0 Replies Latest reply on Mar 14, 2003 12:28 PM by Holger Joest


    Holger Joest Newbie

      I'm using a custom login module that throws a javax.security.auth.login.FailedLoginException when the user typed an invalid password but throws a javax.security.auth.login.CredentialExpiredException when asking the user to change the password. Is it possible to find out which one has been thrown from the form-error-page?
      Looking at the sources, I couldn't find a solution yet.
      As far as I can perceive, all subclasses of LoginException get caught away in the method org.jboss.security.plugins.JaasSecurityManager.authenticate().
      Is that correct behaviour? I'm currently using JBoss 2.4.6 (+ Tomcat 4.0.3) but could migrate to 3.x.y if that would help.