We will need a UserDetailService implementation, which depends on each development requirements.
@Autowired
private CustomUserDetailsService userDetailsService;
I think the configureGlobal can be considered as a starting point.
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authProvider());
}
AuthenticationProvider object with disabling hideUserNotFoundException should be created
public AuthenticationProvider authProvider() {
DaoAuthenticationProvider impl = new DaoAuthenticationProvider();
impl.setUserDetailsService(userDetailsService);
impl.setPasswordEncoder(getPasswordEncoder());//new BCryptPasswordEncoder());
impl.setHideUserNotFoundExceptions(false) ;
return impl;
}
in order to process exceptions we have to register custom AuthenticationFailureHandler at the HttpSecurity.
http.formLogin()
.loginPage("/login")
.failureHandler(new CustomAuthenticationFailureHandler())
Custom authentication failure handler may simply encode the error message to be fit into the query request argument
public class CustomAuthenticationFailureHandler implements AuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
String exceptionMessage = exception.getMessage();
String encodedMsg = Base64.getUrlEncoder().encodeToString(exceptionMessage.getBytes());
response.sendRedirect("/login?error=" + encodedMsg);
}
}
Finally login controller which gets the message and organizes the string into view model
@Controller
public class Login {
@RequestMapping(value = "/login", method = RequestMethod.GET)
public ModelAndView login(Model model, String error, String logout) {
ModelAndView modelAndView = new ModelAndView("login");
if (error != null) {
byte[] decodedBytes = Base64.getDecoder().decode(error);
String decodedString = new String(decodedBytes);
modelAndView.addObject("errorMsg", decodedString );
}
return modelAndView;
}
}
References
- https://stackoverflow.com/questions/46256206/spring-boot-security-custom-messages-while-user-login
- https://stackoverflow.com/questions/17439628/spring-security-custom-exception-message-from-userdetailsservice
- http://forum.spring.io/forum/spring-projects/security/93883-security-exception-when-login-turn-different