We are having two ways of logging in.
When the user name and password are present in the request header and if it's wrong, I am shown an HTTP Status 401 - Authentication Failed: Bad credentials page.
How do I make it show the login page in case the authentication failed?
Below is the code in the security.xml
<http auto-config="true" use-expressions="true">
<access-denied-handler error-page="/login.jsp"/>
<intercept-url pattern="/*Login*" access="hasRole('ROLE_ANONYMOUS')"/>
<intercept-url pattern="/*" access="hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')"/>
<custom-filter ref="requestHeaderFilter" before="FORM_LOGIN_FILTER"/>
<form-login login-page="/login.jsp"/>
</http>
Please let me know if you need more information.
Edit: Adding the code for RequestHeader filter in my application
public class RequestHeaderProcessingFilter extends AbstractAuthenticationProcessingFilter{
private String usernameHeader = "j_username";
private String passwordHeader = "j_password";
protected RequestHeaderProcessingFilter() {
super("/login_direct");
}
//getters and setters
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
String username = request.getHeader(usernameHeader);
String password = request.getHeader(passwordHeader);
SignedUsernamePasswordAuthenticationToken authRequest =
new SignedUsernamePasswordAuthenticationToken(username, password);
return this.getAuthenticationManager().authenticate(authRequest);
}
}
To show the login page in case the authentication failed you should have the same url in the <access-denied-handler error-page="/login.jsp"/>
and the <intercept-url pattern="/*Login*" access="hasRole('ROLE_ANONYMOUS')"/>
for example:
<global-method-security secured-annotations="enabled" />
<http auto-config="true" access-denied-page="/app/sesiones/procesarLogin">
<logout logout-success-url="/app/sesiones/login" />
<form-login
authentication-failure-url="/app/sesiones/login?error=true"
login-page="/app/sesiones/login" default-target-url="/app/sesiones/procesarLogin" />
<intercept-url pattern="/app/privados/*" access="ROLE_USER" />
</http>
in that example, the user is also redirected to login page after he logs out. The /procesarLogin is a method that sent user lo login.jsp page.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With