Is there a neater way to analyse the AuthenticationException for the error code?

Question

Is there a neater way to check the javax.naming.AuthenticationException (or spring) for the main failure reason? The different errors are desciribed in LDAP Wiki (Binding Errors).

The AuthenticationException provides no sufficient API to determine easily the error code. The only content is the exception message.

[LDAP: error code 49 - 80090308: 
 LdapErr: DSID-0C090334, 
 comment: AcceptSecurityContext error, data 773, vece]

The identifing block is the "data 773" – standing for the error ERROR_PASSWORD_MUST_CHANGE. But it feels very odd to me to check for message.contains("data 773")! Is there any better way to check the error code?

---

The snippet which throws the AuthenticationException is written with the org.springframework.security.ldap.DefaultSpringSecurityContextSource.

InitialLdapContext context = (InitialLdapContext) contextFactory
                     .getReadWriteContext(principal, password);

Answer 1

As far as I know, there is no better implementation for this. You could try providing a whole translation for the ldap error codes in an external file and use them to translate.

Answer 2

Unfortunately this is the only way I've seen it handled because the failure codes produced by the LDAP service I have experience with (Active Directory) always encodes the failure code in the message. Don't feel too bad even though it isn't a nice way to do things.