How to send an error message to view

4

I'm a little lost here, I'd like to put a parameter in the view to tell the user that their password is wrong, expired, and so on. the problem that spring-security identifies.

WebSecurityConfigurerAdapter

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsRepository userDetailsRepository;


    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()
                .antMatchers("/home", "/").authenticated()
                .antMatchers("/admin/**").access("hasRole('ADMIN')")
                .and().formLogin().loginPage("/login")
                .usernameParameter("login").passwordParameter("pass")
                .and().csrf().disable()
                .exceptionHandling()
                .accessDeniedHandler(new AuthAcessDeniedHandler() {
                }).accessDeniedPage("/login?error");
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth.userDetailsService(userDetailsRepository)
                .passwordEncoder(new BCryptPasswordEncoder());
    }


}

AccessDeniedHandler

public class AuthAcessDeniedHandler implements AccessDeniedHandler {
    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
        // Gostaria de colocar esse parâmetro na VIEW
        request.setAttribute("error","Login invalido");

    }
}

View (freemaker)

  $(document).ready(function () {
        /*
         * JS login effect
         * This script will enable effects for the login page
         */

        // Elements

    alert('${(Request.error)!"John Doe"}');
    ..........etc

accessDeniedHandler(new AuthAcessDeniedHandler() ) never runs!

    
asked by anonymous 17.03.2016 / 18:51

2 answers

4

Solution, there is a method in the DSL call dedicated to this hook

SecurityConfiguration

   http.authorizeRequests()
                    .antMatchers("/home", "/").authenticated()
                    .antMatchers("/admin/").access("hasRole('ADMIN')")
                    .and().formLogin().failureHandler(new CustomfailureHandler())
                    .loginPage("/login")
                    .usernameParameter("login").passwordParameter("pass")
                    .and()
                    .exceptionHandling().accessDeniedPage("/login?error");

            http.csrf().disable();

CustomfailureHandler

public class CustomfailureHandler implements AuthenticationFailureHandler {
    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {

        request.setAttribute("error","Login inválido");

    }
}
    
18.04.2016 / 21:58
0

If it's just an invalid login message, to display error messages when login fails, I do not set anything in the class, I just leave the default, which redirects to the login url? the following:

#if($!request.getParameter('error'))
  <div class="alert alert-danger" role="alert">             
    <span>Usuário ou senha inválidos</span>                         
  </div>                        
#end

In this example I used velocity, with jsp:

<c:if test="${param.error != null}">
  <div class="alert alert-danger" role="alert">             
    <span>Usuário ou senha inválidos</span>                         
  </div>    
</c:if>
    
13.04.2016 / 18:00