Error handling with the custom login servlet

[Sudharshini]

we have a customized login form, login servlet. I am trying to redirect to a custom error page with a message in it.

Not really sure how to handle errors. So the login servlet has a method renderLoginErrorPage, I am trying to redirect to a customized error page (/site/loginerror whereas the default one is /login/j_security_check).

Basically when its redirected to  /site/loginerror the customized error page appears but i am not able to display the error messages in freemarker template(login_failure.ftl). Whats the best way to handle errors in this scenario.

Thanks,

Sudha

[Woonsan Ko]

Your custom LoginServlet can save the error messages in http session
attributes, and your rendering template for /site/loginerror can
probably render the error messages and remove the session attributes
afterward.

Regards,

Woonsan

>
> Thanks,
> Sudha
>
> --
> Hippo Community Group: The place for all discussions and announcements
> about Hippo CMS (and HST, repository etc. etc.)
>
> To post to this group, send email to hippo-c...@googlegroups.com
> RSS:
> https://groups.google.com/group/hippo-community/feed/rss_v2_0_msgs.xml?num=50
> ---
> You received this message because you are subscribed to the Google
> Groups "Hippo Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to hippo-communi...@googlegroups.com
> <mailto:hippo-communi...@googlegroups.com>.
> Visit this group at http://groups.google.com/group/hippo-community.
> For more options, visit https://groups.google.com/d/optout.


--
w....@onehippo.com www.onehippo.com
Boston - 745 Atlantic Ave, 8th Floor, Boston MA 02111
Amsterdam - Oosteinde 11, 1017 WT Amsterdam
US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466

[Sudharshini]

Thanks for the input. Currently the error message is the same for all types of failures. I am trying to return customized error message for each scenario. Basically the authentication provider returns different error messages based on the failure type(account locked, invalid username .. etc). Is there a way to show these custom error messages in the errorpage.

[Woonsan Ko]

If you can get the error info from the provider in your error handling jsp page, then you can probably use JSTL taglibs such as c:choose, fmt:setBundle, fmt:message, etc.
If using ftl, you can also use ftl expressions and model objects you can pass.

Woonsan
(Sent via my mobile device. Apologies for any typos.)
   

--

Hippo Community Group: The place for all discussions and announcements about Hippo CMS (and HST, repository etc. etc.)
 
To post to this group, send email to hippo-c...@googlegroups.com
RSS: https://groups.google.com/group/hippo-community/feed/rss_v2_0_msgs.xml?num=50
---
You received this message because you are subscribed to the Google Groups "Hippo Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hippo-communi...@googlegroups.com.

[Sudharshini]

I am not able to retrieve these error messages from the provider in the error page. Loginservlet enables form-based JAAS login, so not really sure how to pass these custom error messages to the error page. form-error-page in web.xml is set to /login/error, whenever I receive an error, how do I save these custom error messages and retrieve them in the error page.

[Woonsan Ko]

Now I think I understand your issue and start recalling the limitation of JAAS LoginModule. Basically JAAS LoginModule cannot access sevlet request or session so it's almost impossible to pass somethings to a servlet/jsp page.
I once thought about using thread local for that but it wasn't the way to go because it's not guaranteed by spec.
So what people usually choose for more flexibility is non-JAAS based authentication such as shiro, spring-security.

Ref) http://stackoverflow.com/questions/18201377/how-to-acess-httpservletrequest-in-jaas-login-module-in-tomcat