Issue
I'm working with Spring Security 2.0.7. It had been implemented the UserDetailsService
with a preAuthenticatedUserDetailsService
bean.
It's working fine. Now I want to add a new custom error messages.
In the method loadUserByUsername
I want to add some custom bussines logic.
For ex. based on some attribute, I don't want the user to log in so I throw a UsernameNotFoundException
with a custom message.
Spring is the one who handdle the exception and set it to the session, but when I retrive the exception from the session with "SPRING_SECURITY_LAST_EXCEPTION" key I get a "Bad credentials" message.
At the moment is fixed with a nasty workarround, mostly I want to understand what happend!
Ideas?
Ps. I read a lot of this issue here in SO but mostly all with Spring security 3.0
Solution
Just to close it. As @M. Deinum mentioned in the comments. Spring handle this way for security purposes. The implementation can be seen in the ExceptionTranslationFilter class.
Answered By - Gonz
Answer Checked By - Gilberto Lyons (JavaFixing Admin)