0

I am trying to redirect back to the login page when the authentication fails along with some error messages. I am wondering how do we pass some sort of parameters to /login in the security-context.xml saying that this is unauthenticated and then attach some error text ? 

<security:form-login login-page="/login"
                     username-parameter="email"
                     password-parameter="password"
                     default-target-url="/member/"
                     authentication-failure-url="/login"/>

/login is actually a Controller for returning the ModelAndView.

Improve this question

3 Answers 3

Reset to default
4

Try simply appending a query parameter to the authentication-failure-url like this:

<security:form-login login-page="/login"
                     username-parameter="email"
                     password-parameter="password"
                     default-target-url="/member/"
                     authentication-failure-url="/login?error=true" />

Then, your login handler method can receive that optional query parameter, and manipulate the response accordingly. Something along these lines:

@RequestMapping(value = "/login", method = RequestMethod.GET)
public String getLoginPage(
        @RequestParam(required = false) boolean error,
        ModelMap model) {

    model.put("error", error ? "You have entered an invalid username or password!" : "");

    return "loginpage";
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You can also use an AuthenticationFailureHandler that will react differently depending on the AuthenticationException you will receive.

<security:form-login login-page="/login"
    username-parameter="email"
    password-parameter="password"
    default-target-url="/member/" 
    authentication-failure-handler-ref="myAuthenticationFailudeHandler"/>

For instance, it can redirect the user to .../login?errorCode=errorCode1

Then you can modify the controller to react to different error codes :

@RequestMapping(value = "/login", method = RequestMethod.GET)
public String getLoginPage(
        ..., 
        @RequestParam(value="errorCode", required = false) String errorCode, 
        Model model, 
        ... ) {
    if (errorCode != null) {
        model.put("error", translateErrorCode(errorCode));
    }
    ...
Improve this answer

Comments

1

I usually do this

<security:form-login login-page="/" authentication-failure-url="/myapp/auth/login?error=true" default-target-url="/myapp/main/default"/>

And the controller:

@RequestMapping(value = "/auth/login", method = RequestMethod.GET)
public ModelAndView indexp(@RequestParam(value = "error", required = false) boolean error, ModelMap model, Principal principal) {
ModelAndView mv = new ModelAndView("view");
// return your view....
}

The parameter helps to display an error message.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.