Java 如何在jsp中显示spring security身份验证异常的自定义错误消息
我想在jsp中显示spring安全身份验证异常的自定义错误消息 对于错误的用户名或密码Java 如何在jsp中显示spring security身份验证异常的自定义错误消息,java,spring,spring-mvc,spring-security,Java,Spring,Spring Mvc,Spring Security,我想在jsp中显示spring安全身份验证异常的自定义错误消息 对于错误的用户名或密码 spring displays : Bad credentials what I need : Username/Password entered is incorrect. 对于已禁用的用户 spring displays : User is disabled what I need : Your account is diabled, please contact administrat
spring displays : Bad credentials
what I need : Username/Password entered is incorrect.
对于已禁用的用户
spring displays : User is disabled
what I need : Your account is diabled, please contact administrator.
我是否需要为此重写AuthenticationProcessingFilter?或者我可以在jsp本身中做一些事情来查找身份验证异常密钥并显示不同的消息在spring security jar中重新定义messages.properties中的属性。例如,添加到类路径myMessages.properties并将消息源添加到上下文:
AbstractUserDetailsAuthenticationProvider.badCredentials=Username/Password entered is incorrect.
AbstractUserDetailsAuthenticationProvider.disabled=Your account is diabled, please contact administrator.
萨尔文·弗朗西斯:
我的信息
我是spring新手,但请在服务器上尝试以下操作:
throw new BadCredentialsException("This is my custom message !!");
当然,您需要一个作为身份验证提供程序的类才能工作。这里有一个JSP EL修复程序。与其说是一个优雅的解决方案,不如说是一种黑客手段,但却能快速而肮脏地完成工作。警告-这不安全!只有英语 这需要函数标记库:
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
在添加了“messageSource”bean之后,我在让错误消息与CookieLocalerResolver一起工作时遇到了问题,因为DispatcherServlet(它会自动为您的应用程序使用)在安全性测试之后被调用。
见:
我的解决方案是设置LocalContextHolder的自定义筛选器:
public class LocaleContextFilter extends OncePerRequestFilter {
private LocaleResolver localeResolver;
public void setLocaleResolver(LocaleResolver localeResolver) {
this.localeResolver = localeResolver;
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
// store Local into ThreadLocale
if (this.localeResolver != null) {
final Locale locale = this.localeResolver.resolveLocale(request);
LocaleContextHolder.setLocale(locale);
}
try {
filterChain.doFilter(request, response);
} finally {
LocaleContextHolder.resetLocaleContext();
}
}
}
以及Spring安全上下文配置:
<http use-expressions="true">
<custom-filter ref="localeContextFilter" after="FIRST" />
.....
</http>
<beans:bean id="localeContextFilter" class="at.telekom.ppp.util.opce.fe.interceptor.LocaleContextFilter" >
<beans:property name="localeResolver" ref="localeResolver" /><!-- e.g.: CookieLocaleResolver -->
</beans:bean>
.....
我希望这能帮助其他有此问题的人。hi,您能更具体地说明如何“绑定”spring以接受myMessages.properties,而不是它自己的message.properties吗?这里有Salvin FrancisNB,如果您想要多个消息文件,顺序很重要。您可以引用多个messageSources,但Spring使用它找到的第一个定义。您还可以使用以下符号引用类路径之外的文件:
file:${uk.co.foo.project.path}/config/customermessages/WEB-INF/messages类路径:/config/genericMessages
在类路径上具有myMessages.properties
意味着您可以将其放在src/main/resources下。查看此项了解更多提示如何在不同的语言环境中显示sprin安全性的异常消息?这不起作用。我将taglib放在jsp的顶部,并将${SPRING\u SECURITY\u LAST\u EXCEPTION.message}替换为${fn:replace(SPRING\u SECURITY\u LAST\u EXCEPTION.message,'坏凭证','用户名/密码不正确')
public class LocaleContextFilter extends OncePerRequestFilter {
private LocaleResolver localeResolver;
public void setLocaleResolver(LocaleResolver localeResolver) {
this.localeResolver = localeResolver;
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
// store Local into ThreadLocale
if (this.localeResolver != null) {
final Locale locale = this.localeResolver.resolveLocale(request);
LocaleContextHolder.setLocale(locale);
}
try {
filterChain.doFilter(request, response);
} finally {
LocaleContextHolder.resetLocaleContext();
}
}
}
<http use-expressions="true">
<custom-filter ref="localeContextFilter" after="FIRST" />
.....
</http>
<beans:bean id="localeContextFilter" class="at.telekom.ppp.util.opce.fe.interceptor.LocaleContextFilter" >
<beans:property name="localeResolver" ref="localeResolver" /><!-- e.g.: CookieLocaleResolver -->
</beans:bean>