Spring Security学习笔记错误信息提示(三)

在自定义登录页面输入的帐号密码错误,页面中没有任何错误消息提示,所以需要将提示信息显示出来

Spring Security 框架将所有的错误信息都定义成了异常，并且提供了国际化的资源文件。这个资源文件在 spring-security-core-3.0.7.RELEASE.jar文件中

在spring配置文件applicationContext.xml中配置

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:jee="http://www.springframework.org/schema/jee" xmlns:tx="http://www.springframework.org/schema/tx"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:aop="http://www.springframework.org/schema/aop" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
    http://www.springframework.org/schema/tx 
    http://www.springframework.org/schema/tx/spring-tx-3.0.xsd 
    http://www.springframework.org/schema/jee 
    http://www.springframework.org/schema/jee/spring-jee-3.0.xsd 
    http://www.springframework.org/schema/context 
    http://www.springframework.org/schema/context/spring-context-3.0.xsd
    http://www.springframework.org/schema/aop
    http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
    http://www.springframework.org/schema/security/spring-security-3.0.xsd"
    default-lazy-init="true">

     <bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
        <property name="basenames" value="classpath:org/springframework/security/messages_zh_CN"></property>
    </bean>

</beans>

在jsp页面上获取提示信息,由于Spring Security 框架将抛出的异常对象放到了 session 范围中，key 是: SPRING_SECURITY_LAST_EXCEPTION,取出的是异常对象，所以还要调用getMessage()方法取出真正的错误信息
${sessionScope.SPRING_SECURITY_LAST_EXCEPTION.message }

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="utf-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>登录页面</title>
</head>
    <body>
        ${sessionScope.SPRING_SECURITY_LAST_EXCEPTION.message }
            <form name='f' action='/springSecurity/j_spring_security_check'
            method='POST'>
            <table>
                <tr>
                    <td>用户名:</td>
                    <td><input type='text' name='j_username' value='user'></td>
                </tr>
                <tr>
                    <td>密码:</td>
                    <td><input type='password' name='j_password' /></td>
                </tr>
                <tr>
                    <td ><input name="submit" type="submit" value="登录"/></td>
                    <td ><input name="reset" type="reset" value="重置"/></td>
                </tr>
            </table>
        </form>
    </body>
</html>

查看messages_zh_CN.properties中
AbstractUserDetailsAuthenticationProvider.badCredentials=\u574F\u7684\u51ED\u8BC1对应的就是坏的凭证
我们可以自定义错误消息提示
创建一个messages_zh_CN.properties文件
重写里面AbstractUserDetailsAuthenticationProvider.badCredentials的值

修改applicationContext.xml配置文件

    <bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
        <property name="basenames" value="classpath:message_zh_CN"></property>
    </bean>

重新在登录,发现错误提示信息改变了