Menu
Is there a neater way to check the javax.naming.AuthenticationException (or spring) for the main failure reason? The different errors are desciribed in LDAP Wiki (Binding Errors).
The AuthenticationException provides no sufficient API to determine easily the error code. The only content is the exception message.
[LDAP: error code 49 - 80090308:
LdapErr: DSID-0C090334,
comment: AcceptSecurityContext error, data 773, vece]
The identifing block is the "data 773" – standing for the error ERROR_PASSWORD_MUST_CHANGE. But it feels very odd to me to check for message.contains("data 773")! Is there any better way to check the error code?
The snippet which throws the AuthenticationException is written with the org.springframework.security.ldap.DefaultSpringSecurityContextSource.
InitialLdapContext context = (InitialLdapContext) contextFactory
.getReadWriteContext(principal, password);
206
Unfortunately this is the only way I've seen it handled because the failure codes produced by the LDAP service I have experience with (Active Directory) always encodes the failure code in the message. Don't feel too bad even though it isn't a nice way to do things.
110
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
