Posted on: May 23, 2012 at 12:00 AM
Spring Security Custom Error Message
In this section, you will learn about Custom Error Message in Spring Security.
Spring Security have predefined error message, which appears when authentication failed. The predefined error message is given below :
Reason: Bad credentials
You can change this predefined failed authentication error message. You need to add the following snippet in the Dispatcher-servlet.xml :
<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource"> <property name="basenames"> <list> <value>LoginMsg</value> </list> </property> </bean>
And also you need to put the following message in the LoginMsg.property file :
AbstractUserDetailsAuthenticationProvider.badCredentials=Wrong username\ /\ password
Please go through this example, if you are not well aware of Spring Security.
EXAMPLE
In the below example, we will going to change it with custom error message :
The project hierarchy and jar file used is given below :
CODE
web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>SpringSecurityCustomErrorMsg</display-name> <servlet> <servlet-name>Dispatcher</servlet-name> <servlet-class> org.springframework.web.servlet.DispatcherServlet </servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>Dispatcher</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/Dispatcher-servlet.xml, /WEB-INF/spring-security.xml </param-value> </context-param> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class> org.springframework.web.filter.DelegatingFilterProxy </filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app>
spring-security.xml
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.3.xsd"> <http auto-config="true"> <intercept-url pattern="/index*" access="ROLE_USER" /> </http> <authentication-manager> <authentication-provider> <user-service> <user name="user" password="roseindia" authorities="ROLE_USER" /> </user-service> </authentication-provider> </authentication-manager> </beans:beans>
Dispatcher-servlet.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd"> <context:component-scan base-package="net.roseindia" /> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="prefix"> <value>/WEB-INF/views/</value> </property> <property name="suffix"> <value>.jsp</value> </property> </bean> <bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource"> <property name="basenames"> <list> <value>LoginMsg</value> </list> </property> </bean> </beans>
ProjectController.java
package net.roseindia;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@Controller
@RequestMapping("/index")
public class ProjectController {
@RequestMapping(method = RequestMethod.GET)
public String printWelcome(ModelMap model) {
model.addAttribute("msg", "Hello Friend!! Welcome to Roseindia");
return "welcome";
}
}
LoginMsg.properties
AbstractUserDetailsAuthenticationProvider.badCredentials=Wrong username\ /\ password
OUTPUT
When you try to access the below URL :
http://localhost:9090/SpringSecurityCustomErrorMsg/index
You will get the following page :
If you provide the wrong credential, you will get the following custom error message :
If you provide correct credential(username : user / password : roseindia), you will get the below page :
