Thanks for the response, Deep. Comments inline...
Ratnadeep Bhattacharjee wrote:
> Kenneth Suter wrote:
>> Resent with the mentioned screenshot...
>>
>> Kenneth Suter wrote:
>>> Hello,
>>>
>>> Is there a way to control the messages that are rendered by the
>>> login component? There seems to be two different problems. I am
>>> using a custom JAAS login module and the default controller:
>>>
> Looking at the image that you sent there is definitely an issue
> somewhere. Is this a facelets environment that you are dealing with?
No. Given the problems we have been having with Woodstock and Facelets
we have converted to JSP view handling.
>>> - The inline alert if rendered below the login components and there
>>> is no space between the buttom button and the alert. The web
>>> application guidelines specify that the message should appear above
>>> the form area's field labels and below the product name image.
>>>
> Thats correct and the HTML template for the login widget has the alert
> message above the form data.
>>> - I cannot figure out how to specify the text that is part of the
>>> alert. Whenever there is a problem (not matter what the problem)
>>> the message text appears as it does in the attached screenshot. It
>>> looks like there is a bug in
>>> JaasLoginController.handleCommunication() that overwrites the
>>> message if the exception is _not_ null. It seem like the default
>>> message text should appear if the if the exception _is_ null.
>>>
> if (lcb != null) {
> LoginConstants.LOGINSTATE loginState = lcb.getLoginState();
> if (loginState.equals(LoginConstants.LOGINSTATE.FAILURE)) {
> Exception ex =
>
> (Exception)(session.getAttribute(LoginConstants.LOGINEXCEPTION));
> if (ex != null) {
> lcb.setMessage("ERROR", "login.errorSummary",
> "login.errorDetail");
> }
> ......
>
>
> The handleCommunication() method seems to be doing the right thing. It
> creates a generic error message when the authentication process ends
> with an exception. If your LoginModule implementation threw an
> exception then you can see that exception in the log files. The user
> will see only the generic alert message. This was done on purpose. You
> could file a bug if you want that changed.
OK I'll file a bug.
>
>
> One way you could deal with this scenario is to handle the error in
> the LoginModule implementation as opposed to delegating it to JAAS.
> Simply send another callback object with custom alert messages when
> authentication fails without throwing exceptions. Once the user has
> failed n times (n=3, say) throw a LoginException which will stop the
> authentication process.
This goes against what I understand to be best practice for developing a
JAAS login module. See
http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASLMDevGuide.html
and search for the first occurrence of the word 'retry'.
>
> However, none of this should affect the layout of the alert message on
> the browser window! If you have a JSP environment where yo can
> simulate this behavior please file a bug with your example app and we
> will take a look.
OK I'll file a bug for this as well.
-Kenneth
>
> -Deep.
>
>>> -Kenneth
>>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> ------------------------------------------------------------------------
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_woodstock.dev.java.net
>> For additional commands, e-mail: users-help_at_woodstock.dev.java.net
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_woodstock.dev.java.net
> For additional commands, e-mail: users-help_at_woodstock.dev.java.net
>