The
SwitchUserProcessingFilter can throw a UsernameNotFound exception if the
UserDetailsService cannot instantiate a user from supplied j_username
parameter.
This exception is
not caught by the SwitchUserProcessingFilter itself, nor as far as I can tell,
by any other filter in the filter chain.
If the HTTP request
was generated from a web page where the target user name was selected from a
menu or an anchor tag that was generated by the server, then the user name
should always be there. But what if the user types in the user name?
Then the user name might not exist.
The
ExceptionTranslationFilter catches this type of exception but it is not clear to
me that it does the right thing. This filter is shown to come
after the SwitchUserProcessingFilter in the filter chain in
most examples.
It is not clear to
me at this point what is the intended usage of the SwitchUserProcessingFilter.
Possibly it needs
its own failureUrl, something like the authenticationProcessingFilter
has. And to trap the UsernameNotFound and then redirect to the
failure url? Thoughts?
Robert
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
