Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1940: ProviderManager does not publish AccountStatusException #2166

spring-issuemaster opened this Issue Mar 10, 2012 · 4 comments


None yet
2 participants

Emerson Farrugia (Migrated from SEC-1940) said:

When using a simple configuration, an authentication provider throwing a LockedException doesn't cause an AuthenticationFailureLockedEvent to be published. The writeup's in the Spring forum reference. I can't be sure this is a bug, but it seems too weird to be expected behavior.

Rob Winch said:

Providing an example configuration would like speed up the ability to fix this.

David Kerwick said:

Hi I've also come across the same issue

I have a listener class like below

public class AuthenticationLockedListener implements ApplicationListener<AuthenticationFailureLockedEvent> {

    public void onApplicationEvent(AuthenticationFailureLockedEvent event) {
        logger.debug("In the onApplicationEvent");

In my userDetailsService I throw a

throw new LockedException("User account suspended");

The above listener used to pick up this exception now it never gets fired.

The event


Seems to fire, but I think that's an overall something went wrong exception?

I'm using a http element in the security config like below

<http  pattern="/login" security="none"/>

<http auto-config="true" use-expressions="true">            
    <form-login login-page="/login" authentication-failure-url="/login?login_error=1" 


Akil Mahimwala said:

I have a very similar issue.

The AuthenticationFailureBadCredentialsEvent gets fired as expected.
The AuthenticationSuccessEvent is also fired as expected

AuthenticationFailureLockedEvent is not getting fired

Thanks Akil

Rob Worsnop said:

This was introduced by the fix for SEC-546. When a LockedException (or any other AccountStatusException) is thrown, ProviderManager will immediately rethrow the exception without trying other providers. It also skips the event publishing, which is what causes this bug.

I submitted a fix:

@spring-issuemaster spring-issuemaster added this to the 3.1.2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment