Spring Database Authentication Exception Handling? -


i'm using spring authentication against oracle database temporary users. these users assigned numeric id can user log limited web site. working fine, know users @ point type in user name instead of numeric id (i've done myself while testing!). since database column i'm authenticating against number, ugly http status 401 page sqlsyntaxerrorexception saying typed in invalid number (which is).

is there way handle gracefully? example, spring has exceptionmappingauthenticationfailurehandler allows map various types of authentication exceptions web pages can redirect user meaningful error page, , we're using things badcredentialsexception. appears can't use old type of excpetion here, though, because tried adding java.sql.sqlsyntaxerrorexception , didn't change anything. there similar spring class allow catch other types of exceptions? or not configuring right? here's have:

<bean id="authenticationfailurehandler" class="org.springframework.security.web.authentication.exceptionmappingauthenticationfailurehandler>    <property name="exceptionmappings">       <props>          <!-- spring exception types work fine... -->          <prop key="org.springframework.security.authentication.badcredentialsexception">             /login/bad credentials          </prop>          <prop key="org.springframework.security.authentication.credentialsexpiredexception">             /login/expired credentials          </prop>          <prop key="org.springframework.security.authentication.lockedexception">             /login/account locked          </prop>          <prop key="org.springframework.security.authentication.disabledexception">             /login/account disabled          </prop>          <!-- ...but 1 doesn't anything! -->          <prop key="java.sql.sqlsyntaxerrorexception">             /login/use numeric id          </prop>       </props>    </property>  <bean>

i'd keep database column defined number. easy solution make varchar put numeric data in it, that's kind of ugly. nice have unified way handle authentication exceptions, , we're using spring handler.

thanks in advance!

rather dealing exception of having string compared against number should handle before get's validated. possible options are:

  1. modify login controller reject attempts login non-numeric user ids. if you're using built in controller in spring security more of pain option #2.

  2. modify userdetailsservice reject attempts load users non-numeric usernames. have throw usernamenotfoundexception if username not valid.

  3. reject login attempt purely on client — bad idea things should happen on server side. i'm suggesting if modifying server side not possible. fyi, javascript regex validation before login form submission. should work in cases though not work if client has javascript disabled.


Comments

Post a Comment

Popular posts from this blog

python - How to create a legend for 3D bar in matplotlib? -

Image
given ax = plt.subplot() : ax.bar()[0] can passed plt.legend() . however, ax.bar3d() returns none . how create legend displayed bars? update: passing legend="stuff" ax.bar3d() , calling ax.legend() raises /usr/lib/python2.6/site-packages/matplotlib/axes.py:4368: userwarning: no labeled objects found. use label='...' kwarg on individual plots. warnings.warn("no labeled objects found. " you need use proxy artist legends not supported. this code: from mpl_toolkits.mplot3d import axes3d import matplotlib.pyplot plt import numpy np fig = plt.figure() ax = fig.add_subplot(111, projection='3d') x, y = np.random.rand(2, 100) * 4 hist, xedges, yedges = np.histogram2d(x, y, bins=4) elements = (len(xedges) - 1) * (len(yedges) - 1) xpos, ypos = np.meshgrid(xedges[:-1]+0.25, yedges[:-1]+0.25) xpos = xpos.flatten() ypos = ypos.flatten() zpos = np.zeros(elements) dx = 0.5 * np.ones_like(zpos) dy = dx.copy() dz = hist.flatten() ax...
Read more

java - Multi-Label Document Classification -

i have database in store data based upon following 3 fields: id, text, {labels}. note each text has been assigned more 1 label \ tag \ class. want build model (weka \ rapidminer \ mahout) able recommend \ classify bunch of labels \ tags \ classes given text. i have heard svm , naive bayes classifier, not sure whether support multi-label classification or not. guides me right direction more welcome! the basic multilabel classification method one-vs.-the-rest (ovr), called binary relevance (br). basic idea take off-the-shelf binary classifier, such naive bayes or svm, create k instances of solve k independent classification problems. in python-like pseudocode: for each class k: learner = svm(settings) # example labels = [class_of(x) == k x in samples] learner.learn(samples, labels) then @ prediction time, run each of binary classifiers on sample , collect labels predict positive. (both training , prediction can done in parallel, since problems assumed ...
Read more

php - Dynamic url re-writing using htaccess -

how can rewrite http://mydomain.com/test/master.php?catid=2&subcatid=8 http://mydomain.com/test/master.php/catname/subcat using .htaccess file. once rewritten, how can access these parameters in master.php? note: untested, let me know if doesn't work. rewriterule ^master.php/([a-za-z0-9_-]+)/([a-za-z0-9_-]+)$ /master.php?catid$1&subcatid=$2 [l]
Read more