How would you implement LockOutRealms in Shiro ? On Thu, Sep 10, 2015 at 5:46 PM, Sreyan Chakravarty < [email protected]> wrote:
> Yes but why not just extend the FormAuthenticator ? Like done over at > http://meri-stuff.blogspot.in/2011/03/apache-shiro-part-1-basics.html > > Isn't there an easier way that programmatic login ? > > Also how would you implement Realms that can lock out users after a > certain number of failed attempts ? > > On Thu, Sep 10, 2015 at 12:50 PM, scSynergy <[email protected]> > wrote: > >> I think you would need to do programmatic login so that you can catch the >> individual exceptions that may be thrown. >> >> public void login() { >> try { >> AuthenticationToken at = (new UsernamePasswordToken(username, >> password, false)); >> subject.login(at); >> } catch (UnknownAccountException | IncorrectCredentialsException | >> LockedAccountException ex) { >> // do something here >> } catch (AuthenticationException ex) { >> // do something else here >> } catch (IOException | DuplicateEntityException ex) { >> LOG.log(Level.SEVERE, null, ex); >> } >> } >> >> >> >> -- >> View this message in context: >> http://shiro-user.582556.n2.nabble.com/Customizing-error-messages-for-FormAuthenticator-tp7580716p7580725.html >> Sent from the Shiro User mailing list archive at Nabble.com. >> > >
