java - Spring Security不显示错误消息

如果登录凭据无效，即时消息会显示spring错误消息。当我尝试使用错误的用户名或密码登录时，它只会重新加载登录页面，但不会显示错误消息。
root-context.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cloud="http://schema.cloudfoundry.org/spring"
xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/jdbc   http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
http://schema.cloudfoundry.org/spring http://schema.cloudfoundry.org/spring/cloudfoundry-spring-0.7.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">

<context:property-placeholder location="classpath:config.properties" />
<!-- Register the Customer.properties -->
<bean id="messageSource"
class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basenames">
<list>
<value>mymessages</value>
</list>
</property>
</bean>
<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
<property name="dataSource" ref="dataSource"></property>
</bean>
<!-- Initialization for data source -->
<bean id="dataSource"
  class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="${database.driver}" />
<property name="url" value="${database.url}" />
<property name="username" value="${database.user}" />
<property name="password" value="${database.password}" />
</bean>



<!-- Spring Security -->
<!-- No security for resources directory logout-url="/j_spring_security_logout" -->
<security:http pattern="/resources/**" security="none" auto-config='false'/>
<!-- REST services are secured with Basic Auth -->
<security:http auto-config='true'>
<security:intercept-url pattern="/Admin" access="ROLE_ADMIN" />
<security:access-denied-handler error-page="/accessdenied"/>
<security:intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" /><!-- allows all user to access the login page -->
<security:intercept-url pattern="/**" access="ROLE_USER, ROLE_ADMIN" /><!-- makes all pages secured requiring the roll ROLL_USER  to access them -->
<security:form-login login-page='/login' default-target-url="/" always-use-default-target='true'
authentication-failure-url="/loginfailed"/><!--supplying my own login form/page-->
<security:logout logout-success-url="/" logout-url="/j_spring_security_logout"/>
</security:http>

<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service
data-source-ref="dataSource"
users-by-username-query="SELECT USERNAME, PASSWORD, ENABLED FROM TrainAppDB.dbo.tbl_Users WHERE USERNAME=?"
authorities-by-username-query="SELECT u.USERNAME, ur.AUTHORITY FROM TrainAppDB.dbo.tbl_Users u, TrainAppDB.dbo.tbl_UserRoles ur WHERE u.USER_ID = ur.USER_ID AND u.USERNAME=?"/>
</security:authentication-provider>
</security:authentication-manager>

<context:component-scan base-package="com.billy"/>

</beans>

我也尝试过

<security:http auto-config='true'>
<security:intercept-url pattern="/Admin" access="ROLE_ADMIN" />
<security:access-denied-handler error-page="/accessdenied"/>
<security:intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/**" access="ROLE_USER, ROLE_ADMIN" />
<security:form-login login-page='/login' default-target-url="/"authentication-failure-url="/loginfailed"/>
<security:logout logout-success-url="/" logout-url="/j_spring_security_logout"/>
</security:http>

登录控制器

@Controller
public class LoginController extends BaseController{

@RequestMapping(value="/", method = RequestMethod.GET)
public String printWelcome(ModelMap model, Principal principal ) {

String name = principal.getName();
model.addAttribute("username", name);
model.addAttribute("message", "Spring Security Custom Form example");
return "home";
}

@RequestMapping(value = "/login", method = RequestMethod.GET)
public String home(Model model)
{
return "login";
}

@RequestMapping(value = "/loginfailed", method = RequestMethod.GET)
public String home2(Model model)
{
model.addAttribute("error", "true");
return "login";
}

@RequestMapping(value="/logout", method = RequestMethod.GET)
public String logout(ModelMap model) {

return "login";

}

}

最后是我的login.jsp

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ page session="true"%>
<%@ include file="include/head.jsp"%>
<body>
<%@ include file="include/login1.jsp"%>

<c:if test="${not empty error}">
<div class="errorblock">
Your login attempt was not successful, try again.<br /> Caused :
${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
</div>
</c:if>

</body>
</html>

最佳答案

如果验证失败=>，Spring Security将发送重定向。SPRING_SECURITY_LAST_EXCEPTION请求属性在您的/loginfailed处理程序中不再可用，因为它是一个新请求。

但spring会将包含消息的error参数添加到重定向中。
您还可以实现自定义AuthenticatinoFailureHandler

SimpleUrlAuthenticationFailureHandler