When I use Spring security with LDAP, I could not override the message raised by UsernameNotFoundException.
I get the message in the UI as: "User mike not found in directory. ". I don't want that to appear in the UI for security reasons. I would be happy to make it as "Bad Credentials" so the user doesn't get a clue that this id doesn't exist.
I started with trying to override the correct message property, with a entry in my applications property file. However since FilterBasedLDAPUserSearch doesn't use a message bundle when creating this exception, I can't override it.
throw new UsernameNotFoundException("User " + username + " not found in directory.", username);
If you guys are busy, I could update the ticket with patch.