Shiro Web Authentication Exception Handling

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Shiro Web Authentication Exception Handling

M.C. Wilson
Greetings,

First, thanks for all of your hard work on Shiro! This is my first time using it, and already I have gained a great appreciation for the functionality that it offers.

I have a question... With my web app, the login page is a JSP, and I have two realms that are checked. This is an intranet app, so if login fails, I need to inform the user why it failed so she knows who to contact to resolve the problem. However, I don't know how to determine, from the login page, what caused authentication to fail. The documentation suggests that the only way to determine this is to execute the login method yourself inside of a try-catch, but I am not explicitly executing the login method anywhere in my app.

Is there another way to determine what caused authentication to fail? Thanks very much!

-M.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Shiro Web Authentication Exception Handling

pmac
This post has NOT been accepted by the mailing list yet.
why are you using two realms for authentication and what types of realms are they?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Shiro Web Authentication Exception Handling

Manoj Khangaonkar
In reply to this post by M.C. Wilson
Hi,

Assuming you are using say the FormAuthenticationFilter, When
authentication fails, the name
of the exception class is added as an attribute to the request. The
attribute name is shiroLoginFailure.

If your login page is a JSP, you can write code like

<c:if test="${shiroLoginFailure eq
'org.apache.shiro.authc.IncorrectCredentialsException'}">
  The password you entered is incorrect!!!!
</c:if>

to inform the user why the login failed.

On Fri, Sep 16, 2011 at 12:05 PM, M.C. Wilson <[hidden email]> wrote:

> Greetings,
>
> First, thanks for all of your hard work on Shiro! This is my first time
> using it, and already I have gained a great appreciation for the
> functionality that it offers.
>
> I have a question... With my web app, the login page is a JSP, and I have
> two realms that are checked. This is an intranet app, so if login fails, I
> need to inform the user why it failed so she knows who to contact to resolve
> the problem. However, I don't know how to determine, from the login page,
> what caused authentication to fail. The documentation suggests that the only
> way to determine this is to execute the login method yourself inside of a
> try-catch, but I am not explicitly executing the login method anywhere in my
> app.
>
> Is there another way to determine what caused authentication to fail? Thanks
> very much!
>
> -M.
>



--
http://khangaonkar.blogspot.com/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Shiro Web Authentication Exception Handling

jim.piersol@gmail.com
Old Thread I know....   But is there a way to get to these Request Attributes from plain JS vs JSP ?  We don't want to use a JSP, but need to get to this attribute, if it s available somehow from JS.
Loading...