在自定义 spring 引导登录表单上显示错误登录消息
[英]Display error login message on custom spring boot login form
问题描述
I'm working on a custom spring boot login form.
我正在处理自定义 spring 引导登录表单。 When user provides wrong credentials, I want my application redirect to the same page and show an error.当用户提供错误的凭据时,我希望我的应用程序重定向到同一页面并显示错误。 What I tried, is to create my own failureHandler and there in onAuthenticationFailure pass a parameter to a request.我尝试的是创建自己的failureHandler并在onAuthenticationFailure中将参数传递给请求。 Then in my login.jsp form check if this parameter exists and based on it show an error, but it doesn't work.然后在我的 login.jsp 表单中检查此参数是否存在并根据它显示错误,但它不起作用。 What am I doing wrong?我究竟做错了什么?
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/admin/**")
.hasRole("ADMIN")
.antMatchers("/user/**")
.hasAnyRole("USER", "ADMIN")
.antMatchers("/guest*")
.permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/guest/login")
.permitAll()
.defaultSuccessUrl("/user/all-tasks", true)
.failureUrl("/guest/login")
.failureHandler(new MyAuthenticationFailureHandler())
.and()
.logout()
.logoutUrl("/user/logout")
.deleteCookies("JSESSIONID");
}
@Component
public class MyAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
super.onAuthenticationFailure(request, response, exception);
request.setAttribute("error", true);
}
}
@Controller
@RequestMapping("/guest")
public class GuestController {
@GetMapping("/login")
public String login(){
return "login";
}
}
<div>
<c:if test="${error == true}">
<h1>DUPA</h1>
</c:if>
</div>
1 个解决方案
解决方案1
1 已采纳 2020-06-04 20:36:27
When login fails.登录失败时。 Spring security sends you back on the same login page with special request param something like guest/login?error or You can change this to custom by setting up .failureUrl() in security config which you are not doing. Spring 安全将您发送回具有特殊请求参数的相同登录页面,例如guest/login?error或者您可以通过在您没有执行的安全配置中设置.failureUrl()将其更改为自定义。
So change it to .failureUrl("/guest/login?error")所以把它.failureUrl("/guest/login?error")
Use this error param to identify if something went wrong using ${not empty param.error} .使用此error参数来确定是否使用${not empty param.error}出了问题。
I am guessing you are using JSP and the EL is by default available.我猜你正在使用 JSP 并且默认情况下EL是可用的。 You can add something like below on your login page which will give you the actual reason why it failed.您可以在登录页面上添加类似下面的内容,这将为您提供失败的实际原因。
<c:if test="${not empty param.error}">
<p style="color:red">
Your login attempt was not
successful, try again.<br /> Reason: <c:out
value="${SPRING_SECURITY_LAST_EXCEPTION.message}" />.
</p>
</c:if>
Where SPRING_SECURITY_LAST_EXCEPTION param is available in user's session scope added by spring security with actual cause.其中SPRING_SECURITY_LAST_EXCEPTION参数在用户的 session scope 中可用,由 spring 安全添加,并具有实际原因。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.