Looking into the code that I think calls your overloaded doAuthenticate method, it seems as if any exception that is not an AuthenticationException is wrapped with one:
See line 214: http://shiro.apache.org/static/1.2.3/apidocs/src-html/org/apache/shiro/authc/AbstractAuthenticator.html I do not recall the class hierarchy right now, but I think your realm should extend from the AbstractAuthenticator, right? So my first guess would be that you should also overload the authenticate method and implement your desired behaviour there? I am not sure though if something else will break when some exceptions other than AuthenticationExceptions escape. On 06/26/2015 02:19 PM, kpenrose wrote: > I'm using a single realm - jpa based, and as I said, authentication works > correctly with my overloaded doAuthentication method (or whatever it's > called). And, inside that method I find that a password change is required, > and I throw an ExcessiveAttemptsException, but the calling controller for my > UI only catches the base class AuthenticationException. Very strange > behavior, and I can't figure it out, to say the least. > Thanks. > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/ExcessiveAttemptsException-How-to-configure-tp4534742p7580589.html > Sent from the Shiro User mailing list archive at Nabble.com.
