Announcement Announcement Module
Collapse
No announcement yet.
Printing login error messages not working Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Printing login error messages not working

    I am migrating my application from spring security 2.x to 3.0 Everything is working fine now except one thing. I want my login page to print authentication failure error messages. ex- Bad Credentials which are not getting printed.
    Code:
    <?xml version="1.0"......
    <body>
      <c:if test="${not empty param.error}">
      Login error. <br />
      Reason : ${SPRING_SECURITY_LAST_EXCEPTION.message}
    </c:if>
    <div class="containerWrapper">
    <form method="post" action="j_spring_security_check"......</jsp:root>
    config:

    Code:
    <http auto-config="false" access-decision-manager-ref="accessDecisionManager" 
    	entry-point-ref="authenticationProcessingFilterEntryPoint">
    	<custom-filter position="FORM_LOGIN_FILTER" ref="authenticationProcessingFilter" />
    	<custom-filter position="LOGOUT_FILTER" ref="customLogoutFilter"/>
    	<access-denied-handler error-page="/login.jsp?login_error=true"/> 
    	<intercept-url pattern="/login.htm" filters="none" />
    	<intercept-url pattern="/admin/*" access="ROLE_ADMIN"/>
    	<anonymous enabled='false'/>
        <session-management session-authentication-strategy-ref="sas"/>
    	</http>
    I tried using "/login.jsp?error=true" but that doesn't work as well. Following is the log file -

