It doesn't matter if you only have one realm, the logic flows through the org.apache.shiro.authc.pam.ModularRealmAuthenticator anyway. As you can see here: http://grepcode.com/file/repo1.maven.org/maven2/com.ning/metrics.collector/1.2.1/org/apache/shiro/authc/pam/ModularRealmAuthenticator.java#197 it swallows actual Realm-thrown exception and throws it's own version of AuthenticationException. You will have to override this behavior if you want get more granular exception handling
On Jun 26, 2015, at 8:19 AM, kpenrose wrote: > I'm using a single realm - jpa based, and as I said, authentication works > correctly with my overloaded doAuthentication method (or whatever it's > called). And, inside that method I find that a password change is required, > and I throw an ExcessiveAttemptsException, but the calling controller for my > UI only catches the base class AuthenticationException. Very strange > behavior, and I can't figure it out, to say the least. > Thanks. > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/ExcessiveAttemptsException-How-to-configure-tp4534742p7580589.html > Sent from the Shiro User mailing list archive at Nabble.com. >
