struts2 - Why am I not getting Spring Security Login Error Messages? -
using spring security 3 along struts 2 , tiles 2, have login page appears when supposed , performs login expected -- when enter bad user credentials returned login page no information went wrong. i've checked configuration parameters , can't see problem is.
my spring security xml config follows:
<http auto-config="true" use-expressions="true"> <intercept-url pattern="/" access="permitall" /> <intercept-url pattern="/css/**" access="permitall" /> <intercept-url pattern="/images/**" access="permitall" /> <intercept-url pattern="/js/**" access="permitall" /> <intercept-url pattern="/public/**" access="permitall" /> <intercept-url pattern="/home/**" access="permitall" /> <intercept-url pattern="/user/**" access="hasrole('auth_manage_users')" /> <intercept-url pattern="/group/**" access="hasrole('auth_manage_users')" /> <intercept-url pattern="/**" access="isauthenticated()" /> <access-denied-handler error-page="/403.html"/> <form-login login-page="/public/login.do" always-use-default-target="false"/> <logout invalidate-session="true" logout-success-url="/public/home.do"/> </http> my struts action looks this:
<package name="public" namespace="/public" extends="secure"> <action name="login"> <result name="success" type="tiles">tiles.login.panel</result> <result name="input" type="tiles">tiles.login.panel</result> <result name="error">/web-inf/jsp/error.jsp</result> </action> <action name="logout"> <result name="success" type="redirect">/j_spring_security_logout</result> </action> </package> and login.jsp page (part of tile) looks exception spring security...
<c:if test="${not empty param.login_error}"> <span class="actionerror"> login attempt not successful, try again.<br/><br/> reason: <c:out value="${spring_security_last_exception.message}"/>. </span> </c:if> <form id="loginform" name="loginform" action="/j_spring_security_check" method="post"> ... </form> can tell me missing? in advance any/all replies.
spring security doesn't set param.login_error automatically. need manaully follows:
<form-login login-page="/public/login.do" authentication-failure-url = "/public/login.do?login_error=1" always-use-default-target="false"/>
Comments
Post a Comment