I'm using Vaadin and have shiro authentication successfully working, but I'm
trying to set up a first-time user scenario where if there is a value in the
database set for first time login, I want to throw an exception from the
doGetAuthentication method that is caught in the login view, which causes a
change password dialog to be presented.
The problem I have is even though I have appropriated the
ExcessiveAttemptsException to do this, the try-catch clause in my login
presenter never catches the subclasses, it only ever catches the
AuthenticationException type. I have traced the execution, and I know that
I'm throwing the right type of exception, but I only ever catch the base
class.
Here's my try-catch clause:
try {
subject.login(token);
if (subject.isAuthenticated()) {
logger.info("User Authenticated {}.",
subject.getPrincipal().toString());
loggedInEvent.fire(new
UserLoggedInEvent(subject.getPrincipal().toString()));
}
} catch (UnknownAccountException uae) {
logger.info("Unknown Account: {}.", uae.toString());
} catch (ExcessiveAttemptsException eae) {
// logger.info("User Authenticated {}.",
subject.getPrincipal().toString() + " but password change required.");
// loggedInEvent.fire(new
UserLoggedInEvent(subject.getPrincipal().toString(), true));
UI.getCurrent().getNavigator().navigateTo("PasswordChange");
} catch (IncorrectCredentialsException e) {
getView().showInvalidLoginNotification(e.getMessage());
}
As you can see I don't have a catch for the AuthenticationException, which
causes the Vaadin DefaultErrrorHandler to catch it, which just causes a
stack trace which produces the stock message that authentication could not
happen because the realm doesn't support it.
Any idea at all why the correct exception type doesn't make it to the
calling code?
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/ExcessiveAttemptsException-How-to-configure-tp4534742p7580586.html
Sent from the Shiro User mailing list archive at Nabble.com.
