegisecurity-developer] LdapAuthenticationProvider and empty password

Teppo Jalava Tue, 28 Feb 2006 01:49:56 -0800

Hello

While migrating our system to use the new LdapAuthenticationProvider,
I noticed that when user tries to login with an empty password, the
provider throws IllegalArgumentException, due to the
Assert.hasLength-check. Is this the right kind of behaviour for the
provider? I mean, I would rather see a BadCredentialsException or some
other AuthenticationException instead so the
AuthenticationProcessingFilter would redirect the user to the
authentication failure page.


Or is there some other mechanism besides subclassing the provider to
achieve this that I've missed?

Thank you in advance,
Teppo


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] LdapAuthenticationProvider and empty password

Reply via email to