what to return in springboot if login failed

In the previous post, we learned about the spring security login procedure. In this article, we volition learn how to perform error handling and bulletin localization with jump security login.

Message Localization with Spring Security

With login, information technology's very important to provide the correct error message information to the user. For a uncomplicated application, we can work by providing some pre-defined error messages. For enterprise applications, nosotros have to give the error messages in the user preferred linguistic communication. We don't want to show English language message to a German customer.

In this article, we volition look at the fault handling and message localization with spring security login. Spring security by default volition testify login error in example client provides invalid username or countersign. Spring security internally uses the Spring framework resources bundle feature to testify customize error letters to the client.

If you are starting, I highly recommend going through post-obit articles to get basic understanding as how localization works in Spring MVC awarding.

1.  Internationalization in Spring Boot
2. Custom Validation MessageSource in Spring Boot
3. https://world wide web.javadevjournal.com/spring-mvc/spring-edible bean-validation/

1. Defining Message Resources

Spring Kicking awarding by default volition look for internationalization key and values under /src/main/resource folder. Let's define two properties in the resources binder.

1. messages.properties.
2. messages_de.properties

Default locale file will name as letters.backdrop and files for other locales volition have messages_xx.backdrop a format where xx is the locale code. Define the localized message as a primal-value pair in these properties file. Here is the file from our code base.

                lang.eng=English language lang.de= German language registration.validation.firstName=Please provide first name. registration.validation.lastName=Please provide last name. registration.validation.email=Delight provide a valid email. registration.validation.password= Password tin can non be empty. login.error= Username or password is incorrect. Delight provide valid username or password              

German Language message file

                lang.eng=Englisch lang.de= Deutsche registration.validation.firstName=Bitte geben Sie den Vornamen an registration.validation.lastName=Bitte geben Sie den Nachnamen an registration.validation.email=E-Mail darf nicht leer sein registration.validation.password= Passwort kann nicht leer sein login.error=Benutzername oder Passwort ist falsch. Bitte stellen Sie sicher, dass Sie einen gültigen Benutzernamen oder ein gültiges Passwort angeben.              

I am also calculation the backdrop for our registration process. In case your resource parcel location differs from what Bound Boot is expecting, delight ascertain the MessageSource bean with location of the resources package.

                @Edible bean public MessageSource messageSource() {     ReloadableResourceBundleMessageSource messageSource = new ReloadableResourceBundleMessageSource();     messageSource.setBasename("classpath:messages");     messageSource.setDefaultEncoding("UTF-eight");     return messageSource; }              

The adjacent stride is to handle the locale and letting bound aware of the message belongings file.

2. Defining LocaleResolver

The LocaleResolver helps in locale resolution strategies. Spring provides multiple options to handle the correct locale for the application.

1. Request based locale handling.
2. Session.
3. Cookies
4. Header.

By default, information technology uses the AcceptHeaderLocaleResolver to get the locale based on the HTTP header. You lot can choose the implementation as per your need. For our spring security form, we are using session based strategy to get the locale.

                @Edible bean public LocaleResolver localeResolver() {    SessionLocaleResolver localeResolver = new SessionLocaleResolver();    localeResolver.setDefaultLocale(Locale.ENGLISH);    return localeResolver; }              

We are setting default locale as English. Equally a side by side stride, nosotros need to identify in case customer changing or selecting their preferred language. This is washed using the LocaleChangeInterceptor.

iii. LocaleChangeInterceptor

Nosotros need to configure an interceptor which allows for irresolute the current locale on every request.

                @Edible bean public LocaleChangeInterceptor localeChangeInterceptor() {      LocaleChangeInterceptor localeChangeInterceptor = new LocaleChangeInterceptor();      localeChangeInterceptor.setParamName("lang");      return localeChangeInterceptor; }              

Continue in listen the following points:

1. Past default, the LocalCangeInterceptor use "locale" as the parameter. In our example, we are using the param name equally "lang".
2. Make certain you are passing the right param to set the locale else you might become some unexpected results.

To complete the integration, we need to register our interceptor with Spring Kicking. To register this bean with Jump Kick, we need to override addInterceptor() method in our Configuration class.

                @Override public void addInterceptors(InterceptorRegistry registry) {      registry.addInterceptor(localeChangeInterceptor()); }              

Optional Steps

The adjacent 2 steps are optional and based on your awarding structure.

4. Defining LocalValidatorFactoryBean

If you are using JSR303 bean validation for your application and like to jump edible bean validation to pick the letters from the resource bundle, define LocalValidatorFactoryBean  this in your configuration form.

                @Edible bean public LocalValidatorFactoryBean validator(MessageSource messageSource) {     LocalValidatorFactoryBean bean = new LocalValidatorFactoryBean();     bean.setValidationMessageSource(messageSource);     return bean; }              

Terminate of Optional Department

Next pace is to configure and handle the localization with spring security login.

five. Leap Security Login Error Configuration

The first pace is to configure spring security. We need to tell spring security configuration as what to do in case there is any login error. Nosotros can do this using the failureURL while configuring the login page.

                @Override protected void configure(HttpSecurity http) throws Exception {     http.authorizeRequests()         .....         .formLogin(form - > grade             .loginPage("/login")             .defaultSuccessUrl("/dwelling")             .failureUrl("/login?mistake=true")         ); }              

In our instance, we are sending the user back to the same login folio but with an boosted query parameter equally "mistake=truthful". If you remember, we have created a  login controller to display a custom login folio with spring security and the same controller will be called when spring security throws a login mistake.We have multiple manner to show the fault message to the client and hither are few options:

1. Show the bulletin in instance URL contains specific request parameter.
2. Let our custom controller handle the mistake and work on customize error message.

v.ane. Display localized error message using parameter

The quick and easy mode is to display the message based on the request parameter. Nosotros can add a condition to show the error message only when there is a request parameter as "fault". Here is the login folio with this condition:

                <form thursday:action="@{/login}" method="post">     <div th:if="${param.mistake}">         <div class="warning alert-danger">             <span th:text="#{login.fault}"></span>         </div>         <!-- login section--> </grade>              

When the error parameter is available in the asking, nosotros are displaying the localized error message for the login. Go along in mind that Spring volition automatically determine the locale and pick the correct resources parcel to display the error message.

five.2. Mistake Message Localization using  Controller

In case you want to have more control and like to perform some boosted steps, you lot tin handle it through the login controller. Collect the request parameter in your custom login controller and perform any boosted logic.

                @Controller @RequestMapping("/login") public class LoginPageController {      @GetMapping     public String login(@RequestParam(value = "mistake", defaultValue = "false") boolean loginError) {         if (loginError) {             // you custom error handling logic will get here         }         return "account/login";     } }              

To make sure our application is working every bit displaying the localized error messages with spring security login, permit'due south first and run our awarding. Once the awarding is up and running, open up the http://localhost:8080/login folio and endeavour with invalid credentials by selecting the distinct linguistic communication.

Selecting Linguistic communication as German.

Providing invalid credentials.

Irresolute linguistic communication to English and trying with invalid credentials:

Summary

Treatment localization with spring security is very of import, and in this post we saw how to handle the message localization with Bound security login . The source lawmaking for this application is available on the GitHub.

bakeryespire45.blogspot.com

Source: https://www.javadevjournal.com/spring-security/spring-security-login-error-handling-and-localization/

Share this post