Spring boot +spring Security + Thymeleaf authentication failed to return error message

Spring boot attracts a lot of fans with its many features of friendship, such as 0 configuration and microservices. and its seamless integration with the Spring security framework makes it a secure feature. On this basis, using the Thymeleaf template engine for rendering, static and dynamic combination, so that the page development more simple and intuitive.

The user name and password to submit a login through the form is a common design for the login interface. In the process of beginners, I am no exception to the use of this way. See the form design.

Log in successfully, complete the normal main page jump, this does not exist the problem. The problem is, the login failed to do? I'm just thinking. Due to the partial flush operation of Thymeleaf, Login failed to display exception information for login failure on the login page, which is the form. As a result, my login design becomes the form shown.

In this way, when the login form verification fails, the user will be displayed "user name or password error, please try again", which is certainly better, but the case of authentication failure is not only the user name or password error, there should be other situations, it is more common, the user has been locked, the user does not exist, please register first.

So how to distinguish this situation, how to put the login form verification failure of the more detailed status to the user. After a period of research, spring boot has been found to provide a more perfect solution, and its secret is in the spring security configuration. The spring security configuration in my project is as shown.

While I was reading the spring security source, when the authentication failed, I found the following processing code

The focus is on the Saveexception function, and the specific code for this function is as follows:

From this code, we can clearly see that the authentication failure of the exception information is stored in the session, if we can read the information in the session, then the problems encountered before the problem is solved.

In fact, the development of things has never been smooth sailing, the problem is similar to solve. I learned that Thymeleaf provides a way to read the cache session, and I can't wait to try it, so my login form looks like this, and the red line indicates how the Thymleaf cache reads.

So you can display specific information about the validation failure? After my tests, I found that this information is undefined. That is, the shape reads the information into the cache.

By looking for information on the Internet, I found the following code snippet in the vast corner of Baidu's Nook and cranny.

I unsanitary environment, as if I had seen the light. In the era of configuration file configuration, you can set the login failure of the jump page to "/login.html?error=true", and I set the "/login?error", then whether it can be set to a similar true? I can't wait to try. Thus, my spring security's Java config has changed to look like this.

After verification, through this setup, the perfect solution to the problem I encountered, until now, I still do not understand the meaning of setting true, hope to know that the reader can tell the small series.

Small part to summarize ha, in the Spring boot +spring Security + thymeleaf framework, through the user name/password form submission, the login interface to obtain the exception information steps, mainly the following two points:

One: The login failed URL is set to "/login?error=true" (that is, suffix with the error=true), so that the front-end Thymleaf can read the session;

Second: Thymeleaf provides a way to read the information in the cache ${session. Spring_security_last_exception.message}, both are indispensable.

http://blog.csdn.net/sun1021873926/article/details/60332059

Spring boot +spring Security + Thymeleaf authentication failed to return error message