Hello all, I have a couple of suggestions for changes to AbstractProcessingFilter. I am not sure on process for submitting patches but I am happy to make these changes myself if somebody would care to provide this information.
My first suggestion is to provide alternate failure URLs for the different failure reasons. These URLs shouldnt need to be madatory as the system could default to the mandatory failure URL. I have looked at the code for this class and it seems that the system catches an AuthenticatationException and if this is caught redirects the user to the specified failure URL. If this catch block was extended to catch the relevant AuthenticationException subtypes the functionality could be easily extended to redirect to different URLs on different events if required by the developer. If there is no URL configured for the particular exception type then the system should default to redirecting to the existing failure URL. The second suggestion is that, upon authentication failure, the system could place the authentication object (that failed) into the session. If the failure pages are dynamic then the failure pages could perform some application specific logic to display even more information to the user. For example... "Authentication has failed. Your account was disabled by 'joe_superuser' at 19/07/04 at 14:22". The problem with this is finding an appropriate time to remove this value from the session.... Perhaps it would be better to use a RequestDispatcher to forward the user onto the failure url and place the failed Authentication object in the request. This way the object wouldnt 'hang around' past its scope. Would this work? I guess this would prevent the failure pages from residing in a different webapp or on a different server... is this a common requirement? Regards Wesley Hall ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
