I have successfully implemented the Login using LoginOverlay in my Spring boot app (thanks for that, it is great). My one remaining issue is that in my AuthenticationProvider.authenticate method I throw some exceptions because we have a licencing system and I want to tell the user that they are using all their concurrent seats, or that their licence has expired. Currently the logon panel always says that same error (Incorrect username or password) no matter what exception I throw and what String I put into the exception. I understand that as a general rule we don’t want to give clues as to which user IDs are valid, but I can foresee frustration/help desk calls if the user is told that the username or password is incorrect when actually it is a licencing issue.
So, I’m wondering if there is a way to grab the thrown exception and the data in it so it can be displayed on the login panel. I’ve looked quite hard and can’t see a way. I have overridden methods beforeEnter and afterNavigation in my LoginView class and hoping to set the appropriate error text in one of those. I know how to do that, the problem is getting the thrown exception and data.
I think I have solved this now. In my LoginView class I use the afterNavigation method but now I don’t just rely upon the simple test for being in error, I now use:
//--------------------------------------------------------------------------
@Override
public void afterNavigation(AfterNavigationEvent event) {
boolean isError = event.getLocation().getQueryParameters().getParameters().containsKey("error");
if (isError) {
VaadinServletRequest vsr = VaadinServletRequest.getCurrent();
HttpServletRequest req = vsr.getHttpServletRequest();
javax.servlet.http.HttpSession sess = req.getSession();
AuthenticationException ex = (AuthenticationException) sess.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
if (ex == null) {
log.info("There is no exception");
mLogin.setError(false);
}
else {
setError(ex.getMessage()); // I have already internationalised my message
sess.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);// already reported so clear
}
}
}
//--------------------------------------------------------------------------
private void setError(String msg) {
log.info("The exception message is {}", msg);
LoginI18n i18n = LoginI18n.createDefault();
LoginI18n.ErrorMessage em = new LoginI18n.ErrorMessage();
em.setMessage(msg);
i18n.setErrorMessage(em);
mLogin.setI18n(i18n);
mLogin.setError(true);
}
It seems to work well in the testing I have done. One caveat though is that it now only shows the error thrown by my AuthenticationProvider.authenticate method and that, for my legacy system, includes exceptions like ‘Password invalid’. Our use is internal so it may not matter but for others I guess it will.