DEVHIDE
Login Or Sign up

Passing errors through login-config to form-error-page with JBOSS

794 Views Asked by At

I'm making a correction in an app of my company that uses JBOSS 4.2.

The change is in login page. We use login-config that connects to AD server using LDAP.

Works fine, but the problem is if the user account is expired or AD is offline or something else, the user will see a error page describing that "username/password is invalid" because the method of login-config returns a boolean that only means connected or not.

below is the actual login config

<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="requisite">
            <module-option name="password-stacking">useFirstPass</module-option>
            <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
            <module-option name="java.naming.provider.url">ldaps://XXXXX</module-option>
            <module-option name="java.naming.security.authentication">simple</module-option>
            <module-option name="allowEmptyPasswords">false</module-option>
            <module-option name="principalDNPrefix">XXX</module-option>
            <module-option name="principalDNSuffix">,XXXXX</module-option>
            <module-option name="matchOnUserDN">true</module-option>
        </login-module>

And the web-security xml

    <login-config>
    <auth-method>FORM</auth-method>    
    <form-login-config>     
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/login.jsp?invalidLogin=true</form-error-page>
    </form-login-config>
</login-config>

The question is: I want to show to the user what happened if an error occurs, example, if his account is inactive, I don't want to show "username/password invalid"

I made a custom class to handle login-config, called here Login, then the changes

<login-module code="package.Login" flag="requisite">

with this I can get the LDAP erros, but I can't pass to login error page, because the method that valid login is boolean:

below the method that JBOSS call to verify credentials:

  /** Validate the inputPassword by creating a ldap InitialContext with the
    SECURITY_CREDENTIALS set to the password.

    @param inputPassword the password to validate.
    @param expectedPassword ignored
    */
   protected boolean validatePassword(String inputPassword, String     expectedPassword)
   {

    }

Finally, it's possible to return custom errors messages to login-form error? Can be a workaround, since I have read that login-config does not provide a standard way to do this.

java jsp jboss ldap login-config.xml
Original Q&A
1

There are 1 best solutions below

1
On

I have done this once, but I cannot seem to find the code snippet anymore. What I recall, is that I had to call getValidateError() if the password check failed.

Something along the lines of

if ( validatePassword( pwd, null ) )
{
    // yeah
}
else
{
    Throwable e = getValidateError();
    // Now you can query the throwable for the cause and message
}

Let me know if this did not get you anywhere ;-)

Related Questions in JAVA

Related Questions in JSP

Related Questions in JBOSS

Related Questions in LDAP

Related Questions in LOGIN-CONFIG.XML

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.