java getSession().setAttribute()

Question

I have to make a litle change to an existing project(tomcat and java WebApplication). now, in loginForm, if users type correct login and password, it is Ok, to users wil be shown main page. But when any user types incorrect password, or may be his account is temporarily locked, so to user again wil be shown loginform, user can not know why he cannot log in, by what cause he can not login. (for example "invalid username/password","user account locked",...). now i want to insert the session error message that includes also causes of why user cannot log in. insert(save) to session an attribute named "LoggingError". i am writing as:

request.getSession().setAttribute("LoggingError", message);

but i does not compile.

also i can send whole java file.

Newer entered:

I am sorry, i was wrong in the question. my code is compiling normally, but when running application, in this line

request.getSession().setAttribute("LoggingError", message);

occurs error in web page:

type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
java.lang.NullPointerException
    com.se.eee.security.EeeAuthenticationProvider.authenticate(EeeAuthenticationProvider.java:153)
    net.sf.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:159)
    net.sf.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:49)
    net.sf.ace
...
...

here java code of EeeAuthenticationProvider.java

package com.se.eee.security;

import net.sf.acegisecurity.*;
import net.sf.acegisecurity.providers.AuthenticationProvider;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import net.sf.acegisecurity.providers.dao.User;
import net.sf.acegisecurity.providers.dao.UsernameNotFoundException;
import net.sf.acegisecurity.providers.dao.event.*;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import com.se.eee.bus.*;
import com.se.eee.bus.SecurityManager;
import com.se.spring.datasource.core.MakeConnectionException;
import com.se.spring.ext.CurrentRequestContext;
import com.opensymphony.webwork.interceptor.SessionAware;
import com.opensymphony.webwork.interceptor.ServletRequestAware;

import javax.servlet.http.HttpServletRequest;
import java.util.Map;

public class EeeAuthenticationProvider implements AuthenticationProvider, SessionAware, ServletRequestAware {
  private static Log log = LogFactory.getLog(EeeAuthenticationProvider.class);
  private JDBCProperties jdbcProp;
  private ApplicationContext context;
  private SecurityManager securityManager;
  private HttpServletRequest request;

  public void setServletRequest(HttpServletRequest req) {
          this.request = req;
  }
  public void setSession(Map session) {
        //To change body of implemented methods use File | Settings | File Templates.
  }

  public void setSecurityManager(SecurityManager securityManager) {
    this.securityManager = securityManager;
  }

  public void setApplicationContext(ApplicationContext applicationContext)
      throws BeansException {
    this.context = applicationContext;
  }

  public void setJdbcProp(JDBCProperties jdbcProp) {
        this.jdbcProp = jdbcProp;
  }

  public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    // Determine username
    // log.warn((authentication.isAuthenticated()?"Already Authenticated. Skip it!":"")+"authenticate: "+authentication);
  if(authentication.isAuthenticated()) {
      //log.warn("Already Authenticated. Skip it!");
    return authentication;
  }
  String username = "NONE_PROVIDED";

  if (authentication.getPrincipal() != null) {
    username = authentication.getPrincipal().toString();
  }

  if (authentication.getPrincipal() instanceof UserDetails) {
    username = ((UserDetails) authentication.getPrincipal()).getUsername();
  }

  UserDetails user = null;
  com.se.eee.bus.User principal=null;

  try
    {
      JDBCProperties props = jdbcProp.deserialize();
      String input_passwords= authentication.getCredentials().toString();
      String[] psd = input_passwords.split(":");
      Filial fil = props.getFilial(psd[1]);

      String sgn = input_passwords;
      int i= sgn.indexOf(":", 1);
      sgn = sgn.substring(i+1,sgn.length());
      i= sgn.indexOf(":", 1);
      sgn = sgn.substring(i+1,sgn.length());

      if(fil==null)username=null;
      securityManager.makeConnect(username, psd[0], fil);
      user=new User(username, "skipped",true,true,true,true, new  GrantedAuthority[]{new GrantedAuthorityImpl("ROLE_USER")});
      //set connection for DataSource
      ContextDataBean dataBean=(ContextDataBean)CurrentRequestContext.get();
      dataBean.setUserKey(username+fil.id);

      principal=securityManager.getUserByLogin(username.toUpperCase());
      if(principal == null) throw new UsernameNotFoundException("Couldn't login.");

      principal.setLogin(username);
      principal.setPassword("******");
      //principal.setBranch(fil.id);

      if (principal.getBanktype().equals("055"))
      {
        if ( sgn!=null && sgn.length() != 0)
        {
            securityManager.insUserKey(principal.getBranch(), principal.getId(), sgn);
            com.se.eee.bus.Document docum = new com.se.eee.bus.Document();
            docum.setBranch(principal.getBranch());
            docum.setEmpId(principal.getId());
            docum.setErrCode("991");
            docum = securityManager.getAnswerUserKey(docum);
            if (!docum.getErrCode().equals("000")) throw new UsernameNotFoundException("Key code error. User: "+principal.getLogin());
        }
        else
        {
            throw new UsernameNotFoundException("error while inserting test key code. please touch i-key or check loginform.ftl. user: "+principal.getLogin());
        }
      }
    }
  catch (MakeConnectionException mex)
    {
      log.error(mex.getMessage());
      if (this.context != null) {
        context.publishEvent(new AuthenticationFailureUsernameOrPasswordEvent(authentication, new User("".equals(username)? "EMPTY_STRING_PROVIDED" : username, "*****", false, false, false, false, new GrantedAuthority[0])));
      }
      throw new BadCredentialsException("Couldn't login connection problem.");
    }
  catch(Exception ex)
  {
    Throwable cause=ex.getCause();
    String message=null;
    if(cause!=null)message = cause.getMessage();
    else message = ex.toString();
    log.error(message);

// здес я пытаюс написать в session
 request.getSession().setAttribute("LoggingError", message);
// но код не компилируется

    throw new UsernameNotFoundException("Couldn't login.");
  }
  return createSuccessAuthentication(principal, authentication, user);

  }
  protected Authentication createSuccessAuthentication(Object principal, Authentication authentication, UserDetails user) {
      UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(principal, authentication.getCredentials(), user.getAuthorities());
      result.setDetails((authentication.getDetails() != null) ? authentication.getDetails() : null);
      result.setAuthenticated(true);
      return result;
  }

  public boolean supports(Class aClass) {
    if (UsernamePasswordAuthenticationToken.class.isAssignableFrom(aClass)) return true;
    return false;
  }
}

Answer 1

If your request object is a HttpServletRequest object then this should work.

If this isn't the problem can you send the exact code snippet (shouldn't need the whole program) and the exact error message?