package com.security; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.authentication.AuthenticationFailureHandler; public class OnLoginFaild implements AuthenticationFailureHandler { @Override public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { String errorMSG=exception.getMessage();//User is disabled //Bad credentials System.out.println("errorMSG:"+exception.getMessage()); if(!("".equals(errorMSG)))response.sendRedirect(request.getContextPath()+"/others_handler/login_faild/"+errorMSG); } }
spring-security.xml配置中的修改
<http pattern="/login.jsp" security="none"/> <http access-denied-page="/others_handler/no_power_access"><!-- 当访问被拒绝时,会转到403.jsp --> <form-login login-page="/login.jsp" authentication-failure-handler-ref="onLoginFaild" authentication-failure-url="/others_handler/login_faild/*" default-target-url="/others_handler/login_success" /><!-- 登录成功跳转到index.jsp --> <logout logout-success-url="/login.jsp" /> <custom-filter before="FILTER_SECURITY_INTERCEPTOR" ref="myFilter" /> </http>
以上配置中authentication-failure-handler-ref="onLoginFaild"
表示登录失败时候跳转到anLoginFaild这个bean中
<http pattern="/login.jsp" security="none"/>这个配置当请求/login.jsp时,security不会去拦截,也就不过org.springframework.security.access.intercept.AbstractSecurityInterceptor
拦截器,所以在/login.jsp页面用org.springframework.security.core.context.SecurityContextHolder.getContext().getAuthentication()
也就获得不了用户信息