Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is there a neater way to analyse the AuthenticationException for the error code?

Is there a neater way to check the javax.naming.AuthenticationException (or spring) for the main failure reason? The different errors are desciribed in LDAP Wiki (Binding Errors).

The AuthenticationException provides no sufficient API to determine easily the error code. The only content is the exception message.

[LDAP: error code 49 - 80090308: 
 LdapErr: DSID-0C090334, 
 comment: AcceptSecurityContext error, data 773, vece]

The identifing block is the "data 773" – standing for the error ERROR_PASSWORD_MUST_CHANGE. But it feels very odd to me to check for message.contains("data 773")! Is there any better way to check the error code?


The snippet which throws the AuthenticationException is written with the org.springframework.security.ldap.DefaultSpringSecurityContextSource.

InitialLdapContext context = (InitialLdapContext) contextFactory
                     .getReadWriteContext(principal, password);
like image 206
Christopher Klewes Avatar asked Aug 06 '10 07:08

Christopher Klewes


1 Answers

Unfortunately this is the only way I've seen it handled because the failure codes produced by the LDAP service I have experience with (Active Directory) always encodes the failure code in the message. Don't feel too bad even though it isn't a nice way to do things.

like image 110
Paul Jowett Avatar answered Oct 01 '22 01:10

Paul Jowett