使用Spring Security 显示自定义错误消息

4dbbbstv  于 2021-07-13  发布在  Java
关注(0)|答案(0)|浏览(193)

我在spring安全配置中遇到了一些问题。当登录失败时,我需要在我的网页上显示一条自定义消息。
两级身份验证:1。现场看护2。数据库
当用户提供无效的用户名/pwd(将在site minder失败)时,我的自定义错误处理程序被成功调用(authentication failure handler ref=“authfailurehandler”),因此我能够显示无效的错误消息。
当siteminder身份验证成功并且用户在数据库中不可用时,我的自定义错误handler(authentication failure handler ref=“authfailurehandler”)不会被全部调用。相反,它正在执行一系列其他错误处理程序,最后,注销url将被执行并重定向回index.html页面(登录页面),而不显示错误消息。
请建议我在这个问题上,让我知道我哪里是错的。
下面是spring安全配置和其他细节。
spring.security.xml文件

<security:http auto-config="true" use-expressions="true">
    <security:intercept-url pattern="/resources/app/commons/**" access="permitAll"/>
    <security:intercept-url pattern="/resources/app/template/**" access="permitAll"/>
    <security:intercept-url pattern="/resources/app/**" access="hasAnyRole('M_XXX', 'M_XXX')"/>
    <security:intercept-url pattern="/app/template/**" access="permitAll"/>
    <security:intercept-url pattern="/app/**" access="hasAnyRole('M_VVV', 'M_XXX')"/>

    <security:custom-filter position="PRE_AUTH_FILTER" ref="siteminderFilter" />

    <!-- The  authentication-failure url is handled in authFailureHandler -->
    <security:form-login always-use-default-target="true"
                         authentication-failure-url="/index.html?login_error=1"
                         login-page="/index.html"
                         default-target-url="/app/home"
                         login-processing-url="/doLogin" authentication-failure-handler-ref="authFailureHandler"/>
    <security:logout invalidate-session="true" logout-success-url="/index.html" logout-url="/doLogout" />
    <security:session-management invalid-session-url="/index.html"  />
</security:http>

<bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
    <property name="preAuthenticatedUserDetailsService">
        <bean id="userDetailsServiceWrapper" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
            <property name="userDetailsService" ref="userDetailsService" />
        </bean>
    </property>
</bean>

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider ref="preauthAuthProvider" />
</security:authentication-manager>

authfailurehandler.java文件

@Override
public void onAuthenticationFailure(HttpServletRequest request,
        HttpServletResponse response, AuthenticationException exception)
        throws IOException, ServletException {

    if (LOG.isDebugEnabled()) {
        LOG.debug("Error message set in  threadlocal is :"
                + AuthErrorMsgThreadLocal.get());
    }

    // Login failed in Siteminder, so no threadlocal message
    if (StringUtils.isEmpty(AuthErrorMsgThreadLocal.get())) {
        request.getSession().setAttribute("AUTH_ERROR_MSG",
                "Invalid Username or Password");
        response.sendRedirect(request.getContextPath() + ERROR_REDIRECT_URL);
    } else {
        // in the event of an auth failure, get the specific error message
        // from threadlocal
        request.getSession().setAttribute("AUTH_ERROR_MSG",
                AuthErrorMsgThreadLocal.get());
        response.sendRedirect(request.getContextPath() + ERROR_REDIRECT_URL);
        AuthErrorMsgThreadLocal.unset();

    }
}

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题