I'm a little lost here, I'd like to put a parameter in the view to tell the user that their password is wrong, expired, and so on. the problem that spring-security identifies.
WebSecurityConfigurerAdapter
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsRepository userDetailsRepository;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/home", "/").authenticated()
.antMatchers("/admin/**").access("hasRole('ADMIN')")
.and().formLogin().loginPage("/login")
.usernameParameter("login").passwordParameter("pass")
.and().csrf().disable()
.exceptionHandling()
.accessDeniedHandler(new AuthAcessDeniedHandler() {
}).accessDeniedPage("/login?error");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsRepository)
.passwordEncoder(new BCryptPasswordEncoder());
}
}
AccessDeniedHandler
public class AuthAcessDeniedHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
// Gostaria de colocar esse parâmetro na VIEW
request.setAttribute("error","Login invalido");
}
}
View (freemaker)
$(document).ready(function () {
/*
* JS login effect
* This script will enable effects for the login page
*/
// Elements
alert('${(Request.error)!"John Doe"}');
..........etc
accessDeniedHandler(new AuthAcessDeniedHandler() )
never runs!