如果登录凭据无效,则显示弹出错误消息时出现问题。当我尝试使用错误的用户名或密码登录时,它只是重新加载登录页面,但没有显示错误消息。 根context.xml中
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cloud="http://schema.cloudfoundry.org/spring"
xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
http://schema.cloudfoundry.org/spring http://schema.cloudfoundry.org/spring/cloudfoundry-spring-0.7.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
<context:property-placeholder location="classpath:config.properties" />
<!-- Register the Customer.properties -->
<bean id="messageSource"
class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basenames">
<list>
<value>mymessages</value>
</list>
</property>
</bean>
<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
<property name="dataSource" ref="dataSource"></property>
</bean>
<!-- Initialization for data source -->
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="${database.driver}" />
<property name="url" value="${database.url}" />
<property name="username" value="${database.user}" />
<property name="password" value="${database.password}" />
</bean>
<!-- Spring Security -->
<!-- No security for resources directory logout-url="/j_spring_security_logout" -->
<security:http pattern="/resources/**" security="none" auto-config='false'/>
<!-- REST services are secured with Basic Auth -->
<security:http auto-config='true'>
<security:intercept-url pattern="/Admin" access="ROLE_ADMIN" />
<security:access-denied-handler error-page="/accessdenied"/>
<security:intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" /><!-- allows all user to access the login page -->
<security:intercept-url pattern="/**" access="ROLE_USER, ROLE_ADMIN" /><!-- makes all pages secured requiring the roll ROLL_USER to access them -->
<security:form-login login-page='/login' default-target-url="/" always-use-default-target='true'
authentication-failure-url="/loginfailed"/><!--supplying my own login form/page-->
<security:logout logout-success-url="/" logout-url="/j_spring_security_logout"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service
data-source-ref="dataSource"
users-by-username-query="SELECT USERNAME, PASSWORD, ENABLED FROM TrainAppDB.dbo.tbl_Users WHERE USERNAME=?"
authorities-by-username-query="SELECT u.USERNAME, ur.AUTHORITY FROM TrainAppDB.dbo.tbl_Users u, TrainAppDB.dbo.tbl_UserRoles ur WHERE u.USER_ID = ur.USER_ID AND u.USERNAME=?"/>
</security:authentication-provider>
</security:authentication-manager>
<context:component-scan base-package="com.billy"/>
</beans>
我也试过
<security:http auto-config='true'>
<security:intercept-url pattern="/Admin" access="ROLE_ADMIN" />
<security:access-denied-handler error-page="/accessdenied"/>
<security:intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/**" access="ROLE_USER, ROLE_ADMIN" />
<security:form-login login-page='/login' default-target-url="/"authentication-failure-url="/loginfailed"/>
<security:logout logout-success-url="/" logout-url="/j_spring_security_logout"/>
</security:http>
登录控制器
@Controller
public class LoginController extends BaseController{
@RequestMapping(value="/", method = RequestMethod.GET)
public String printWelcome(ModelMap model, Principal principal ) {
String name = principal.getName();
model.addAttribute("username", name);
model.addAttribute("message", "Spring Security Custom Form example");
return "home";
}
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String home(Model model)
{
return "login";
}
@RequestMapping(value = "/loginfailed", method = RequestMethod.GET)
public String home2(Model model)
{
model.addAttribute("error", "true");
return "login";
}
@RequestMapping(value="/logout", method = RequestMethod.GET)
public String logout(ModelMap model) {
return "login";
}
}
最后我的login.jsp
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ page session="true"%>
<%@ include file="include/head.jsp"%>
<body>
<%@ include file="include/login1.jsp"%>
<c:if test="${not empty error}">
<div class="errorblock">
Your login attempt was not successful, try again.<br /> Caused :
${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
</div>
</c:if>
</body>
</html>
答案 0 :(得分:1)
spring security在身份验证失败的情况下发送重定向 =&gt; SPRING_SECURITY_LAST_EXCEPTION
处理程序中不再提供/loginfailed
请求属性,因为它是新请求。
但是spring将包含消息的error
参数添加到重定向。
您还可以实现自定义AuthenticatinoFailureHandler