You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Sreyan Chakravarty <sr...@gmail.com> on 2015/09/09 19:38:18 UTC

Customizing error messages for FormAuthenticator

Is there any way in Apache Shiro to customize the error message that is
given during an invalid login ?

What I want to do is -:

When an user gives invalid credentials it may happen that the user-id does
not exist, the user will be redirected to the login page with an error
message possibly appended in the URL or part of the request body taht says
something like-:

"Invalid User Credentials. Please try again".

Where and how would I do this ? Is there any way I could do this in the
FormAuthenticator ?

Would a PassThruAuthenticationFilter be of any help in this scenario ?

Re: Customizing error messages for FormAuthenticator

Posted by Sreyan Chakravarty <sr...@gmail.com>.

How would you implement LockOutRealms in Shiro ?

On Thu, Sep 10, 2015 at 5:46 PM, Sreyan Chakravarty <
sreyan.mailing@gmail.com> wrote:

> Yes but why not just extend the FormAuthenticator ? Like done over at
> http://meri-stuff.blogspot.in/2011/03/apache-shiro-part-1-basics.html
>
> Isn't there an easier way that programmatic login ?
>
> Also how would you implement Realms that can lock out users after a
> certain number of failed attempts ?
>
> On Thu, Sep 10, 2015 at 12:50 PM, scSynergy <ro...@scsynergy.de>
> wrote:
>
>> I think you would need to do programmatic login so that you can catch the
>> individual exceptions that may be thrown.
>>
>> public void login() {
>>         try {
>>             AuthenticationToken at = (new UsernamePasswordToken(username,
>> password, false));
>>             subject.login(at);
>>         } catch (UnknownAccountException | IncorrectCredentialsException |
>> LockedAccountException ex) {
>>             // do something here
>>         } catch (AuthenticationException ex) {
>>             // do something else here
>>         } catch (IOException | DuplicateEntityException ex) {
>>             LOG.log(Level.SEVERE, null, ex);
>>         }
>> }
>>
>>
>>
>> --
>> View this message in context:
>> http://shiro-user.582556.n2.nabble.com/Customizing-error-messages-for-FormAuthenticator-tp7580716p7580725.html
>> Sent from the Shiro User mailing list archive at Nabble.com.
>>
>
>

Re: Customizing error messages for FormAuthenticator

Posted by Sreyan Chakravarty <sr...@gmail.com>.

Yes but why not just extend the FormAuthenticator ? Like done over at
http://meri-stuff.blogspot.in/2011/03/apache-shiro-part-1-basics.html

Isn't there an easier way that programmatic login ?

Also how would you implement Realms that can lock out users after a certain
number of failed attempts ?

On Thu, Sep 10, 2015 at 12:50 PM, scSynergy <ro...@scsynergy.de>
wrote:

> I think you would need to do programmatic login so that you can catch the
> individual exceptions that may be thrown.
>
> public void login() {
>         try {
>             AuthenticationToken at = (new UsernamePasswordToken(username,
> password, false));
>             subject.login(at);
>         } catch (UnknownAccountException | IncorrectCredentialsException |
> LockedAccountException ex) {
>             // do something here
>         } catch (AuthenticationException ex) {
>             // do something else here
>         } catch (IOException | DuplicateEntityException ex) {
>             LOG.log(Level.SEVERE, null, ex);
>         }
> }
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Customizing-error-messages-for-FormAuthenticator-tp7580716p7580725.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>

Re: Customizing error messages for FormAuthenticator

Posted by scSynergy <ro...@scsynergy.de>.

I think you would need to do programmatic login so that you can catch the
individual exceptions that may be thrown.

public void login() {
        try {
            AuthenticationToken at = (new UsernamePasswordToken(username,
password, false));
            subject.login(at);
        } catch (UnknownAccountException | IncorrectCredentialsException |
LockedAccountException ex) {
            // do something here
        } catch (AuthenticationException ex) {
            // do something else here
        } catch (IOException | DuplicateEntityException ex) {
            LOG.log(Level.SEVERE, null, ex);
        }
}



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Customizing-error-messages-for-FormAuthenticator-tp7580716p7580725.html
Sent from the Shiro User mailing list archive at Nabble.com.