Menu
I want to display custom error message in jsp for spring security authentication exceptions.
For wrong username or password,
spring displays : Bad credentials what I need : Username/Password entered is incorrect. For user is disabled,
spring displays : User is disabled what I need : Your account is diabled, please contact administrator. Do I need to override AuthenticationProcessingFilter just for this ? or else can I do something in jsp itself to find the authentication exception key and display different message
783
Spring security by default will show login error in case customer provides invalid username or password. Spring security internally uses the Spring framework resource bundle feature to show customize error messages to the customer.
Now, when authentication is failed, it will display your custom error message “Invalid username or password“, instead of the default “Bad credentials“. Note With this trick, you can override any Spring Security messages easily. Download Source Code Download it – Spring-Security-Display-Custom-Error-Msg.zip(9 KB) mkyong
“SPRING_SECURITY_LAST_EXCEPTION.message” is only filled by Spring when the username exists. If not, “SPRING_SECURITY_LAST_EXCEPTION.message” stay empty. 0 Reply bansal 9 years ago How we can our own new key error which are not the part default error message properties file
In this way built-in spring authentication process will fetch the user input. Now for the custom error message, we need to declare query string parameter as login_error=1 in <form-login/>. It has been declared in our example as following.
Redefine the properties in messages.properties inside spring security jar. For example add to the classpath myMessages.properties and add a message source to the context:
AbstractUserDetailsAuthenticationProvider.badCredentials=Username/Password entered is incorrect. AbstractUserDetailsAuthenticationProvider.disabled=Your account is diabled, please contact administrator. At Salvin Francis:
Message Source Bean
<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource"> <property name="basenames"> <list> <value>myMessages</value> </list> </property> </bean> After adding the "messageSource" bean, I had problems to get the Error Message work with the CookieLocaleResolver because the DispatcherServlet (which does use this for your application automatically) is invoked after the Security. See: http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#localization
My Solution was a custom Filter which sets the LocalContextHolder:
public class LocaleContextFilter extends OncePerRequestFilter { private LocaleResolver localeResolver; public void setLocaleResolver(LocaleResolver localeResolver) { this.localeResolver = localeResolver; } @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { // store Local into ThreadLocale if (this.localeResolver != null) { final Locale locale = this.localeResolver.resolveLocale(request); LocaleContextHolder.setLocale(locale); } try { filterChain.doFilter(request, response); } finally { LocaleContextHolder.resetLocaleContext(); } } } And the Spring Security Context configuration:
<http use-expressions="true"> <custom-filter ref="localeContextFilter" after="FIRST" /> ..... </http> <beans:bean id="localeContextFilter" class="at.telekom.ppp.util.opce.fe.interceptor.LocaleContextFilter" > <beans:property name="localeResolver" ref="localeResolver" /><!-- e.g.: CookieLocaleResolver --> </beans:bean> I hope this helps others which has this problem.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
