Details
-
Type:
Improvement
-
Status:
Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: security-0.4.5
-
Component/s: federatedaccounts, security
-
Labels:None
-
Number of attachments :
Description
After adding a new Realm to my project I've lost the ability to track
granular login exceptions.
When using only one Realm I'm able to catch and report
UnknownAccountException, IncorrectCredentialsException and
LockedAccountException, but when there is more than one Realm all
exceptions are just plain AuthenticationException.This issue also affects the federated-accounts Realms. In my project I
need to be able to differentiate between signups, signins and connect
account callbacks, but no matter what exception I throw from my
federate() method, all the exceptions get transformed into
AuthenticationException without any trace of the original exception.After a lot of digging around I finally found the culprit. The
AuthenticationStrategy !
All the AuthenticationStrategy implementations for MultipleRealms
completely ignore the exceptions. To workaround this I've implemented
my own AuthenticationStrategy, called FirstExceptionStrategy, that
works with multiple realms and throws the first exception it gets.
This approach works fine as long as there is only one Realm per Token
type.I think FirstExceptionStrategy should be the default
AuthenticationStrategy for projects with multiple realms using the
federated-accounts module.
fixed in r2374