本文介绍了春季安全 - 不会将认证失败消息的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

如何显示认证失败消息没有在Spring Security的任何重定向?

How to show authentication failure message without any redirects in Spring Security?

我可以找到类似的问题,像How以Spring Security 2.0 ,并在我的JSP页面来显示错误信息Spring安全性 - 身份验证失败 - 空消息描述的地方做的不好的方式

I can find similar questions, like How to display error message in my JSP page using spring security 2.0 and Spring Security - Authentication Failure - Blank Message where described bad way of doing it.

我不喜欢认证故障网址属性的使用。所有我需要的是显示的登录页面在HTTP POST请求后,错误信息没有任何重定向不使用会议。只要把错误的变量进入登录模式。

I don't like usage of authentication-failure-url attribute. All what I need is to show error message after HTTP POST request on login page without any redirects and without using session. Just put error variable into login model.

推荐答案

你应该做的是在你的登录页面做 / j_spring_security_check 与<$ c进行AJAX调用$ C>为j_username 和为j_password

What you should do is in your login page do a AJAX call to /j_spring_security_check with j_username and j_password.

和您必须编写自定义的并插入它<一个href=\"http://grep$c$c.com/file/repo1.maven.org/maven2/org.springframework.security/spring-security-web/3.0.1.RELEASE/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java\"相对=nofollow> UsernamePasswordAut​​henticationFilter .setAuthenticationFailureHandler方法。和一个自定义的和<一个href=\"http://grep$c$c.com/file/repo1.maven.org/maven2/org.springframework.security/spring-security-web/3.0.1.RELEASE/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.java\"相对=nofollow> UsernamePasswordAut​​henticationFilter .setAuthenticationSuccessHandler方法。

And you have to write a Custom AuthenticationFailureHandler and Plug it to UsernamePasswordAuthenticationFilter.setAuthenticationFailureHandler method. And a Custom AuthenticationSuccessHandler and UsernamePasswordAuthenticationFilter.setAuthenticationSuccessHandler method.

您的自定义AuthenticationSuccessHandler应返回true。您的自定义AuthenticationFailureHandler应该返回false,你的登录页面的AJAX回调应该检查这些值,并采取相应的登录操作。

Your custom AuthenticationSuccessHandler should return true. Your custom AuthenticationFailureHandler should return false and your Login Page AJAX callback should check these values and take appropriate login action.

这篇关于春季安全 - 不会将认证失败消息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-06 03:50