在spring security 3.0.5.RELEASE中,我可以覆盖哪个类和方法来捕获错误密码的BadCredentialsException。这是我的security.xml的片段
<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="hideUserNotFoundExceptions" value="true" />
<beans:property name="userDetailsService" ref="userDao"/>
<beans:property name="passwordEncoder" ref="passwordEncoder"/>
</beans:bean>
<security:authentication-manager>
<security:authentication-provider ref='daoAuthenticationProvider'/>
</security:authentication-manager>
答案 0 :(得分:0)
Subclass SimpleUrlAuthenticationFailureHandler并覆盖onAuthenticationFailure()。它传递给它的异常。 exception.getAuthentication()。getCredentials()将返回尝试过的密码。
在form-login元素中配置AuthenticationFailureHandler:
<form-login authentication-failure-handler-ref="authenticationFailureHandler" />