I think this has to do with multi-realm authentication strategy. I am not sure offhand which class it is but I believe that you will need to override this class to get the exception handling you need. Take a look at the documentation and search for multi realm strategy and you will know which class to override. The default implementation hides specific exception of realm failure.
> On Jun 25, 2015, at 9:44 AM, kpenrose <[email protected]> wrote: > > I'm using Vaadin and have shiro authentication successfully working, but I'm > trying to set up a first-time user scenario where if there is a value in the > database set for first time login, I want to throw an exception from the > doGetAuthentication method that is caught in the login view, which causes a > change password dialog to be presented. > The problem I have is even though I have appropriated the > ExcessiveAttemptsException to do this, the try-catch clause in my login > presenter never catches the subclasses, it only ever catches the > AuthenticationException type. I have traced the execution, and I know that > I'm throwing the right type of exception, but I only ever catch the base > class. > Here's my try-catch clause: > > try { > subject.login(token); > if (subject.isAuthenticated()) { > logger.info("User Authenticated {}.", > subject.getPrincipal().toString()); > loggedInEvent.fire(new > UserLoggedInEvent(subject.getPrincipal().toString())); > } > } catch (UnknownAccountException uae) { > logger.info("Unknown Account: {}.", uae.toString()); > } catch (ExcessiveAttemptsException eae) { > // logger.info("User Authenticated {}.", > subject.getPrincipal().toString() + " but password change required."); > // loggedInEvent.fire(new > UserLoggedInEvent(subject.getPrincipal().toString(), true)); > UI.getCurrent().getNavigator().navigateTo("PasswordChange"); > } catch (IncorrectCredentialsException e) { > getView().showInvalidLoginNotification(e.getMessage()); > } > > As you can see I don't have a catch for the AuthenticationException, which > causes the Vaadin DefaultErrrorHandler to catch it, which just causes a > stack trace which produces the stock message that authentication could not > happen because the realm doesn't support it. > Any idea at all why the correct exception type doesn't make it to the > calling code? > > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/ExcessiveAttemptsException-How-to-configure-tp4534742p7580586.html > Sent from the Shiro User mailing list archive at Nabble.com. >
