On Fri, Sep 12, 2008 at 6:13 PM, Ryan Andreasen <[EMAIL PROTECTED]>wrote:
> > Our organization wants to be able to expire passwords, lock out accounts, > etc. I have seen some discussion about expiring passwords but haven't > found > a clear cut way of handling them. Currently I am using the > FastBindLDAPAuthenticator to do our ldap bind. This is working great, > except that if the login fails for any reason, the login page is shown > again. I need to be able to hook into the ldap exception coming back from > the ldap bind, and depending on the ldap error code show them a different > page or else the login page again. > > I have found that the actual ldap exception (NamingException) gets handled > in the org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource > class. However, it eats the NamingException and just throws a > DataAccessResourceFailureException. This exception percolates up to the > FastBindLdapAuthenticationHandler, and then back up (eventually) to the > AuthenticationViaFormAction class which populates the ErrorInstance, and > sets the spring Event to error. So I think I know how the current process > is working and would like to get everyone's idea on the best way to hook in > what I want. It doesn't necessarily eat it, they should still be available in the chain (i.e. exception.getCause().getCause()). But yes, its not readily obvious where it is. > > > Another question I had is how do you get the Errors (that are set in > AuthenticationViaFormAction) in a different class? Is there a way to get > at > them? I believe by default the AuthenticationViaForm class just pulls out the code and displays a message. If you need better responsiveness than that, you can open a JIRA enhancement request and w can try make that method available for overriding such that you could implement custom behavior on just that method. So essentially (and I'm saying this without looking), we'd set it up so that you can have the thing that translates errors return specific events and you can use the webflow to redirect to the appropriate views based on the event name. Not sure if it would work or how much effort it is to update the code for this, but please put in a request and Ill take a look at it ASAP (I'm going to allocate some time later anyway to work on open CAS issues). Thanks -Scott > > > First, I would really like to not modify any of the cas-server-core code. > I > guess I could basically write my own classes that do the same things as the > FastBindLdapAuthenticationHandler & AuthenticatedLdapContextSource but that > keeps the NamingException around rather than eating it, but this doesn't > really sound right to me. > > Second, I would really like to somehow just hook into the spring webflow > and > insert my code to check the NamingException and redirect to the correct > page > based on it. > > I hope this makes sense; I am just looking to see what the best way to > accomplish this might be. > -- > View this message in context: > http://www.nabble.com/Hook-into-LDAP-Errors-tp19465040p19465040.html > Sent from the CAS Users mailing list archive at Nabble.com. > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
