在Spring登录中显示错误消息 [英] Display error messages in Spring login
问题描述
我正在使用Spring安全性对用户进行身份验证.我创建了一个自定义身份验证提供程序,现在我想知道如何将错误消息从提供程序获取到表单中.这是我的自定义身份验证提供程序中的authenticate()方法:
I am using Spring security for authenticating users. I created a custom authentication provider and now I am wondering how I can get error messages from the provider into my form. This is the authenticate() method in my custom authentication provider:
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
UserProfile profile = userProfileService.findByEmail(authentication.getPrincipal().toString());
if(profile == null){
throw new UsernameNotFoundException(String.format("Invalid credentials", authentication.getPrincipal()));
}
String suppliedPasswordHash = DigestUtils.shaHex(authentication.getCredentials().toString());
if(!profile.getPasswordHash().equals(suppliedPasswordHash)){
throw new BadCredentialsException("Invalid credentials");
}
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(profile, null, profile.getAuthorities());
return token;
}
这是我的表格:
<form name='f' action="<c:url value='j_spring_security_check' />" method='POST'>
<div id="data-entry-form">
<div class="form-entry">
<label><spring:message code="login.form.label.email"/></label>
<input type='text' name='j_username' value=''>
</div>
<div class="form-entry">
<label><spring:message code="login.form.label.password"/></label>
<input type='password' name='j_password'/>
</div>
<div class="form-entry">
<input type="submit" value="Verzenden"/>
</div>
</div>
如何将错误消息发送到表单中?从我按下登录按钮的那一刻起,Spring接管了工作,因此,我可以生成错误消息的唯一方法是authenticate()方法...
How would I get error messages into my form? From the moment I press the login button, Spring takes over, so the only method I could generate error messages in would be the authenticate() method...
推荐答案
最安全的3个步骤(我们不依赖LAST_EXCEPTION):
3 Steps of the safest way (we don't rely on the LAST_EXCEPTION):
-
为您的自定义身份验证提供程序配置错误页面(例如"login-error")
Specify error page (for example "login-error") in configuration for your custom authentication provider
httpSecurity
.authorizeRequests()
.antMatchers("/css/**", "/js/**", "/img/**").permitAll()
.anyRequest().fullyAuthenticated()
.and()
.formLogin().loginPage("/login").permitAll()
.failureUrl("/login-error")
.and()
.logout().permitAll()
为url/login-error创建控制器,该控制器返回带有以下代码的自定义登录页面(例如"login")的视图:
Create controller for url /login-error that returns view of your custom login page (for example "login") with the next code:
@Controller
public class LoginController {
@GetMapping("/login-error")
public String login(HttpServletRequest request, Model model) {
HttpSession session = request.getSession(false);
String errorMessage = null;
if (session != null) {
AuthenticationException ex = (AuthenticationException) session
.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
if (ex != null) {
errorMessage = ex.getMessage();
}
}
model.addAttribute("errorMessage", errorMessage);
return "login";
}
}
最终将错误消息获取到您的页面中(例如,ThymeLeaf标签):
Get the error message into your page finally (ThymeLeaf tags for example):
<!--/*@thymesVar id="errorMessage" type="java.lang.String"*/-->
<div class="alert" th:if="${errorMessage}" th:text="${errorMessage}"></div>
这篇关于在Spring登录中显示错误消息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!