← Back to team overview

dhis2-devs team mailing list archive

  1. dhis2-devs team
  2. Mailing list archive
  3. Message #26876

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 13308: changed to using securityexceptiontranslationhandler in security.xml, adds ?failed=true for wrong...

  Thread PreviousDate PreviousThread Next 
------------------------------------------------------------
revno: 13308
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Wed 2013-12-18 15:20:55 +0100
message:
  changed to using securityexceptiontranslationhandler in security.xml, adds ?failed=true for wrong username/password, ?expired=true for expired accounts
modified:
  dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml'
--- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml	2013-09-01 20:44:11 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml	2013-12-18 14:20:55 +0000
@@ -27,8 +27,8 @@
 
   <sec:http access-decision-manager-ref="accessDecisionManager" use-expressions="true" realm="DHIS2">
     <sec:form-login default-target-url="/" always-use-default-target="false"
+      authentication-failure-handler-ref="securityExceptionTranslationHandler"
       login-processing-url="/dhis-web-commons-security/login.action"
-      authentication-failure-url="/dhis-web-commons/security/login.action?failed=true"
       login-page="/dhis-web-commons/security/login.action"
       authentication-success-handler-ref="defaultAuthenticationSuccessHandler" />
     <sec:http-basic />
@@ -44,6 +44,16 @@
     <sec:custom-filter ref="customAuthenticationFilter" before="FORM_LOGIN_FILTER" />
   </sec:http>
 
+  <bean id="securityExceptionTranslationHandler"
+    class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler">
+    <property name="exceptionMappings">
+      <props>
+        <prop key="org.springframework.security.authentication.AccountExpiredException">/dhis-web-commons/security/login.action?expired=true</prop>
+      </props>
+    </property>
+    <property name="defaultFailureUrl" value="/dhis-web-commons/security/login.action?failed=true" />
+  </bean>
+
   <!-- Security : Action -->
   <bean id="restrictOrganisationUnitsAction" class="org.hisp.dhis.security.action.RestrictOrganisationUnitsAction"
     scope="prototype">
  Thread PreviousDate PreviousThread Next