package com.security;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
public class OnLoginFaild implements AuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest request,
HttpServletResponse response, AuthenticationException exception)
throws IOException, ServletException {
String errorMSG=exception.getMessage();//User is disabled
//Bad credentials
System.out.println("errorMSG:"+exception.getMessage());
if(!("".equals(errorMSG)))response.sendRedirect(request.getContextPath()+"/others_handler/login_faild/"+errorMSG);
}
}
spring-security.xml配置中的修改
<http pattern="/login.jsp" security="none"/>
<http access-denied-page="/others_handler/no_power_access"><!-- 当访问被拒绝时,会转到403.jsp -->
<form-login login-page="/login.jsp"
authentication-failure-handler-ref="onLoginFaild"
authentication-failure-url="/others_handler/login_faild/*"
default-target-url="/others_handler/login_success" /><!-- 登录成功跳转到index.jsp -->
<logout logout-success-url="/login.jsp" />
<custom-filter before="FILTER_SECURITY_INTERCEPTOR" ref="myFilter" />
</http>
以上配置中authentication-failure-handler-ref="onLoginFaild"
表示登录失败时候跳转到anLoginFaild这个bean中
<http pattern="/login.jsp" security="none"/>这个配置当请求/login.jsp时,security不会去拦截,也就不过org.springframework.security.access.intercept.AbstractSecurityInterceptor
拦截器,所以在/login.jsp页面用org.springframework.security.core.context.SecurityContextHolder.getContext().getAuthentication()
也就获得不了用户信息