The table below lists the exception classes for JAAS login modules.

Table 15-3 List of exception classes for JAAS login modules

No.	Exception name	Description
1	javax.security.auth.login.LoginException	A parent class for exception classes 2 through 4. The constructor of this class has an msg parameter (java.lang.String).
2	javax.security.auth.login.AccountExpiredException	Reports that the user account has expired.
3	javax.security.auth.login.CredentialExpiredException	Reports that the credential has expired.
4	javax.security.auth.login.FailedLoginException	Reports that authentication has failed.

The login module in either the user authentication library or the single sign-on library assigns error message character strings to the exceptions and sends these strings. The error message character strings are listed in the table below.

Note that if the LoginContext class is instantiated when the JAAS configuration file contains an error,java.lang.SecurityException occurs. In this case, correct this configuration file by referring to the error message character string shown in the next table.

Table 15-4 Exceptions for the login module in the user authentication library or single sign-on library

Exception name	Error message character string	Reason for occurrence
javax.security.auth.login.FailedLoginException	data not found	Authentication information is not found in the passed parameter. The HttpServletRequest passed to the WebPasswordHandler class did not contain a user ID or password.
	invalid data	Authentication is impossible because the user ID or password is wrong. The entry associated with the user ID from the certificate was not found in the repository.
	no data	With user already authenticated within the session, necessary definitions do not include single sign-on authentication information that is associated with the realm to be called.
javax.security.auth.login.LoginException	invalid parameter	The list of attribute names and attributes for creating a credential contains errors indicating that: An attribute name is not specified. The same alias is specified more than once.
	SQL exception name	Access through JDBC has failed. If this exception occurs, take corrective action by referring to the error message character string.
	JNDI exception name	LDAP access has failed. The LDAP server was not found (CommunicationException). There is a bind DN specification error (AuthenticationException).
	not supported	An unsupported CallbackHandler is being used. Information required for either WebSSOLoginModule or WebPasswordLoginModule cannot be obtained with CallbackHandler. An exception has occurred when executing the handle method. This exception only occurs in CallbackHandler for user management when the condition described above exists.
	no class for xxx	The class called from WebSSOLoginModule cannot be used (xxx indicates the value specified by com.cosminexus.admin.auth.sso.loginmodule). The class cannot be instantiated. The JAAS login module was not inherited. The access permission might be missing and the class path might not be configured.
	config error	Processing cannot continue because the JAAS configuration file does not contain necessary information. Processing cannot continue because the configuration file for user management with the Cosminexus standard login module does not contain necessary information.
	invalid session	When an attempt was made to bind the session to an HttpSession object, the HttpSession object became invalid.
	crypto error	Encryption or decryption has failed. The shared single sign-on library to be called by JNI functionality was not found (there is a problem with the java.library.path settings). Decryption has failed (different keys are used for encryption and decryption).
	no sso data	Information for single sign-on is not found. Necessary information for single sign-on is missing.
	no principal	Because Principal was missing, the first authenticated user could not be identified.
	class cast error	There is a mismatch between the type fetched from the repository and that specified in the configuration file for integrated user management. Match these two types. See com.cosminexus.admin.auth.ldap.password.encrypt in ua.conf (which is the configuration file for integrated user management). For details about this ua.conf file, see 14.3 ua.conf (integrated user management configuration file).
	not found driver	JDBC is used. The driver was not found in WebPasswordJDBCLoginModule. Store the driver in the correct position.
	Other	An error has occurred in one of the login modules for the systems. An error has occurred in WebSSOLoginModule, which is a login module in a library other than the user authentication library.

The figure below shows the hierarchy of the exception classes for APIs (non-JAAS APIs) offered by Hitachi.

Figure 15-2 Hierarchy of exception classes

The following table lists these exception classes.

Table 15-5 Exception classes for APIs offered by Hitachi

No.	Exception name	Description
1	com.cosminexus.admin.common.UAException	A parent class for exception classes 2 through 8.
2	com.cosminexus.admin.common.ParameterError	There is a parameter error in one of the APIs.
3	com.cosminexus.admin.common.FormatError	There is a format error in one of the APIs.
4	com.cosminexus.admin.common.ConfigError	There is a configuration file error.
5	com.cosminexus.admin.auth.api.repository.ldap.ObjectClassError	There is an object class error.
6	com.cosminexus.admin.auth.CryptoException	Encryption or decryption has failed.
7	com.cosminexus.admin.auth.api.repository.event.ChangeDataFailedException	The listener class is called if an attempt to update authentication information for another system has failed.
8	com.cosminexus.admin.auth.api.repository.event.SSODataListenerException	The LdapSSODataManager class is called if an attempt to update authentication information for another system has failed.