在自定义spring boot登录表单上显示错误登录消息 [英] Display error login message on custom spring boot login form

问题描述

我正在处理自定义的Spring Boot登录表单.当用户提供错误的凭据时，我希望我的应用程序重定向到同一页面并显示错误.我尝试的是创建自己的 failureHandler ，然后在 onAuthenticationFailure 中将参数传递给请求.然后在我的登录.jsp表单中检查此参数是否存在，并基于该参数显示错误，但不起作用.我在做什么错了?

I'm working on a custom spring boot login form. When user provides wrong credentials, I want my application redirect to the same page and show an error. What I tried, is to create my own failureHandler and there in onAuthenticationFailure pass a parameter to a request. Then in my login .jsp form check if this parameter exists and based on it show an error, but it doesn't work. What am I doing wrong?

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .csrf()
            .disable()
        .authorizeRequests()
            .antMatchers("/admin/**")
                .hasRole("ADMIN")
            .antMatchers("/user/**")
                .hasAnyRole("USER", "ADMIN")
            .antMatchers("/guest*")
                .permitAll()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/guest/login")
            .permitAll()
            .defaultSuccessUrl("/user/all-tasks", true)
            .failureUrl("/guest/login")
            .failureHandler(new MyAuthenticationFailureHandler())
            .and()
        .logout()
            .logoutUrl("/user/logout")
            .deleteCookies("JSESSIONID");
}

@Component
public class MyAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
        super.onAuthenticationFailure(request, response, exception);
        request.setAttribute("error", true);
    }
}

@Controller
@RequestMapping("/guest")
public class GuestController {
    @GetMapping("/login")
    public String login(){
        return "login";
    }
}

<div>
    <c:if test="${error == true}">
        <h1>DUPA</h1>
    </c:if>
</div>

推荐答案

登录失败时.Spring Security使用特殊的请求参数将您发送回同一登录页面，例如 guest/login?error ，或者您可以通过在以下位置设置 .failureUrl()来将其更改为自定义您未执行的安全配置.

When login fails. Spring security sends you back on the same login page with special request param something like guest/login?error or You can change this to custom by setting up .failureUrl() in security config which you are not doing.

因此将其更改为 .failureUrl("/guest/login?error")

使用此 error 参数使用 $ {not not empty param.error} 来确定是否出了问题.

Use this error param to identify if something went wrong using ${not empty param.error} .

我猜您正在使用JSP，默认情况下 EL 是可用的.您可以在登录页面上添加如下所示的内容，这将为您提供失败的实际原因.

I am guessing you are using JSP and the EL is by default available. You can add something like below on your login page which will give you the actual reason why it failed.

<c:if test="${not empty param.error}">
            <p style="color:red">
                Your login attempt was not
                successful, try again.<br /> Reason: <c:out
                    value="${SPRING_SECURITY_LAST_EXCEPTION.message}" />.
            </p>
        </c:if>

在Spring安全性添加的用户会话范围中，在 SPRING_SECURITY_LAST_EXCEPTION 参数可用的地方，并提供了实际原因.

Where SPRING_SECURITY_LAST_EXCEPTION param is available in user's session scope added by spring security with actual cause.

这篇关于在自定义spring boot登录表单上显示错误登录消息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！