You can see from the reply above from Les Hazlewood that:
/Anyway, that exception exists but it is not thrown/managed at any
point by Shiro. It is there for your use as a convenience so you
don't have to create your own Exception class if you don't want to.
You would need to instantiate and throw it in your Realm's
doGetAuthenticationInfo method when appropriate. The reason Shiro
can't do this automatically is that this type of logic (lock account
after a certain number of times in a certain number of minutes) is
usually entirely dependent upon your application's User data model.
/
So here is my code for the overloaded function:
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken token) throws UnknownAccountException,
ExcessiveAttemptsException, IncorrectCredentialsException {
// null usernames are invalid
if (token == null) {
throw new AuthenticationException(
"PrincipalCollection method argument cannot be null.");
}
UsernamePasswordToken usernamePasswordToken =
(UsernamePasswordToken) token;
InventoryReportUser user =
service.getUserByUsername(usernamePasswordToken
.getUsername());
if (user == null) {
throw new UnknownAccountException("Could not find user");
}
if (user.isResetPasswordReqd()) {
throw new ExcessiveAttemptsException("Password change required",
new Throwable("Password change required")); //"Password change required");
}
if
(getCredentialsMatcher().doCredentialsMatch(usernamePasswordToken,
user.getAsAuthenticationInfo())) {
return user.getAsAuthenticationInfo();
}
throw new IncorrectCredentialsException("Failed to authenticate");
}
So you can see that I check for user.isResetPasswordReqd() which throws the
ExcessiveAttemptsException. However, my controller only receives the
AuthenticationException. Thing is, I can enter an invalid user id and
although stepping through the execution shows me that the
UnknownAccountException is thrown, I still receive the
AuthenticationException type in the controller.
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/ExcessiveAttemptsException-How-to-configure-tp4534742p7580592.html
Sent from the Shiro User mailing list archive at Nabble.com.
