Karel Miarka wrote:
Hi Ben,
I have started to use dao.event.LoggerListener and I'm wondering why no event is published when invalid username was provided eg. UsernameNotFoundException / BadCredentialsException arise.
I think this case should be logged by the same mechanism as the other events (auth success, password failure, ...) otherwise I have to catch it in my DAO, but I find this approach quite inconsistent.
Can you please write a note on this?
TIA, Karel
Hi Karel
The reason we haven't got an event for UsernameNotFoundException is because the AuthenticationEvent requires a non-null User, and if the username cannot be found, we can't obtain a user.
Having said that, you'd be welcome to contribute a patch to DaoAuthenticationProvider along with a new AuthenticationEvent subclass which notes in its JavaDocs the UsernameNotFoundEvent.getUser() will always return a non-null but invalid value.
Best regards Ben
------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
