java - Spring Security : Redirecting to login page if the authentication failed -


We have two ways to enter.

  • Username and password are sent in the request headers by another app. IT is checked and if the username and password are correct, then it goes inside. [A custom filter has been written for it]
  • If the username and password are not present in the request headers, the login screen is presented.

    When the username and password are present in the request header and if this is incorrect, then I have been shown the HTTP status 401 - authentication failed: bad credentials page.

    How can I fail to authenticate the entry page in this case

    below security.xml 

      & lt code;; Http auto-config = "true" usage-value = "true" & gt; & Lt; Access denied - handler error page = "/ login.jsp" /> & Lt; Intercept-url Pattern = "/ * Login" "Access =" Harol ('ROLE_ANONYMOUS') "/> Intercept-url Pattern =" / * "access =" Harol ('ROLE_USER') or Harol ( 'ROLE_ADMIN') "/> & gt; Custom Filter Ref =" requestHeaderFilter "=" FORM_LOGIN_FILTER "/> & lt; form-login login-page =" / login.jsp "/> 
      
     Please tell me if you need more information.  
     EDIT: Adding code for requestHeader filter in my application  
      public class requestheader processing filterAbstractAuthenticationProcessingFilter {{Private String Private user password header = "j_username"; Private string passwordheader = "j_password"; Protected RequestHeaderProcessingFilter () {super ("/ login_direct");} // getters and setters throws @Override public authentication attemptAuthentication (HttpServletRequest request, HttpServletResponse response) AuthenticationException, IOException , ServletException {string user name = request.getHeader (usernameHeader); String password = request.getHeader (password header); Signed user name passwordAuthenticationToken authRequest = New Signed UsernameEditMonthly Tokens (Username, Password); Return it to the authorized manager (). Authenticate (authRequest); }   
    }   
     
     
     Authentication failed to show login page You must have URL in  & lt; Access denied - handler error page = "/ login.jsp" />  and  & lt; Stop-url frame = "/ * log in *" access = "hasRole ('ROLE_ANONYMOUS')" />   
     For example:  
      & lt; Global-law-security secure -notation = "enabled" /> & Lt; Http auto-config = "true" access-denied-page = "/ app / sesiones / procesar_login" & gt; & Lt; Logout logout-success-url = "/ app / sesiones / login" /> & Lt; Form-login authentication-failure-url = "/ app / sesiones / login? Error = true" login-page = "/ app / sesiones / login" default-target-url = "/ app / sesiones / procesar_login" /> ; & Lt; Intercept-url pattern = "/ app / privados / *" access = "ROLE_USER" /> & Lt; / Http & gt;   
     In that example, the user is redirected to the login page even after logging out. / ProcesarLogin is a way that the user sends the login.jsp page.

    • Comments

    Post a Comment