Quantcast

Authentication failure message

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Authentication failure message

axelF
This post has NOT been accepted by the mailing list yet.
Hello.

I'm using Shiro in a Web app, but it is not a JEE web app (java web services with jersey in server side, and HTML/JS/jQuery/CSS).

When the authentication fail in login page, at the moment, the login page is just reload... I want to display a message with the reason of the failure, but I don't really know how to use the formAuthenticationFilter in this purpose without JEE tags...
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authentication failure message

picpoc
This post has NOT been accepted by the mailing list yet.
Hi,

Shiro web module doesn't use JEE stuff, just plain old servlet API, and add some convenient tag support for JSP.

Upon a failed login attempt, the FormAuthenticationFilter will set the AuthenticationException full class name which was thrown from your realm(s) within an attribute of the current servlet request (which is by default "shiroLoginFailure"). Thus to detect a login failure, you can check for the non nullity of the attribute (and eventually the value if your realm manage meaningful subclasses of AuthenticationException):

      String authcExceptionClassName =  request.getAttribute("shiroLoginFailure");
      if (authcExceptionClassName != null)
      {
              // failure
      }

You can also take a look on the AuthenticationListener class if you want to perform stuff upon successfull/failure login attempts (like preparing a more meaningful error message which you will store/print on current response...).

Regards.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authentication failure message

axelF
This post has NOT been accepted by the mailing list yet.
Is there any way to get this attribute with jQuery (not in jsp)?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authentication failure message

axelF
This post has NOT been accepted by the mailing list yet.
Sorry for the necro, but we still have the problem. I will try to be more explicit.

We have a web application with a Java server using Jersey web services, and a plain HTML/Javascript client. No JSP are allowed in this project.

We have a login page with a simple form:

<form id="loginForm" action="" method="POST">...

The login features works fine. When We enter a valid credential, we are redirected to the index url. The problem is when the credentials are not valid. It just reload the login page without any information. We tried to understand how to access shiroLoginFailure attributes or using authenticationException, but we failed. We really want to explain the user why the access is not granted. Any help will be really appreciated.

Here is the main part of shiro.ini

[main]
authc.loginUrl = /login.html
authc.successUrl = /index.html
logout.redirectUrl=/login.html
authc.failureKeyAttribute = shiroLoginFailure
roles.unauthorizedUrl = /AccessDenied.html
perms.unauthorizedUrl = /AccessDenied.html
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
...
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authentication failure message

jim.piersol@gmail.com
Any new insights into this issue?  I am in need of accessing the Request attributes from plain JS as well.  Need a solution to get a message back to Login page without using JSP
Loading...