Spring安全性自定义AuthenticationException消息 [英] Spring security custom AuthenticationException message

问题描述

您好我需要在Spring安全登录表单中添加一个新的异常，除了我想要自己的错误消息之外，一切都运行得很好（直到现在它显示错误的登录/密码）。

Hi i needed to add a new exception in Spring security login form, everything work perfectly except that i want to have my own error message (until now it display the "wrong login/password" one).

我从用户名密码验证过滤器覆盖默认尝试验证方法：

I have override default attempt authentication method from Username password Authentication Filter :

@Override
public Authentication attemptAuthentication(final HttpServletRequest request, final HttpServletResponse response)
{
if (!myTest()) {
throw new CustomAuthenticationException("custom message");
}
}

我的例外：

public class CustomAuthenticationException extends AuthenticationException {

    public CustomAuthenticationException(final String message)
    {
        super(message);
    }

    public CustomAuthenticationException(final String message, final Throwable cause)
    {
        super(message, cause);
    }

}

在我的控制器中，我看到了我的异常在SPRING_SECURITY_LAST_EXCEPTION下，但错误信息始终是来自错误凭据的错误消息，我怎么能改变它？

In my controller i see my exception under SPRING_SECURITY_LAST_EXCEPTION but the error message is always the one from bad credentials, how could i change that ?

谢谢

推荐答案

你应该尝试定位弹性安全信息。

尝试将这些行添加到 ApplicationContext.xml中/ code>文件。其他春季安全bean的位置。

You should try LOCALIZING SPRING SECURITY MESSAGES.
Try adding these lines into your ApplicationContext.xml file. Where the rest of your spring security beans are.

<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
    <property name="basename" value="yourFolder/myMessages"/>
</bean>

你应该找到你的春季默认课程< KEY，MESSAGE> 已存储。让你的 myMessage 文件具有相同的 KEY 和本地化的 MESSAGE 秒。

---

根据您的评论，您的项目中有 messages.properties 。因此，您需要做的就是为此属性文件中的每个密钥设置 MESSAGE ，以获得完全本地化的消息：

You should find your spring default class which <KEY, MESSAGE> are stored. Have your myMessage file with the same KEYs and localized MESSAGEs.

---

Based on your comment, you have a messages.properties in your project. So all you need to do is to have a MESSAGE for each of these keys inside this property file, to have a fully localized messages:

AbstractAccessDecisionManager.accessDenied= your message in any language
AbstractSecurityInterceptor.authenticationNotFound=
AbstractUserDetailsAuthenticationProvider.badCredentials=
AbstractUserDetailsAuthenticationProvider.credentialsExpired=
AbstractUserDetailsAuthenticationProvider.disabled=
AbstractUserDetailsAuthenticationProvider.expired=
AbstractUserDetailsAuthenticationProvider.locked=
AbstractUserDetailsAuthenticationProvider.onlySupports=
AccountStatusUserDetailsChecker.credentialsExpired=
AccountStatusUserDetailsChecker.disabled=
AccountStatusUserDetailsChecker.expired=
AccountStatusUserDetailsChecker.locked=
AclEntryAfterInvocationProvider.noPermission=
AnonymousAuthenticationProvider.incorrectKey=
BindAuthenticator.badCredentials=
BindAuthenticator.emptyPassword=
CasAuthenticationProvider.incorrectKey=
CasAuthenticationProvider.noServiceTicket=
ConcurrentSessionControlStrategy.exceededAllowed=
DigestAuthenticationFilter.incorrectRealm=
DigestAuthenticationFilter.incorrectResponse=
DigestAuthenticationFilter.missingAuth=
DigestAuthenticationFilter.missingMandatory=
DigestAuthenticationFilter.nonceCompromised=
DigestAuthenticationFilter.nonceEncoding=
DigestAuthenticationFilter.nonceExpired=
DigestAuthenticationFilter.nonceNotNumeric=
DigestAuthenticationFilter.nonceNotTwoTokens=
DigestAuthenticationFilter.usernameNotFound=
JdbcDaoImpl.noAuthority=
JdbcDaoImpl.notFound=
LdapAuthenticationProvider.badCredentials=
LdapAuthenticationProvider.credentialsExpired=
LdapAuthenticationProvider.disabled=
LdapAuthenticationProvider.expired=
LdapAuthenticationProvider.locked=
LdapAuthenticationProvider.emptyUsername=
LdapAuthenticationProvider.onlySupports=
PasswordComparisonAuthenticator.badCredentials=
PersistentTokenBasedRememberMeServices.cookieStolen=
ProviderManager.providerNotFound=
RememberMeAuthenticationProvider.incorrectKey=
RunAsImplAuthenticationProvider.incorrectKey=
SubjectDnX509PrincipalExtractor.noMatching=
SwitchUserFilter.noCurrentUser=
SwitchUserFilter.noOriginalAuthentication=

这篇关于Spring安全性自定义AuthenticationException消息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！