in plugin-core/plugin/grails-app/controllers/grails/plugin/springsecurity/LoginController.groovy [103:130]
def authfail() {
String msg = ''
def exception = session[WebAttributes.AUTHENTICATION_EXCEPTION]
if (exception) {
def locale = GrailsWebRequest.lookup().getLocale() ?: Locale.getDefault()
if (exception instanceof AccountExpiredException) {
msg = messageSource.getMessage('springSecurity.errors.login.expired', null, "Account Expired", locale)
} else if (exception instanceof CredentialsExpiredException) {
msg = messageSource.getMessage('springSecurity.errors.login.passwordExpired', null, "Password Expired", locale)
} else if (exception instanceof DisabledException) {
msg = messageSource.getMessage('springSecurity.errors.login.disabled', null, "Account Disabled", locale)
} else if (exception instanceof LockedException) {
msg = messageSource.getMessage('springSecurity.errors.login.locked', null, "Account Locked", locale)
} else if (exception instanceof SessionAuthenticationException) {
msg = messageSource.getMessage('springSecurity.errors.login.max.sessions.exceeded', null, "Sorry, you have exceeded your maximum number of open sessions.", locale)
} else {
msg = messageSource.getMessage('springSecurity.errors.login.fail', null, "Authentication Failure", locale)
}
}
if (springSecurityService.isAjax(request)) {
render([error: msg] as JSON)
} else {
flash.message = msg
redirect action: 'auth', params: params
}
}