1 Reply Latest reply on Oct 21, 2002 12:12 AM by Dave Nawara

    LoginException is suppressed by SecurityInterceptor

    Subu Anantharam Newbie

      We have a client application accessing EJBs. We have JAAS based security and everything is in place and getting called correctly.

      There is a custom ServerLoginModule that connects to a database to authenticate the user. If it is unable to authenticate the user, it throws a LoginException with a detailed message. However, the SecurityInterceptor suppresses this exception and replaces it with a SecurityException. So the client app is not able to display the detailed message to the user since it never gets it.

      Any ideas ?

      Thanks
      Subu

        • 1. Re: LoginException is suppressed by SecurityInterceptor
          Dave Nawara Newbie

          Hey all,

          We are having the same issue. Our system needs to catch these exceptions in order to know when to show a login screen (tomcat can't manage this, since we only have one JSP used to make calls on the backend).

          I was hoping this was similiar to how JBoss handles other exceptions, which is annoying but at least manageable, wherein it wraps them in Server and EJBExceptions (I assume JBoss does this so rollbacks get made?). Unfortunately, iterating through the causes of the exception, via exception.getCause(), isn't getting back to a SecurityException.

          Please help us to solve this issue! I'm researching on how to customize the SecurityInterceptor, but hoping there is an easier/cleaner way. I also really don't want to have to parse the exception message to make it work (although I'm just doing that for now so I can keep coding other stuff, but it's a pretty sad hack).

          Thanks in advance,
          Dave