Hi Everyone, One of our authentication requirements is that we display dynamic error messages when a user fails to authenticate. In other words, consider a 'Soft Lockout' error message:
"This account has been locked because of too many failed authentication attempts. Please try again in <x> minutes" Where <x> is the actual number of minutes remaining until the soft lockout expires. Has anyone been able to implement something like this? So far I've only been able to come up with two different solutions, neither of which is workable: (1) When throwing an AuthenticationException, generate the actual error message and pass it to the constructor instead of an error code (2) Create a new type of exception that inherits from AuthenticationException, subclass AuthenticationViaFormAction and override the populateErrorsInstance() method, so that it contains logic that will detect the exception type and include the appropriate variables when building the error message. For (1), we wouldn't be able to localize the message because we don't have access to the request Locale, and (2) is just ugly and horrible. Any advice or suggestions would be greatly appreciated! Thanks so much for any help on this, --Ian Graham [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