    Code:
    16:23:26,183 DEBUG FilterChainProxy:376 - /j_spring_security_check at position 1 of 10 in additional filter chain; firing Filter: 'ConcurrentSessionFilter'
    16:23:26,183 DEBUG FilterChainProxy:376 - /j_spring_security_check at position 2 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
    16:23:26,183 DEBUG HttpSessionSecurityContextRepository:142 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
    16:23:26,183 DEBUG HttpSessionSecurityContextRepository:88 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@c19fbf. A new one will be created.
    16:23:26,199 DEBUG FilterChainProxy:376 - /j_spring_security_check at position 3 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
    16:23:26,199 DEBUG FilterChainProxy:376 - /j_spring_security_check at position 4 of 10 in additional filter chain; firing Filter: 'XXXAuthenticationProcessingFilter'
    16:23:26,199 DEBUG XXXAuthenticationProcessingFilter:193 - Request is to process authentication
    16:23:26,199 DEBUG ProviderManager:127 - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
    16:23:26,199 DEBUG JdbcTemplate:634 - Executing prepared SQL query
    16:23:26,199 DEBUG JdbcTemplate:569 - Executing prepared SQL statement [select user_id,user_password,status as enabled from user_master where user_email_id = ?]
    16:23:26,199 DEBUG DataSourceUtils:110 - Fetching JDBC Connection from DataSource
    16:23:26,214 DEBUG StatementCreatorUtils:206 - Setting SQL statement parameter value: column index 1, parameter value [[email protected]], value class [java.lang.String], SQL type unknown
    16:23:26,214 DEBUG DataSourceUtils:332 - Returning JDBC Connection to DataSource
    16:23:26,214 DEBUG JdbcTemplate:634 - Executing prepared SQL query
    16:23:26,214 DEBUG JdbcTemplate:569 - Executing prepared SQL statement [SELECT user.user_id, role.role_type FROM user_master USER, role_master role, user_role ur WHERE user.user_id = ur.user_id AND role.role_id = ur.role_id AND user.user_id=?]
    16:23:26,214 DEBUG DataSourceUtils:110 - Fetching JDBC Connection from DataSource
    16:23:26,214 DEBUG StatementCreatorUtils:206 - Setting SQL statement parameter value: column index 1, parameter value [1], value class [java.lang.String], SQL type unknown
    16:23:26,230 DEBUG DataSourceUtils:332 - Returning JDBC Connection to DataSource
    16:23:26,230 DEBUG DaoAuthenticationProvider:69 - Authentication failed: password does not match stored value
    16:23:26,230 DEBUG XmlWebApplicationContext:301 - Publishing event in Root WebApplicationContext: org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent[source=org.springframework.security.authentication.UsernamePasswordAuthenticationToken@820e0407: Principal: [email protected]; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 4D1E21817536F85DF250679319B802B1; Not granted any authorities]
    16:23:26,230 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'org.springframework.security.core.session.SessionRegistryImpl#0'
    16:23:26,230 DEBUG XXXAuthenticationProcessingFilter:318 - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
    16:23:26,230 DEBUG XXXAuthenticationProcessingFilter:319 - Updated SecurityContextHolder to contain null Authentication
    16:23:26,230 DEBUG XXXAuthenticationProcessingFilter:320 - Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@18d4c9a
    16:23:26,230 DEBUG SimpleUrlAuthenticationFailureHandler:67 - Redirecting to /login.jsp?login_error=true
    16:23:26,230 DEBUG DefaultRedirectStrategy:36 - Redirecting to '/XXX/login.jsp?login_error=true'
    16:23:26,246 DEBUG HttpSessionSecurityContextRepository:338 - SecurityContext is empty or anonymous - context will not be stored in HttpSession. 
    16:23:26,246 DEBUG SecurityContextPersistenceFilter:89 - SecurityContextHolder now cleared, as request processing completed
    16:23:26,261 DEBUG FilterChainProxy:194 - Converted URL to lowercase, from: '/login.jsp'; to: '/login.jsp'
    16:23:26,277 DEBUG FilterChainProxy:201 - Candidate is: '/login.jsp'; pattern is /login.htm; matched=false
    16:23:26,277 DEBUG FilterChainProxy:194 - Converted URL to lowercase, from: '/login.jsp'; to: '/login.jsp'
    16:23:26,277 DEBUG FilterChainProxy:201 - Candidate is: '/login.jsp'; pattern is /**; matched=true
    16:23:26,277 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 1 of 10 in additional filter chain; firing Filter: 'ConcurrentSessionFilter'
    16:23:26,277 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 2 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
    16:23:26,293 DEBUG HttpSessionSecurityContextRepository:142 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
    16:23:26,293 DEBUG HttpSessionSecurityContextRepository:88 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@c19fbf. A new one will be created.
    16:23:26,293 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 3 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
    16:23:26,293 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 4 of 10 in additional filter chain; firing Filter: 'XXXAuthenticationProcessingFilter'
    16:23:26,293 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
    16:23:26,293 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
    16:23:26,293 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
    16:23:26,293 DEBUG AnonymousAuthenticationFilter:67 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fa90ed4: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 4D1E21817536F85DF250679319B802B1; Granted Authorities: ROLE_ANONYMOUS'
    16:23:26,293 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 8 of 10 in additional filter chain; firing Filter: 'SessionManagementFilter'
    16:23:26,293 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
    16:23:26,308 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
    16:23:26,308 DEBUG DefaultFilterInvocationSecurityMetadataSource:173 - Converted URL to lowercase, from: '/login.jsp'; to: '/login.jsp'
    16:23:26,308 DEBUG DefaultFilterInvocationSecurityMetadataSource:200 - Candidate is: '/login.jsp'; pattern is /order/**; matched=false
    16:23:26,308 DEBUG DefaultFilterInvocationSecurityMetadataSource:200 - Candidate is: '/login.jsp'; pattern is /restaurent/*; matched=false
    16:23:26,308 DEBUG DefaultFilterInvocationSecurityMetadataSource:200 - Candidate is: '/login.jsp'; pattern is /admin/*; matched=false
    16:23:26,308 DEBUG FilterSecurityInterceptor:183 - Public object - authentication not attempted
    16:23:26,308 DEBUG XmlWebApplicationContext:301 - Publishing event in Root WebApplicationContext: org.springframework.security.access.event.PublicInvocationEvent[source=FilterInvocation: URL: /login.jsp?login_error=true]
    16:23:26,308 DEBUG FilterChainProxy:363 - /login.jsp?login_error=true reached end of additional filter chain; proceeding with original chain
    16:23:26,308 DEBUG ExceptionTranslationFilter:100 - Chain processed normally
    16:23:26,324 DEBUG HttpSessionSecurityContextRepository:338 - SecurityContext is empty or anonymous - context will not be stored in HttpSession. 
    16:23:26,324 DEBUG SecurityContextPersistenceFilter:89 - SecurityContextHolder now cleared, as request processing completed

  • #2
    The if statement needs to match the query param that Spring Security is using in the redirect. So with the configuration you have posted your if statement should be

    Code:
    <c:if test="${not empty param.login_error}">
    You mentioned you also tried error=true. I assume that was with the same jsp if statement? What do you see? For example can you at least see "Login Error"?

    Comment


    • #3
      changing c:if as per your suggestions has made is working perfectly. Thank you very much.

      Comment

      Working...
      X