Herryanto Siatono wrote:
Just a point to ponder, for AuthenticationException thrown after user has
been checked against the database, (e.g. BadCredentialsException), should it
contain the UserDetails generated by the authentication provider?
Reason behind, for cases where the username is converted to user Id by the
authentication provider, when capturing AuthenticationFailureException,
system will have to re-query the database to retrieve the User Id to audit.
I have just modified BadCredentialsException to accept an additional
Object in its constructor, and this is available from
BadCredentialsException.getExtraInformation(). Further,
DaoAuthenticationProvider populates this with the UserDetails so you'll
have access to it via both the exception and the event. Logged as SEC-94.
Cheers
Ben
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
