Is there a neater way to check the javax.naming.AuthenticationException
(or spring) for the main failure reason? The different errors are desciribed in LDAP Wiki (Binding Errors).
The AuthenticationException provides no sufficient API to determine easily the error code. The only content is the exception message.
[LDAP: error code 49 - 80090308:
LdapErr: DSID-0C090334,
comment: AcceptSecurityContext error, data 773, vece]
The identifing block is the "data 773" – standing for the error ERROR_PASSWORD_MUST_CHANGE
. But it feels very odd to me to check for message.contains("data 773")
! Is there any better way to check the error code?
The snippet which throws the AuthenticationException
is written with the org.springframework.security.ldap.DefaultSpringSecurityContextSource
.
InitialLdapContext context = (InitialLdapContext) contextFactory
.getReadWriteContext(principal, password);
Unfortunately this is the only way I've seen it handled because the failure codes produced by the LDAP service I have experience with (Active Directory) always encodes the failure code in the message. Don't feel too bad even though it isn't a nice way to do things.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With