2 Replies Latest reply on Sep 22, 2007 6:28 AM by Terry

    Exception thrown from Authenticator.authenticate method

    Terry Apprentice

      Someone please help. I throw an exception from Authenticator.authenticate and would like to capture it in pages.xml file to redirect to a custom page. However it doesn't work as expected.

      The exception thrown appears in logs but it doesn't redirect to the page specified in the pages.xml file. Seam treats my exception same as returning false from the authenticate method, meaning login failed and displays faces message.

      Authenticator class:

      public boolean authenticate() {

      ...

      if ("locked".equalsIgnoreCase(organisationUser.getStatus())) {

      FacesMessages.instance().addFromResourceBundle("mypackage.test", identity.getUsername());
      throw new UserAccountLockedException("Your account is currently locked.");
      }
      ...
      return true;
      }

      pages.xml
      [exception class="mypackage.UserAccountLockedException"]
      [redirect view-id="/error.xhtml"]
      [message] Account locked [/message]
      [ /redirect]
      [/exception]

      [ and ] only to allow pasting xml here, they meant to bes < and >.

      It doesn't redirect to /error.xml page. It just stays on login page and displayes my message from messages_en.properties file.

      Do I need to do something else to make my exception entry in pages.xml to work???

        • 1. Re: Exception thrown from Authenticator.authenticate method
          Shane Bryzak Master

          Authentication is performed within the context of a JAAS login, so we are restricted by the contract of the LoginModule.login() method, which specifies that only a LoginException be thrown if authentication fails. Unfortunately, LoginException only allows a message to be specified and no actual cause, otherwise it would be possible to extend Identity and override its login() method to unwrap the actual exception and re-throw it.

          What you could possibly do as an alternative is store the account status in the request context, then create navigation rules in your pages.xml to redirect to certain pages based on that status.

          • 2. Re: Exception thrown from Authenticator.authenticate method
            Terry Apprentice

            Shane

            Thanks for the tip, it worked. I added method in Authenticator class as below:

            public boolean isLocked() {
            ...
            return boolean;
            }

            and then added following page navigation rule

            navigation from-action="#{identity.login}"

            rule if="#{not identity.loggedIn and authenticator.locked}"
            redirect view-id="/error.xhtml"/
            /rule

            rule if="#{identity.loggedIn}"
            redirect view-id="/home.xhtml"/
            /rule

            /navigation


            Although it took me a while to figure out that 'locked' in 'authenticator.locked' is supposed to a method 'isLocked()' in its class.