Sun One LDAP server 5.1/Weblogic 8.1 - Password Policy - trapping response codes in Weblogic - Weblogic

This is a discussion on Sun One LDAP server 5.1/Weblogic 8.1 - Password Policy - trapping response codes in Weblogic - Weblogic ; I've recently changed our application (running on Weblogic Server 8.1) from using an OpenLDAP LDAPAuthenticator to using Sun One Directory Server (v5.2) LDAPAuthenticator (nb based on the iPlanet template). We switched to Sun One so we can use password policies ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Sun One LDAP server 5.1/Weblogic 8.1 - Password Policy - trapping response codes in Weblogic

  1. Sun One LDAP server 5.1/Weblogic 8.1 - Password Policy - trapping response codes in Weblogic

    I've recently changed our application (running on Weblogic Server 8.1) from using an OpenLDAP LDAPAuthenticator to using Sun One Directory Server (v5.2) LDAPAuthenticator (nb based on the iPlanet template). We switched to Sun One so we can use password policies in LDAP to enforce rules such as password history list, force password change, lockout after a number of invalid attempts etc.
    How in my Weblogic app can I trap the different exceptions that may be raised by the password policy when the user tries to log on?
    Currently my jsp login page uses j_security_check and can distinguish whether the username/password combo is correct and allow/disallow access accordingly. I've tried adding an AuthFilter which calls weblogic.security.services.Authentication.login and then traps AccountExpiredException, CredentialExpiredException,FailedLoginException, LoginException. However, I only ever seem to get the FailedLoginException regardless of what passwordpolicy rule was violated.
    Has anyone got this working? Or, can suggest a way of implementing our requirement without writing too much code?

    thanks in advance, Martin

  2. Re: Sun One LDAP server 5.1/Weblogic 8.1 - Password Policy - trapping response codes in Weblogic

    You have to create your own authenticator, and have its login module return
    subclasses of FailedLoginException from login(). Based on the subclass, you
    can then determine the cause of the exception. We have done it this way, and
    it works. This involves a lot of coding, and is not too easy, unfortunately.
    Maybe there is something simpler and more elegant, but I don't know about
    it.

    The login() method itself will always return with a FailedLoginException, in
    case something goes wrong, even if the 'real' cause of the error was a
    nullpointer exception.

    Regards,

    Gabor

    "Martin" wrote in message news:40b73f61$1@mktnews1...
    > I've recently changed our application (running on Weblogic Server 8.1)

    from using an OpenLDAP LDAPAuthenticator to using Sun One Directory Server
    (v5.2) LDAPAuthenticator (nb based on the iPlanet template). We switched to
    Sun One so we can use password policies in LDAP to enforce rules such as
    password history list, force password change, lockout after a number of
    invalid attempts etc.
    > How in my Weblogic app can I trap the different exceptions that may be

    raised by the password policy when the user tries to log on?
    > Currently my jsp login page uses j_security_check and can distinguish

    whether the username/password combo is correct and allow/disallow access
    accordingly. I've tried adding an AuthFilter which calls
    weblogic.security.services.Authentication.login and then traps
    AccountExpiredException, CredentialExpiredException,FailedLoginException,
    LoginException. However, I only ever seem to get the FailedLoginException
    regardless of what passwordpolicy rule was violated.
    > Has anyone got this working? Or, can suggest a way of implementing our

    requirement without writing too much code?
    >
    > thanks in advance, Martin




  3. Re: Sun One LDAP server 5.1/Weblogic 8.1 - Password Policy - trapping response codes in Weblogic


    Thanks. However, I'm still a bit puzzled. I am calling weblogic.security.services.Authentication.login
    method from my AuthFilter (similar to calling it from a servlet filter) I would
    still have expected this to have returned the correct subclass of LoginException
    depending on what was wrong. I assumed that weblogic.security.services.Authentication.login
    would call the 'plugged' in SunOneLDAPAuthenticator. Any ideas?


    "Moos Gabor" wrote:
    >You have to create your own authenticator, and have its login module
    >return
    >subclasses of FailedLoginException from login(). Based on the subclass,
    >you
    >can then determine the cause of the exception. We have done it this way,
    >and
    >it works. This involves a lot of coding, and is not too easy, unfortunately.
    >Maybe there is something simpler and more elegant, but I don't know about
    >it.
    >
    >The login() method itself will always return with a FailedLoginException,
    >in
    >case something goes wrong, even if the 'real' cause of the error was
    >a
    >nullpointer exception.
    >
    >Regards,
    >
    >Gabor
    >
    >"Martin" wrote in message news:40b73f61$1@mktnews1...
    >> I've recently changed our application (running on Weblogic Server 8.1)

    >from using an OpenLDAP LDAPAuthenticator to using Sun One Directory Server
    >(v5.2) LDAPAuthenticator (nb based on the iPlanet template). We switched
    >to
    >Sun One so we can use password policies in LDAP to enforce rules such
    >as
    >password history list, force password change, lockout after a number
    >of
    >invalid attempts etc.
    >> How in my Weblogic app can I trap the different exceptions that may

    >be
    >raised by the password policy when the user tries to log on?
    >> Currently my jsp login page uses j_security_check and can distinguish

    >whether the username/password combo is correct and allow/disallow access
    >accordingly. I've tried adding an AuthFilter which calls
    >weblogic.security.services.Authentication.login and then traps
    >AccountExpiredException, CredentialExpiredException,FailedLoginException,
    >LoginException. However, I only ever seem to get the FailedLoginException
    >regardless of what passwordpolicy rule was violated.
    >> Has anyone got this working? Or, can suggest a way of implementing

    >our
    >requirement without writing too much code?
    >>
    >> thanks in advance, Martin

    >
    >



+ Reply to Thread