问题
I am working on a spring-mvc web application.
On my login page if user enters bad credentials I want to display an error message.
So I tried to use spring security for showing error message, but I am get unable to display any message.
login.jsp
for login form I have done binding as :
<form method="post" action="<c:url value='/j_spring_security_check' />" id="loginForm">
.... login ui
</form>
for displaying the error:
<c:if test="${not empty param.error}">
<div>
<c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}"/>
</div>
</c:if>
security-context.xml
<form-login login-page="/login" default-target-url="/home" always-use-default-target="false" authentication-failure-url="/login?error=true" />
after enabling all this options still unable to display error message on bad credentials provided.
Do let me know if you want any other info.
PS: On a quick note, rest entire config and application is working fine. Users are able to login. I have extended the UserDetailsContextMapper, and in that for anonymous users I am throwing an exception UsernameNotFoundException
回答1:
Finally I figured out the issue. This messages are stored in session and on my page I kept:
<%@ page session="false"%>
I changed it to:
<%@ page session="true"%>
and it started working. Another good info I got is, after all this if you want show your custom error messages, it is very simple to override those messages. For detailed info refer to this link.
来源:https://stackoverflow.com/questions/28989288/spring-security-authentication-failure-blank-message