Is there a standard/recommend way in JSecurity/Ki to make the reason for an authentication failure available to the application? Similarly to CMA, if Ki is configured to run before the application servlet/filter, there's no direct way to tell the application why an authentication try failed. Is the recommended mechanism in this case to try to use a standard "<error-page><exception-type>" element in web.xml or something else? The other way around, if I create a login form and handle the authentication in it myself (by calling SecurityUtils.getSubject().login() ) is there a way to obtain the "originally requested url" from Ki that the security filter intercepted, then redirected to login page?
Currently I implemented this so that a login form that *could* handle login, but a success case is directly handled by Ki. In a failure case, Ki let's the request through and I just re-try the authentication to get the failure reason. This is a little hackish and results in an unnecessary authentication try in a failure case, but works surprisingly well for me as it allows me to use the "native" error message mechanisms of my web application framework. Kalle
