Yes but why not just extend the FormAuthenticator ? Like done over at http://meri-stuff.blogspot.in/2011/03/apache-shiro-part-1-basics.html
Isn't there an easier way that programmatic login ? Also how would you implement Realms that can lock out users after a certain number of failed attempts ? On Thu, Sep 10, 2015 at 12:50 PM, scSynergy <[email protected]> wrote: > I think you would need to do programmatic login so that you can catch the > individual exceptions that may be thrown. > > public void login() { > try { > AuthenticationToken at = (new UsernamePasswordToken(username, > password, false)); > subject.login(at); > } catch (UnknownAccountException | IncorrectCredentialsException | > LockedAccountException ex) { > // do something here > } catch (AuthenticationException ex) { > // do something else here > } catch (IOException | DuplicateEntityException ex) { > LOG.log(Level.SEVERE, null, ex); > } > } > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Customizing-error-messages-for-FormAuthenticator-tp7580716p7580725.html > Sent from the Shiro User mailing list archive at Nabble.com. >
