1 Reply Latest reply on Jan 2, 2015 8:53 AM by Stephan Prantl

    [Jboss AS 7.1.1 Final] Custom Login Module with custom error message always returns "Login Failure: all modules ignored".

    Olivier Masseau Newbie

      Hello,

       

      I have created a custom login module.

      It works great except that I want to return a custom error message when login fails.

       

      @Override
      public boolean login() throws LoginException {
               .....
                if(!loginOk)
                     throw new LoginException("MY_CUSTOM_ERROR_MESSAGE");
      }
      

       

      I need to display this custom error message in a jsf page.

      So in my jsf bean i have this to get the message:

       

      public String getLoginFailureMessage(){
              Exception e =  (Exception) SecurityContextAssociation.getContextInfo("org.jboss.security.exception");
              
              if (e != null)
                  return e.getMessage();
              else
                  return null;
      }
      

       

      The problem is that the exception message returned is always:

       

      Login Failure: all modules ignored


      If I look in my logs I always get two exceptions: one LoginException with my custom message followed by one LoginException with Login Failure: all modules ignored :


      10:43:15,862 ERROR [stderr] (http-0.0.0.0-0.0.0.0-8080-4) javax.security.auth.login.LoginException: MY_CUSTOM_ERROR_MESSAGE
      10:43:15,864 ERROR [stderr] (http-0.0.0.0-0.0.0.0-8080-4)     at com.real.aof.security.login.LimitedAttemptsLoginModule.login(LimitedAttemptsLoginModule.java:57)
      10:43:15,865 ERROR [stderr] (http-0.0.0.0-0.0.0.0-8080-4)     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      10:43:15,866 ERROR [stderr] (http-0.0.0.0-0.0.0.0-8080-4)     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      10:43:15,867 ERROR [stderr] (http-0.0.0.0-0.0.0.0-8080-4)     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      10:43:15,868 ERROR [stderr] (http-0.0.0.0-0.0.0.0-8080-4)     at java.lang.reflect.Method.invoke(Method.java:606)
      10:43:15,868 ERROR [stderr] (http-0.0.0.0-0.0.0.0-8080-4)     at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
      
      ...
      
      10:43:15,891 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http-0.0.0.0-0.0.0.0-8080-4) Login failure: javax.security.auth.login.LoginException: Login Failure: all modules ignored
          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:935) [rt.jar:1.7.0_25]
      
      ...
      

       

      How can I get my custom message instead when calling SecurityContextAssociation.getContextInfo("org.jboss.security.exception") ? Is it possible ?

      Is there any other way to do it ?

       

      Thanks a lot for any help