It might be better to inform the user those errors.
You can do this by different Exceptions you throw.
Here is an example for a SearchModeSearchDatabaseAuhenticationHandler:
protected final boolean authenticateUsernamePasswordInternal(
UsernamePasswordCredentials credentials) throws
AuthenticationException {
if (StringUtils.isBlank(credentials.getUsername()) ||
StringUtils.isBlank(credentials.getPassword())) {
throw new MissingFieldAuthenticationException();
}
final String encyptedPassword =
getPasswordEncoder().encode(credentials.getPassword());
final int count =
getJdbcTemplate().queryForInt(this.sql,
credentials.getUsername(), encyptedPassword);
if (count != 1) return false; // no user found
// check account status
int validateStatus = this.getUserAccountStatus(credentials);
try {
if (validateStatus == UserStatus.NORMAL) return true;
if (validateStatus == UserStatus.MUST_VALIDATE_EMAIL) throw new
UserMustValidateEmailAuthException();
throw new BlockedCredentialsAuthenticationException();
} catch (AuthenticationException e) {
throw e;
}
private int getUserAccountStatus(Credentials credentials) {
final String query =
"Select STATUS from " + this.tableUsers + " " +
"Where " + this.fieldUser + " = ?";
if (credentials instanceof UsernamePasswordCredentials) {
UsernamePasswordCredentials upCredentials =
(UsernamePasswordCredentials) credentials;
int lockStatus = getJdbcTemplate().queryForInt(query,
upCredentials.getUsername());
return lockStatus;
}
log.error("credentials not supported: " +
credentials.getClass().getName());
return -1;
}
Here you see I throw several different Exceptions to inform the user
on the login mask.
The same can be used for password expired handling in your handler.
I successfully use this in several AuthHandlers (db, webservice etc.)
Robert
-
> I think that you should implement your own
> org.jasig.cas.authentication.handler.AuthenticationHandler to plugin
> to CAS in the deployerConfigContext.xml, In this way you can
> retrieve a password for the user, and password expiration value for
> the user, them proceed to authenticate the user and if the password
> is valid check the password expiration value, to implement the
> org.jasig.cas.authentication.handler.AuthenticationHandler you can
> do something like this
>
> public boolean authenticate(Credentials cred) throws
> AuthenticationException{
>
> String user = ((UsernamePasswordCredentials)cred).getUsername();
> String pass = (UsernamePasswordCredentials)cred).getPassword();
>
> //retrieve the user password and expiration value that is stored in db
>
> if(pass.equals(passdb) && !passexpired)
> return true;
>
> return false;
> }
>
> Consider the use of an password encoder
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
