fix error message

2015-12-14 17:05:11 +02:00 · 2015-12-14 17:05:11 +02:00 · bbcacc07bf
parent 418be41d9c
commit bbcacc07bf
3 changed files with 57 additions and 28 deletions
--- a/spring-security-login-and-registration/src/main/java/org/baeldung/security/CustomAuthenticationFailureHandler.java
+++ b/spring-security-login-and-registration/src/main/java/org/baeldung/security/CustomAuthenticationFailureHandler.java
@ -0,0 +1,44 @@
+package org.baeldung.security;
+
+import java.io.IOException;
+import java.util.Locale;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.MessageSource;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.LocaleResolver;
+
+@Component
+public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
+
+    @Autowired
+    private MessageSource messages;
+
+    @Autowired
+    private LocaleResolver localeResolver;
+
+    @Override
+    public void onAuthenticationFailure(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException exception) throws IOException, ServletException {
+        setDefaultFailureUrl("/login.html?error=true");
+
+        super.onAuthenticationFailure(request, response, exception);
+
+        final Locale locale = localeResolver.resolveLocale(request);
+
+        if (exception.getMessage().equalsIgnoreCase("User is disabled")) {
+            request.getSession().setAttribute("SPRING_SECURITY_LAST_EXCEPTION", messages.getMessage("auth.message.disabled", null, locale));
+        } else if (exception.getMessage().equalsIgnoreCase("User account has expired")) {
+            request.getSession().setAttribute("SPRING_SECURITY_LAST_EXCEPTION", messages.getMessage("auth.message.expired", null, locale));
+        } else if (exception.getMessage().equalsIgnoreCase("blocked")) {
+            request.getSession().setAttribute("SPRING_SECURITY_LAST_EXCEPTION", messages.getMessage("auth.message.blocked", null, locale));
+        } else {
+            request.getSession().setAttribute("SPRING_SECURITY_LAST_EXCEPTION", messages.getMessage("message.badCredentials", null, locale));
+        }
+    }
+}
--- a/spring-security-login-and-registration/src/main/java/org/baeldung/spring/SecSecurityConfig.java
+++ b/spring-security-login-and-registration/src/main/java/org/baeldung/spring/SecSecurityConfig.java
@ -13,6 +13,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

@Configuration
@ -26,6 +27,9 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private AuthenticationSuccessHandler myAuthenticationSuccessHandler;

+    @Autowired
+    private AuthenticationFailureHandler authenticationFailureHandler;
+
    public SecSecurityConfig() {
        super();
    }
@ -59,6 +63,7 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
                .defaultSuccessUrl("/homepage.html")
                .failureUrl("/login.html?error=true")
                .successHandler(myAuthenticationSuccessHandler)
+                .failureHandler(authenticationFailureHandler)
                .usernameParameter("j_username")
                .passwordParameter("j_password")
            .permitAll()
--- a/spring-security-login-and-registration/src/main/webapp/WEB-INF/view/login.jsp
+++ b/spring-security-login-and-registration/src/main/webapp/WEB-INF/view/login.jsp
@ -7,34 +7,7 @@
 <%@ page session="true"%>
 <fmt:message key="message.password" var="noPass" />
 <fmt:message key="message.username" var="noUser" />
-<c:if test="${param.error != null}">
-    <c:choose>
-        <c:when
-            test="${SPRING_SECURITY_LAST_EXCEPTION.message == 'User is disabled'}">
-            <div class="alert alert-danger">
-                <spring:message code="auth.message.disabled"></spring:message>
-            </div>
-        </c:when>
-        <c:when
-            test="${SPRING_SECURITY_LAST_EXCEPTION.message == 'User account has expired'}">
-            <div class="alert alert-danger">
-                <spring:message code="auth.message.expired"></spring:message>
-            </div>
-        </c:when>
-        <c:when
-            test="${SPRING_SECURITY_LAST_EXCEPTION.message == 'blocked'}">
-            <div class="alert alert-danger">
-               <spring:message code="auth.message.blocked"></spring:message>
-            </div>
-        </c:when>
-        <c:otherwise>
-            <div class="alert alert-danger">
-            <!-- <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}"/> -->
-                <spring:message code="message.badCredentials"></spring:message>
-            </div>
-        </c:otherwise>
-    </c:choose>
-</c:if>
+
 <html>

 <head>
@ -72,6 +45,13 @@ ${param.message}
 </div>
 </c:if>

+
+<c:if test="${param.error != null}">
+<div class="alert alert-danger">
+${SPRING_SECURITY_LAST_EXCEPTION}
+</div>
+</c:if>
+
    <div class="container">
        <div class="row wrapper">
            <h1>