Spring Security Username Password error return 401 page

Because to increase the enterprise number verification when landing, you define the Disusernamepasswordauthenticationfilter class and inherit the Abstractauthenticationprocessingfilter class, However, after running, it is found that if the user name password is wrong or other errors such as no permissions are returned to 401-authentication Failed, such as:

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/A6/08/wKioL1nIVqnQ8_8eAAA6b8BlQiU984.png-wh_500x0-wm_ 3-wmp_4-s_2366503085.png "title=" _20170922173332.png "alt=" Wkiol1nivqnq8_8eaaa6b8blqiu984.png-wh_50 "/>

After the investigation and discovery, There is no path to the incoming logon failure jump When overriding the Abstractauthenticationprocessingfilter class Failureurl. After I found the problem, I found it in Abstractauthenticationprocessingfilter. The class defines the AU Thenticationsuccesshandler and Authenticationfailurehandler, so we can define the code in Application-security.xml:

<beans:bean id= "Simpleurlauthenticationfailurehandler" class= "org.springframework.security.web.authentication . Simpleurlauthenticationfai Lurehandler "> <!--can configure the appropriate jump mode. The property forwardtodestination is true with forward false to Sen Dredirect---<beans:property name= "Defaultfailur Eurl "value="/login.jsp?auth-failure=true "></b eans:property> </beans:bean>

and introduced in the custom Disusernamepasswordauthenticationfilter class

  <!--  Login Processing filter  -->      <beans:bean  Id= "Loginprocessfilter"  class= "com.fpi.safety.common.security.disusername         passwordauthenticationfilter ">           <beans:property name= "Companycode"  value= "Companycode"  />           <beans:property name= "Usernameparameter"  value= "username"  />            <beans:property  Name= "Passwordparameter"  value= "password"  />           <!--  Login failure handling class  -->        <beans:property  name= "Simpleurlauthenticationfailurehandler"  ref= "simpleurlauthen             ticationfailurehandler " />         <beans: Property name= "Authenticationsuccesshandler"  ref= "appsessionsuccesshandler          " />          <beans: Property name= "AuthenticationManager"  ref= "Disuserauthmanager"  />      </beans:bean>

