【问题标题】:spring security thymeleaf LockedException custom messagespring security thymeleaf LockedException 自定义消息
【发布时间】:2015-07-29 11:50:57
【问题描述】:

我有一个使用 Spring Security 保护的 Spring Boot 应用程序。 每件事都很好。但是如果用户帐户被锁定,我如何将消息显示为帐户锁定,而不是无效的用户名和密码。

我的登录表单

<div class="panel-body">
  <div class="row text-center">
   <div th:if="${param.error}">Invalid user name and password.</div>
   <div th:if="${param.logout}">You have been logged out.</div>
  </div>
  <div class="row">
   <form class="form-horizontal" role="form" th:action="@{/login}"      method="post">
    <div class="form-group">
      <label class="col-md-4 control-label"> User Name </label>
      <div class="col-md-6"><input type="text" name="username" />
      </div>
    </div>
    <div class="form-group"> 
     <label class="col-md-4 control-label"> Password </label>
      <div class="col-md-6"><input type="password" name="password" />
        </div>
    </div>
    <div class="form-group">
      <div class="col-md-offset-4 col-md-6">
        <input type="submit" value="Sign In" class="btn btn-primary" />
      </div>
    </div>
    </form>
 </div>
</div>

安全配置

@Configuration
    public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

        @Autowired
        MyAuthenticationSuccessHandler myAuthenticationSuccessHandler;

        @Override
        public void configure(WebSecurity web) throws Exception {
            String[] unsecuredResources = { "/css/**", "/js/**", "/img/**", "/fonts/**" };
            web.ignoring().antMatchers(unsecuredResources);
        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            String[] unSecuredUrls = { "login.html", "/login", "/home", "/appPwd.html", "/partials/pwdRequest.html" };
            http.authorizeRequests().antMatchers(unSecuredUrls).permitAll();
            http.authorizeRequests().anyRequest().authenticated().and().formLogin().loginPage("/login").defaultSuccessUrl("/", true)
                    .successHandler(myAuthenticationSuccessHandler)
                    /* .failureHandler(myAuthenticationFailureHandler) */.and().logout().permitAll();
        }
    }

【问题讨论】:

    标签: spring-security spring-boot thymeleaf


    【解决方案1】:

    您需要从 Spring 安全性中提取失败的原因。以下代码将起作用。

    <div class="error" th:if="${param.error}"
         th:with="errorMsg=${session['SPRING_SECURITY_LAST_EXCEPTION'].message}">
        Reason: <span th:text="${errorMsg}">Wrong input!</span>
    </div>
    

    【讨论】:

    • 像个魅力兄弟一样工作!
    猜你喜欢
    • 2013-05-21
    • 2016-05-09
    • 2020-05-26
    • 2017-05-15
    • 2018-06-09
    • 2013-06-30
    • 2021-06-06
    • 2016-11-27
    • 2016-03-31
    相关资源
    最近更新 更多