如何根据我得到的错误自定义SPRING_SECURITY_LAST_EXCEPTION.message [英] How to customize SPRING_SECURITY_LAST_EXCEPTION.message according to the error I get
问题描述
我使用Spring Security创建了一个登录系统。
这是我的spring-security.xml
I made a login system with Spring Security. This is my spring-security.xml
...
<session-management invalid-session-url="/login">
<concurrency-control max-sessions="1" expired-url="/login" error-if-maximum-exceeded="true"/>
</session-management>
<form-login
login-page="/login"
default-target-url="/index"
always-use-default-target="true"
authentication-failure-url="/login?error=true"
username-parameter="j_username"
password-parameter="j_password" />
<logout
logout-success-url="/login"
delete-cookies="JSESSIONID"
invalidate-session="true" />
...
因为我有这行认证失败-url =/ login?error = true
我知道如果错误
是'true'
出现错误:可能是错误凭据或超出最大会话数。但我想知道哪个错误确实存在occorred?
Since i have this line authentication-failure-url="/login?error=true"
I know that if error
is 'true'
there's an error: it might be "bad credentials" or "Maximum sessions number exceeded".But I'd like to know which error really occorred?
在java类(@controller)中有没有办法知道Spring给我的错误,以便自定义这些错误消息?
Is there a way, inside a java class (@controller), to know what kind of error Spring is giving me, in order to customize those error messages?
推荐答案
我找到了这个解决方案,似乎有效。
I found this solution, it seems to work.
扩展 SimpleUrlAuthenticationFailureHandler
您可以将用户发送到不同的页面,并打印所需的消息。
Extending SimpleUrlAuthenticationFailureHandler
you can send the user to different pages, and print the message you want.
我的主要目标不是覆盖 SPRING_SECURITY_LAST_EXCEPTION.message
,而是根据以下内容自定义错误消息各种错误Spring安全给了我。
My main goal wasn't to "override" SPRING_SECURITY_LAST_EXCEPTION.message
but was customizing the error message according to the various kind of errors Spring security gives me.
web.xml
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
security-config.xml(只是一些代码)
security-config.xml (just some code)
会话管理
<session-management invalid-session-url="/login" session-authentication-error-url="/login" >
<concurrency-control max-sessions="1" expired-url="/login" error-if-maximum-exceeded="true"/>
</session-management>
form-login 您可以调用自己的AuthenticationFailureHandler(customFailureHandler)
form-login where you call your own AuthenticationFailureHandler (customFailureHandler)
<form-login
login-page="/login"
default-target-url="/index"
always-use-default-target="true"
authentication-failure-handler-ref="customFailureHandler"
username-parameter="j_username"
password-parameter="j_password" />
您自己的AuthenticationFailureHandler的 bean
the bean of your own AuthenticationFailureHandler
<beans:bean id="customFailureHandler" class="com.springgestioneerrori.controller.CustomAuthenticationFailureHandler"/>
这是实现SimpleUrlAuthenticationFailureHandler的类
and this is the class implementing SimpleUrlAuthenticationFailureHandler
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.session.SessionAuthenticationException;
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
if(exception.getClass().isAssignableFrom(BadCredentialsException.class)) {
setDefaultFailureUrl("/url1");
}
else if (exception.getClass().isAssignableFrom(DisabledException.class)) {
setDefaultFailureUrl("/url2");
}
else if (exception.getClass().isAssignableFrom(SessionAuthenticationException.class)) {
setDefaultFailureUrl("/url3");
}
super.onAuthenticationFailure(request, response, exception);
}
}
希望这可以帮助某人。
这篇关于如何根据我得到的错误自定义SPRING_SECURITY_LAST_EXCEPTION.message的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!