Disusernamepasswordauthenticationfilter.java

public class disusernamepasswordauthenticationfilter extends  abstractauthenticationprocessingfilter  {    public static final  string spring_security_form_username_key =  "J_username";    public  static final string spring_security_form_password_key =  "J_password";     public static final String SPRING_SECURITY_FORM_COMPANY_CODE_KEY =  " Company_code ";     public static final string username_loginid_split  =  "-";         /**     * @ Deprecated if you want to retain the username, cache it in  a customized {@code  AuthenticationFailureHandler}     */      @Deprecated     public static final string spring_security_last_username_key =  "SPRING_SECURITY_LAST _username ";     private string usernameparameter = spring_security_form _username_key;    private string passwordparameter = spring_security_ Form_password_key;    private string companycode = spring_security_ form_company_code_key;    private simpleurlauthenticationfailurehandler  Simpleurlauthenticationfailurehandler;        private boolean  postonly = true;    //~ constructors =========================== ========================================================================    public  Disusernamepasswordauthenticationfilter ()  {        super ("/j_ Spring_security_check ");     }    //~ methods =============================================== =========================================================    public authentication  attemptauthentication (httpservletrequest request, httpservletresponse response)   throws authenticationexception {        if  (postOnly  && !request.getmethod (). Equals ("POST"))  {             throw new authenticationserviceexception ("Authentication method  not supported:  " + request.getmethod ());         }        string username = obtainusername (Request );         string password = obtainpassword (request);         string companycode = obtaincompanycode (Request);                 if  (Username == null)  {            username =  "";         }        if  (password  == null)  {            password  =  "";        }                 if (companycode == null | |  companycode.equals ("")) {        companycode =  "null";         }                username = username.trim ();        companycode =   Companycode.trim ();                 username = username+USERNAME_LOGINID_SPLIT+companyCode;         UsernamePasswordAuthenticationToken authRequest = new  Usernamepasswordauthenticationtoken (Username, password);         / / allow subclasses to set the  "Details"  property         setdetails (request, authrequest);         Return this.getauthenticationmanager (). Authenticate (Authrequest);    }         protected string obtaincompanycode (HttpServletRequest  Request) &NBSP;{&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBsp;return request.getparameter (Companycode);    }    /**      * enables subclasses to override the composition of  the password, such as by including additional values      * and a separator.<p>This might be used for  Example if a postcode/zipcode was required in addition to the      * password. A delimiter such as a pipe  ( |)  should be used to separate the password and extended  Value (s).  the     * <code>authenticationdao</code> will  need to generate the expected password in a corresponding  Manner.</p>     *     *  @param  request so that request  attributes can be retrieved     *     *  @return  the password that will be presented in the <code> authentication</code> request token to the     *          <code>AuthenticationManager</code>      */    protected string obtainpassword (HttpServletRequest  Request)  {        return request.getparameter ( Passwordparameter);    }    /**     *  enables subclasses to override the composition of the username,  Such as by including additional values     * and a separator.      *     *  @param  request so that request  attributes can be retrieved     *     *  @return  the username that will be presented in the <code> authentication</code> request token to the     *          <code>AuthenticationManager</code>      */    protected string obtainusername (HttpServletRequest  Request)  {        return request.getparameter ( Usernameparameter);    }    /**     *  Provided so that subclasses&nbSp;may configure what is put into the authentication request ' s  details     * property.     *      *  @param  request that an authentication request is being  created for     *  @param  authrequest the authentication  request object that should have its details set      */    protected void setdetails (Httpservletrequest request,  usernamepasswordauthenticationtoken authrequest)  {         authrequest.setdetails (Authenticationdetailssource.builddetails (Request));     }     /**     * Sets the parameter name  which will be used to obtain the username from the login request.      *     *  @param  usernameparameter the parameter name.  Defaults to  "J_username" .     */    public  Void setusernameparameter (String usernameparameter)  {         assert.hastext (usernameparameter,  "Username parameter must not be empty  or null ");        this.usernameparameter =  usernameparameter;    }    /**     *  Sets the parameter name which will be used to obtain the  password from the login request.      *     *  @param  passwordparameter the parameter name. defaults to  "J_password" .      */    public void setpasswordparameter (String passwordParameter )  {        assert.hastext (passwordparameter,  "Password  Parameter must not be empty or null ");         this.passwordParameter = passwordParameter;    }              @Override     public void  Afterpropertiesset ()  {    super.afterpropertiesset ();    /*           * the processor implements the  AuthenticationFailureHandler           * for handling login failure, jump interface            */ &nBsp;    this.setauthenticationfailurehandler (Simpleurlauthenticationfailurehandler);     }            /**      * defines whether only http post requests will be  allowed by this filter.     * if set to true ,  and an authentication request is received which is not a  post request, an exception will     * be raised  immediately and authentication will not be attempted. the <tt >unsuccessfulauthentication () </tt> method     * will be  called as if handling a failed authentication.     *  <p>     * defaults to <tt>true</tt> but may be  Overridden by subclasses.     */    public void  setpostonly (boolean postonly)  {        this.postonly  = postOnly;    }    public final String  Getusernameparameter ()  {        return usernameParameter;     }    public final string getpasswordparameter ()  {        return passwordparameter;    } Public string getcompanycode ()  {return companycode;} Public void setcompanycode (String companycode)  {this.companycode = companycode;} Public simpleurlauthenticationfailurehandler getsimpleurlAuthenticationfailurehandler ()  {return simpleurlauthenticationfailurehandler;} Public void setsimpleurlauthenticationfailurehandler (simpleurlauthenticationfailurehandler  Simpleurlauthenticationfailurehandler)  {this.simpleUrlAuthenticationFailureHandler =  Simpleurlauthenticationfailurehandler;}         }

This will enable the login error to successfully return to the landing page, the problem is resolved.

This article is from the "13085720" blog, please be sure to keep this source http://13095720.blog.51cto.com/13085720/1968316

Spring Security Username Password error return 401 page