Hook into LDAP Errors
Ryan Andreasen
ryan.andreasen at gmail.com
Fri Sep 12 18:13:46 EDT 2008
Our organization wants to be able to expire passwords, lock out accounts,
etc. I have seen some discussion about expiring passwords but haven't found
a clear cut way of handling them. Currently I am using the
FastBindLDAPAuthenticator to do our ldap bind. This is working great,
except that if the login fails for any reason, the login page is shown
again. I need to be able to hook into the ldap exception coming back from
the ldap bind, and depending on the ldap error code show them a different
page or else the login page again.
I have found that the actual ldap exception (NamingException) gets handled
in the org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource
class. However, it eats the NamingException and just throws a
DataAccessResourceFailureException. This exception percolates up to the
FastBindLdapAuthenticationHandler, and then back up (eventually) to the
AuthenticationViaFormAction class which populates the ErrorInstance, and
sets the spring Event to error. So I think I know how the current process
is working and would like to get everyone's idea on the best way to hook in
what I want.
Another question I had is how do you get the Errors (that are set in
AuthenticationViaFormAction) in a different class? Is there a way to get at
them?
First, I would really like to not modify any of the cas-server-core code. I
guess I could basically write my own classes that do the same things as the
FastBindLdapAuthenticationHandler & AuthenticatedLdapContextSource but that
keeps the NamingException around rather than eating it, but this doesn't
really sound right to me.
Second, I would really like to somehow just hook into the spring webflow and
insert my code to check the NamingException and redirect to the correct page
based on it.
I hope this makes sense; I am just looking to see what the best way to
accomplish this might be.
--
View this message in context: http://www.nabble.com/Hook-into-LDAP-Errors-tp19465040p19465040.html
Sent from the CAS Users mailing list archive at Nabble.com.
More information about the cas
mailing list