Looking at the Liferay source, portal-web/docroot/html/portlet/login/login.jsp has different error messages depending on the exception thrown.
1<liferay-ui:error exception="<%= AuthException.class %>" message="authentication-failed" />
2<liferay-ui:error exception="<%= CookieNotSupportedException.class %>" message="authentication-failed-please-enable-browser-cookies" />
3<liferay-ui:error exception="<%= NoSuchUserException.class %>" message="please-enter-a-valid-login" />
4<liferay-ui:error exception="<%= PasswordExpiredException.class %>" message="your-password-has-expired" />
5<liferay-ui:error exception="<%= UserEmailAddressException.class %>" message="please-enter-a-valid-login" />
6<liferay-ui:error exception="<%= UserLockoutException.class %>" message="this-account-has-been-locked" />
7<liferay-ui:error exception="<%= UserPasswordException.class %>" message="please-enter-a-valid-password" />
8<liferay-ui:error exception="<%= UserScreenNameException.class %>" message="please-enter-a-valid-screen-name" />
However, "com.liferay.portal.security.auth.Authenticator" only throws an "AuthException", and prevents any class that implements it from bubbling up a different exception bubble up.
Seems seems like either a bug or an inflexible design.
Are there any thoughts out there as to why this is the case?
If there are no good reason I'd like to submit/recommend changes to com.liferay.portal.security.auth.Authenticator that would allow a more flexible custom authentication experience.
Also for for reference the following thread has some information as well.
Changing Login Error Messages Firmi prego dentro per inbandierare questo come inadeguato.
