1 Reply Latest reply on Jan 2, 2015 8:53 AM by stephan.prantl

    [Jboss AS 7.1.1 Final] Custom Login Module with custom error message always returns "Login Failure: all modules ignored".

    icemaker
    icemaker May 27, 2014 4:49 AM

      Hello,

       

      I have created a custom login module.

      It works great except that I want to return a custom error message when login fails.

       

      @Override
public boolean login() throws LoginException {
         .....
          if(!loginOk)
               throw new LoginException("MY_CUSTOM_ERROR_MESSAGE");
}

       

      I need to display this custom error message in a jsf page.

      So in my jsf bean i have this to get the message:

       

      public String getLoginFailureMessage(){
        Exception e =  (Exception) SecurityContextAssociation.getContextInfo("org.jboss.security.exception");
        
        if (e != null)
            return e.getMessage();
        else
            return null;
}

       

      The problem is that the exception message returned is always:

       

      Login Failure: all modules ignored


      If I look in my logs I always get two exceptions: one LoginException with my custom message followed by one LoginException with Login Failure: all modules ignored :


      10:43:15,862 ERROR [stderr] (http-0.0.0.0-0.0.0.0-8080-4) javax.security.auth.login.LoginException: MY_CUSTOM_ERROR_MESSAGE
10:43:15,864 ERROR [stderr] (http-0.0.0.0-0.0.0.0-8080-4)     at com.real.aof.security.login.LimitedAttemptsLoginModule.login(LimitedAttemptsLoginModule.java:57)
10:43:15,865 ERROR [stderr] (http-0.0.0.0-0.0.0.0-8080-4)     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
10:43:15,866 ERROR [stderr] (http-0.0.0.0-0.0.0.0-8080-4)     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
10:43:15,867 ERROR [stderr] (http-0.0.0.0-0.0.0.0-8080-4)     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
10:43:15,868 ERROR [stderr] (http-0.0.0.0-0.0.0.0-8080-4)     at java.lang.reflect.Method.invoke(Method.java:606)
10:43:15,868 ERROR [stderr] (http-0.0.0.0-0.0.0.0-8080-4)     at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)

...

10:43:15,891 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http-0.0.0.0-0.0.0.0-8080-4) Login failure: javax.security.auth.login.LoginException: Login Failure: all modules ignored
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:935) [rt.jar:1.7.0_25]

...

       

      How can I get my custom message instead when calling SecurityContextAssociation.getContextInfo("org.jboss.security.exception") ? Is it possible ?

      Is there any other way to do it ?

       

      Thanks a lot for any help