Is there a neater way to analyse the AuthenticationException for the error code?_问答_开发者

Is there a neater way to analyse the AuthenticationException for the error code?

开发者 https://www.devze.com 2023-01-10 06:11 出处：网络

Is there a neater way to check the javax.naming.AuthenticationException (or spring) for the main failure reason? The different errors are desciribed in LDAP Wiki (Binding Errors).

Is there a neater way to check the javax.naming.AuthenticationException (or spring) for the main failure reason? The different errors are desciribed in LDAP Wiki (Binding Errors).

The AuthenticationException provides no sufficient API to determine easily the error code. The only content is the exception message.

[LDAP: error code 49 - 80090308: 
 LdapErr: DSID-0C090334, 
 comment: AcceptSecurityContext error, data 773, vece]

The identifing block is the "data 773" – standing for the error ERROR_PASSWORD_MUST_CHANGE. But it feels very odd to me to check for message.contains("data 773")! Is there any better way to check the error code?

The snippet which throws the开发者_运维问答 AuthenticationException is written with the org.springframework.security.ldap.DefaultSpringSecurityContextSource.

InitialLdapContext context = (InitialLdapContext) contextFactory
                     .getReadWriteContext(principal, password);

Unfortunately this is the only way I've seen it handled because the failure codes produced by the LDAP service I have experience with (Active Directory) always encodes the failure code in the message. Don't feel too bad even though it isn't a nice way to do things.

As far as I know, there is no better implementation for this. You could try providing a whole translation for the ldap error codes in an external file and use them to translate.