Currently we have no way of representing data access exceptions - i.e. why interacting with a data resource failed. The existing Realm implementations throw AuthenticationException or AuthorizationException when encountering these types of errors, which is mostly incorrect - these types of exceptions don't indicate a problem with the user's submission , but rather with the resources used to perform authentication or authorization.
I'd like to create a new org.apache.shiro.dao package and create a root DataAccessException (similar to Spring's) and create a few cursory subclasses, like CommunicationException, etc. My desire for this came about when working with the JndiLdapRealm implementation: I need to be able to distinguish whether or not authentication fails due to invalid user data (wrong password, etc) or if it is due to an invalid LDAP configuration. The former can be represented to the user while the latter should be presented to the developer configuring Shiro - quite different use cases. In solving this for the LDAP realm, it would enable the same exception hierarchy to be used in other realms trying to indicate similar problems, providing a cohesive solution. Any objections? Thoughts? Thanks, Les
