Spring安全性自定义AuthenticationException消息 [英] Spring security custom AuthenticationException message
问题描述
您好我需要在Spring安全登录表单中添加一个新的异常,除了我想要自己的错误消息之外,一切都运行得很好(直到现在它显示错误的登录/密码)。
Hi i needed to add a new exception in Spring security login form, everything work perfectly except that i want to have my own error message (until now it display the "wrong login/password" one).
我从用户名密码验证过滤器覆盖默认尝试验证方法:
I have override default attempt authentication method from Username password Authentication Filter :
@Override
public Authentication attemptAuthentication(final HttpServletRequest request, final HttpServletResponse response)
{
if (!myTest()) {
throw new CustomAuthenticationException("custom message");
}
}
我的例外:
public class CustomAuthenticationException extends AuthenticationException {
public CustomAuthenticationException(final String message)
{
super(message);
}
public CustomAuthenticationException(final String message, final Throwable cause)
{
super(message, cause);
}
}
在我的控制器中,我看到了我的异常在SPRING_SECURITY_LAST_EXCEPTION下,但错误信息始终是来自错误凭据的错误消息,我怎么能改变它?
In my controller i see my exception under SPRING_SECURITY_LAST_EXCEPTION but the error message is always the one from bad credentials, how could i change that ?
谢谢
推荐答案
你应该尝试定位弹性安全信息。
尝试将这些行添加到 ApplicationContext.xml中/ code>文件。其他春季安全bean的位置。
You should try LOCALIZING SPRING SECURITY MESSAGES.
Try adding these lines into your ApplicationContext.xml
file. Where the rest of your spring security beans are.
<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basename" value="yourFolder/myMessages"/>
</bean>
你应该找到你的春季默认课程< KEY,MESSAGE>
已存储。让你的 myMessage
文件具有相同的 KEY
和本地化的 MESSAGE
秒。
根据您的评论,您的项目中有
messages.properties
。因此,您需要做的就是为此属性文件中的每个密钥设置 MESSAGE
,以获得完全本地化的消息:
You should find your spring default class which <KEY, MESSAGE>
are stored. Have your myMessage
file with the same KEY
s and localized MESSAGE
s.
Based on your comment, you have a
messages.properties
in your project. So all you need to do is to have a MESSAGE
for each of these keys inside this property file, to have a fully localized messages:
AbstractAccessDecisionManager.accessDenied= your message in any language
AbstractSecurityInterceptor.authenticationNotFound=
AbstractUserDetailsAuthenticationProvider.badCredentials=
AbstractUserDetailsAuthenticationProvider.credentialsExpired=
AbstractUserDetailsAuthenticationProvider.disabled=
AbstractUserDetailsAuthenticationProvider.expired=
AbstractUserDetailsAuthenticationProvider.locked=
AbstractUserDetailsAuthenticationProvider.onlySupports=
AccountStatusUserDetailsChecker.credentialsExpired=
AccountStatusUserDetailsChecker.disabled=
AccountStatusUserDetailsChecker.expired=
AccountStatusUserDetailsChecker.locked=
AclEntryAfterInvocationProvider.noPermission=
AnonymousAuthenticationProvider.incorrectKey=
BindAuthenticator.badCredentials=
BindAuthenticator.emptyPassword=
CasAuthenticationProvider.incorrectKey=
CasAuthenticationProvider.noServiceTicket=
ConcurrentSessionControlStrategy.exceededAllowed=
DigestAuthenticationFilter.incorrectRealm=
DigestAuthenticationFilter.incorrectResponse=
DigestAuthenticationFilter.missingAuth=
DigestAuthenticationFilter.missingMandatory=
DigestAuthenticationFilter.nonceCompromised=
DigestAuthenticationFilter.nonceEncoding=
DigestAuthenticationFilter.nonceExpired=
DigestAuthenticationFilter.nonceNotNumeric=
DigestAuthenticationFilter.nonceNotTwoTokens=
DigestAuthenticationFilter.usernameNotFound=
JdbcDaoImpl.noAuthority=
JdbcDaoImpl.notFound=
LdapAuthenticationProvider.badCredentials=
LdapAuthenticationProvider.credentialsExpired=
LdapAuthenticationProvider.disabled=
LdapAuthenticationProvider.expired=
LdapAuthenticationProvider.locked=
LdapAuthenticationProvider.emptyUsername=
LdapAuthenticationProvider.onlySupports=
PasswordComparisonAuthenticator.badCredentials=
PersistentTokenBasedRememberMeServices.cookieStolen=
ProviderManager.providerNotFound=
RememberMeAuthenticationProvider.incorrectKey=
RunAsImplAuthenticationProvider.incorrectKey=
SubjectDnX509PrincipalExtractor.noMatching=
SwitchUserFilter.noCurrentUser=
SwitchUserFilter.noOriginalAuthentication=
这篇关于Spring安全性自定义AuthenticationException消息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!