如何根据我得到的错误自定义SPRING_SECURITY_LAST_EXCEPTION.message [英] How to customize SPRING_SECURITY_LAST_EXCEPTION.message according to the error I get

问题描述

我使用Spring Security创建了一个登录系统。
这是我的spring-security.xml

I made a login system with Spring Security. This is my spring-security.xml

... 
<session-management invalid-session-url="/login">
       <concurrency-control max-sessions="1" expired-url="/login" error-if-maximum-exceeded="true"/>
</session-management>

<form-login 
        login-page="/login"                         
        default-target-url="/index" 
        always-use-default-target="true"
        authentication-failure-url="/login?error=true"          
        username-parameter="j_username"         
        password-parameter="j_password" />

<logout
        logout-success-url="/login"          
        delete-cookies="JSESSIONID" 
        invalidate-session="true" />     
    ...

因为我有这行认证失败-url =/ login？error = true
我知道如果错误是'true' 出现错误：可能是错误凭据或超出最大会话数。但我想知道哪个错误确实存在occorred？

Since i have this line authentication-failure-url="/login?error=true" I know that if error is 'true' there's an error: it might be "bad credentials" or "Maximum sessions number exceeded".But I'd like to know which error really occorred?

在java类（@controller）中有没有办法知道Spring给我的错误，以便自定义这些错误消息？

Is there a way, inside a java class (@controller), to know what kind of error Spring is giving me, in order to customize those error messages?

推荐答案

我找到了这个解决方案，似乎有效。

I found this solution, it seems to work.

扩展 SimpleUrlAuthenticationFailureHandler 您可以将用户发送到不同的页面，并打印所需的消息。

Extending SimpleUrlAuthenticationFailureHandler you can send the user to different pages, and print the message you want.

我的主要目标不是覆盖 SPRING_SECURITY_LAST_EXCEPTION.message ，而是根据以下内容自定义错误消息各种错误Spring安全给了我。

My main goal wasn't to "override" SPRING_SECURITY_LAST_EXCEPTION.message but was customizing the error message according to the various kind of errors Spring security gives me.

web.xml

  <listener>
    <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
  </listener>

security-config.xml（只是一些代码）

security-config.xml (just some code)

会话管理

   <session-management invalid-session-url="/login" session-authentication-error-url="/login" >
                   <concurrency-control max-sessions="1" expired-url="/login" error-if-maximum-exceeded="true"/>
            </session-management> 

form-login 您可以调用自己的AuthenticationFailureHandler（customFailureHandler）

form-login where you call your own AuthenticationFailureHandler (customFailureHandler)

  <form-login 
                    login-page="/login"         
                    default-target-url="/index" 
                    always-use-default-target="true"                  
                    authentication-failure-handler-ref="customFailureHandler"   
                    username-parameter="j_username"         
                    password-parameter="j_password" />

您自己的AuthenticationFailureHandler的 bean

the bean of your own AuthenticationFailureHandler

 <beans:bean id="customFailureHandler" class="com.springgestioneerrori.controller.CustomAuthenticationFailureHandler"/>

这是实现SimpleUrlAuthenticationFailureHandler的类

and this is the class implementing SimpleUrlAuthenticationFailureHandler

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.session.SessionAuthenticationException;

public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler { 

    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {

     if(exception.getClass().isAssignableFrom(BadCredentialsException.class)) {
            setDefaultFailureUrl("/url1");
      }
      else if (exception.getClass().isAssignableFrom(DisabledException.class)) {         
          setDefaultFailureUrl("/url2");
      }
      else if (exception.getClass().isAssignableFrom(SessionAuthenticationException.class)) {       
          setDefaultFailureUrl("/url3");    
      }

      super.onAuthenticationFailure(request, response, exception);  

    }

}

希望这可以帮助某人。

这篇关于如何根据我得到的错误自定义SPRING_SECURITY_LAST_EXCEPTION.message的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！