Question

我使用spring security 4.4并使用jsp登录。当密码或用户名错误时，重新加载此页面时没有任何错误消息。

＆＃13;

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-4.0.xsd">
   
   <!--   <http pattern="/loginpage" security="none"/> -->

    <http use-expressions="true">
     	<intercept-url pattern="/loginpage" access="isAnonymous()"/>
	    <intercept-url pattern="/**" access="isAuthenticated()"/>
	    <form-login login-page="/loginpage" default-target-url="/index" authentication-failure-url="/loginpage" />

	    <logout logout-url="/logout" logout-success-url="/index"/>

       
    </http>
 
   <beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
		<beans:property name="userDetailsService" ref="userDetailsService"></beans:property>
   </beans:bean>
   <beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
	   <beans:constructor-arg>	   
		   <beans:list>
				<beans:ref bean="daoAuthenticationProvider"/>
		   </beans:list>
	   </beans:constructor-arg>
 	</beans:bean>
 	<authentication-manager>
	 	<authentication-provider user-service-ref="userDetailsService">
		 	<password-encoder hash="md5"></password-encoder>
	 	</authentication-provider>
 	</authentication-manager>
</beans:beans>

＆＃13;

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %> 
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Registration Page</title>
</head>
<body>
<h2>Input Your Detail</h2>
<form name='f'action="login" method='POST'>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
	<table>
		<tbody>
			<tr>
				<td>User Name</td>
				<td><input type="text" name="username" size="30" /></td>
			</tr>
			<tr>
				<td>Password</td>
				<td><input type="password" name="password" size="30" /></td>
			</tr>
			<tr>
				<td></td>
				<td><input type="submit" value="login" /></td>
			</tr>
		</tbody>
    </table>
</form>


<c:if test="${param.error != null}"> 
	<p>Invalid username or password</p>
</c:if>
</body>
</html>

＆＃13;

是否有任何安全xml配置来获取错误消息？

Answer 1

我改变了authentication-failure-url="/loginpage" 到

authentication-failure-url="/loginpage?error=true"

在spring-security.xml中它有效。

无法获取错误消息spring security 4自定义登录表单

1 个答案: