How to display error message in my JSP page using spring security 2.0

问题

Hi I am now using spring security. It works fine. But if login failed, no error message display. I am wondering how can I display error message?

I have configured the ResourceBundleMessageSource in my applicationContext.xml

<!-- Spring security error message config -->
    <bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
        <property name="basenames">
             <list>
                  <value>messages</value>
             </list>
        </property>
    </bean>

And my security-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:David="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                           http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                           http://www.springframework.org/schema/security
                           http://www.springframework.org/schema/security/spring-security-2.0.xsd">

    <David:http auto-config="true" access-denied-page="/accessDenied.html">

        <!-- Don`t set any role restriction on login.jsp -->
        <David:intercept-url pattern="/login.jsp"
            access="IS_AUTHENTICATED_ANONYMOUSLY" />

        <!-- Restrict access to All other pages -->
        <David:intercept-url pattern="/admin.jsp"
            access="ROLE_ADMIN" />

        <!-- Set the login page and what to do if login fails -->
        <David:form-login login-page="/login.jsp"
            default-target-url="/"/>
        <David:logout logout-success-url="/" />
    </David:http>

    <!-- Specify login examnination strategy -->
    <David:authentication-provider>
        <David:password-encoder hash="md5" />
        <David:jdbc-user-service
            data-source-ref="dataSource"
            users-by-username-query="select username, password, status as enabled from user where username=?"
            authorities-by-username-query="select u.username,r.name as authority
                                             from user u
                                             join user_role ur
                                               on u.id=ur.user_id
                                             join role r
                                               on r.id=ur.role_id
                                            where u.username=?" />
    </David:authentication-provider>
</beans>

My jsp page:

<%@ page contentType="text/html;charset=utf-8"%>
<%@ taglib prefix="s" uri="/struts-tags"%>
<%@ page
    import="org.springframework.security.ui.AbstractProcessingFilter"%>
<%@ page
    import="org.springframework.security.ui.webapp.AuthenticationProcessingFilter"%>
<%@ page import="org.springframework.security.AuthenticationException"%>

<form id="myform" class="cmxform" method="post"
                            action="${pageContext.request.contextPath}/j_spring_security_check">
                            <fieldset>
                                <legend>
                                    Please input correct username and password to login
                                </legend>
                                <p>
                                    <label for="user">


                                        Username:
                                    </label>
                                    <input id="user" name="j_username" />
                                </p>
                                <p>
                                    <label for="pass">


                                        Password:
                                    </label>
                                    <input type="password" name="j_password" id="password" />
                                </p>
                                <p>
                                    <input type="submit" class="submit" value="Login" />
                                </p>
                            </fieldset>
                        </form>

Any suggestions? Any help will be appreciated.

回答1:

Where is the jsp to actually display the error? Something like

<c:if test="${not empty param.error}">
    <!-- Display error message -->
</c:if>

If you want to customize this message, you should also look at this

回答2:

<c:if test="${not empty param.login_error}">
    <div class="error">
        Your login attempt was not successful, try again.<br />
        Reason: #{sessionScope.SPRING_SECURITY_LAST_EXCEPTION.message}
    </div>
</c:if>

回答3:

This works

<c:if test="${param.error != null}">
     Error
</c:if>

回答4:

Maybe you can try this...put

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>

for c tag on jsp page, and then put something like below for error msg display

<c:when test="${param.error == 1}">
<h3 style="font-size:20; color:#FF1C19;">Wrong id or password!</h3>
</c:when>

"param.error == 1" can get return value from Spring Security(security-config.xml) like

<beans:bean id="authenticationFailureHandler" class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler">
    <beans:property name="exceptionMappings">
        <beans:props>    
        <beans:prop key="org.springframework.security.core.userdetails.UsernameNotFoundException">/login.action?error=1</beans:prop>
        </beans:props>  
    </beans:property>
</beans:bean>

回答5:

This worked for me :

<c:if test="${not empty sessionScope.SPRING_SECURITY_LAST_EXCEPTION}">
<div class="error">
    Your login attempt was not successful, try again.<br />
    Reason: ${sessionScope.SPRING_SECURITY_LAST_EXCEPTION.message}
</div>
</c:if>

回答6:

I am using spring-security v 4.0.3.RELEASE

Using the not empty did not work for me. However checking for null worked for me.

<c:if test="${ param.error ne null}">
    Display error message
</c:if>

来源：https://stackoverflow.com/questions/3843913/how-to-display-error-message-in-my-jsp-page-using-spring-security-2-0