Hi
I'm using the standard JNDIRealm class to authenticate users. However if
the login is unsuccessful, I am unable report the *reason* for the
failure.
The code for JNDIRealm.java tries to return a valid Principal object.
If logging on fails - which could be for several reasons e.g. bad
password, account expired, password needs changing etc - then the
exception is caught, logged, and then forgotten. The authenticate method
just returns a null Principal object.
So, by the time the request gets to the 'error' JSP, all I can report to
the user is that there was some kind of problem - not what the problem
was.
I was thinking of writing my own Realm class which did the same, but
threw the exception if one occurred. Unfortunately this would break the
contract with the RealmBase class I think (abstract methods).
From reading the Servlet spec, it suggests that the failure information
*should* be available:
"The error page sent to a user that is not authenticated
contains information about the failure."
Does anyone have any advice / solved this problem before? Appreciate any
feedback
Thanks
Richard Gundersen
As a responsible corporate citizen, London Scottish Bank plc asks you to
consider the environment before printing this email.
*** Disclaimer ***
This electronic communication is confidential and for the exclusive use of the
addressee. It may contain private and confidential information. The
information, attachments and opinions contained in this E-mail are those of its
author only and do not necessarily represent those of London Scottish Bank PLC
or any other members of the London Scottish Group.
If you are not the intended addressee, you are prohibited from any disclosure,
distribution or further copying or use of this communication or the information
in it or taking any action in reliance on it. If you have received this
communication in error please notify the Information Security Manager at [EMAIL
PROTECTED] as soon as possible and delete the message from all places in your
computer where it is stored.
We utilise virus scanning software but we cannot guarantee the security of
electronic communications and you are advised to check any attachments for
viruses. We do not accept liability for any loss resulting from any corruption
or alteration of data or importation of any virus as a result of receiving this
electronic communication.
Replies to this E-mail may be monitored for operational or business reasons.
London Scottish Bank PLC is regulated by the Financial Services Authority.
London Scottish Bank plc, Registered Office: 201 Deansgate, Manchester M3 3NW
Registered Number 973008 England.
Subsidiary Companies:-
London Scottish Finance Limited, Registered Office: 201 Deansgate, Manchester
M3 3NW Registered Number 233259 England.
London Scottish Broking Limited, Registered Office: 201 Deansgate, Manchester
M3 3NW Registered Number 230110 England.
London Scottish Invoice Finance Limited, Registered Office: 201 Deansgate,
Manchester M3 3NW Registered Number 2643766 England.
Robinson Way & Company Limited, Registered Office: 201 Deansgate, Manchester M3
3NW Registered Number 885896 England.
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
---------------------------------------------------------------------
To start a new topic, e-mail: [email protected]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
