春季安全 - 不会将认证失败消息 [英] Spring Security - authentication failure message without redirects
问题描述
如何显示认证失败消息没有在Spring Security的任何重定向?
How to show authentication failure message without any redirects in Spring Security?
我可以找到类似的问题,像<一个href=\"http://stackoverflow.com/questions/3843913/how-to-display-error-message-in-my-jsp-page-using-spring-security-2-0\">How以Spring Security 2.0 ,并在我的JSP页面来显示错误信息<一个href=\"http://stackoverflow.com/questions/28989288/spring-security-authentication-failure-blank-message\">Spring安全性 - 身份验证失败 - 空消息描述的地方做的不好的方式
I can find similar questions, like How to display error message in my JSP page using spring security 2.0 and Spring Security - Authentication Failure - Blank Message where described bad way of doing it.
我不喜欢认证故障网址属性的使用。所有我需要的是显示的登录页面在HTTP POST请求后,错误信息没有任何重定向和不使用会议。只要把错误的变量进入登录模式。
I don't like usage of authentication-failure-url attribute. All what I need is to show error message after HTTP POST request on login page without any redirects and without using session. Just put error variable into login model.
推荐答案
你应该做的是在你的登录页面做 / j_spring_security_check 与<$ c进行AJAX调用$ C>为j_username 和为j_password 。
What you should do is in your login page do a AJAX call to /j_spring_security_check with j_username and j_password.
和您必须编写自定义的 AuthenticationFailureHandler 并插入它<一个href=\"http://grep$c$c.com/file/repo1.maven.org/maven2/org.springframework.security/spring-security-web/3.0.1.RELEASE/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java\"相对=nofollow> UsernamePasswordAuthenticationFilter .setAuthenticationFailureHandler方法。和一个自定义的 AuthenticationSuccessHandler 和<一个href=\"http://grep$c$c.com/file/repo1.maven.org/maven2/org.springframework.security/spring-security-web/3.0.1.RELEASE/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java\"相对=nofollow> UsernamePasswordAuthenticationFilter .setAuthenticationSuccessHandler方法。
And you have to write a Custom AuthenticationFailureHandler and Plug it to UsernamePasswordAuthenticationFilter.setAuthenticationFailureHandler method. And a Custom AuthenticationSuccessHandler and UsernamePasswordAuthenticationFilter.setAuthenticationSuccessHandler method.
您的自定义AuthenticationSuccessHandler应返回true。您的自定义AuthenticationFailureHandler应该返回false,你的登录页面的AJAX回调应该检查这些值,并采取相应的登录操作。
Your custom AuthenticationSuccessHandler should return true. Your custom AuthenticationFailureHandler should return false and your Login Page AJAX callback should check these values and take appropriate login action.
这篇关于春季安全 - 不会将认证失败消息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
