我已经设置了弹簧安全装置,如下所示。我想获取这些控制器类中的用户ID,以便我可以更新失败计数,如果有一个错误的凭据或我想将其重定向到重置密码页面密码已经过期。
提前致谢。
<beans:bean id="exceptionTranslationFilter" class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler">
<beans:property name="exceptionMappings">
<beans:props>
<beans:prop key="org.springframework.security.authentication.BadCredentialsException">/login_error</beans:prop>
<beans:prop key="org.springframework.security.authentication.CredentialsExpiredException">/password_expired</beans:prop>
<beans:prop key="org.springframework.security.authentication.LockedException">/locked</beans:prop>
<beans:prop key="org.springframework.secuirty.authentication.DisabledException">/disabled</beans:prop>
</beans:props>
</beans:property>
</beans:bean>
<http use-expressions="true">
<form-login login-page="/login" default-target-url="/" authentication-failure-handler-ref="exceptionTranslationFilter" />
</http>
答案 0 :(得分:0)
还可以添加一个ApplicationListener来监听BadCredentials事件,请参阅post
<强>编辑: 如何添加AuthenticationSuccessHandler,看到这个例子:Redirect to different pages after Login with Spring Security