ExcessiveAttemptsException should extend AuthenticationException. On Fri, Jun 26, 2015 at 2:36 PM, Alexander Openkowski <[email protected] > wrote:
> Looking into the code that I think calls your overloaded doAuthenticate > method, it seems as if any exception that is not an > AuthenticationException is wrapped with one: > > See line 214: > > http://shiro.apache.org/static/1.2.3/apidocs/src-html/org/apache/shiro/authc/AbstractAuthenticator.html > > I do not recall the class hierarchy right now, but I think your realm > should extend from the AbstractAuthenticator, right? So my first guess > would be that you should also overload the authenticate method and > implement your desired behaviour there? I am not sure though if > something else will break when some exceptions other than > AuthenticationExceptions escape. > > On 06/26/2015 02:19 PM, kpenrose wrote: > > I'm using a single realm - jpa based, and as I said, authentication works > > correctly with my overloaded doAuthentication method (or whatever it's > > called). And, inside that method I find that a password change is > required, > > and I throw an ExcessiveAttemptsException, but the calling controller > for my > > UI only catches the base class AuthenticationException. Very strange > > behavior, and I can't figure it out, to say the least. > > Thanks. > > > > > > > > -- > > View this message in context: > http://shiro-user.582556.n2.nabble.com/ExcessiveAttemptsException-How-to-configure-tp4534742p7580589.html > > Sent from the Shiro User mailing list archive at Nabble.com. > > -- *Alessio Stalla* | Software Architect M: +39 340 7824743 | T: +39 010 566441 | F: +39 010 8900455 [email protected] | www.manydesigns.com MANYDESIGNS s.r.l. Via G. D'Annunzio, 2/51 | 16121 Genova (GE) | Italy
