How to show authentication error message without any redirects in Spring Security?
I can find similar questions, for example How to display an error message on my JSP page using Spring security 2.0 and Spring Security - Authentication Error - An empty message that describes a bad way to do this.
I don't like the use of the authentication-failure-url attribute . All I need to do is show the error message after the HTTP POST request on the login page without any redirects and without using a session . Just put the error variable in the input model.
What you have to do is on the login page to call AJAX on /j_spring_security_checkwith j_usernameand j_password.
/j_spring_security_check
j_username
j_password
And you have to write Custom AuthenticationFailureHandler and connect it to UsernamePasswordAuthenticationFilter .setAuthenticationFailureHandler. Both the user AuthenticationSuccessHandler and UsernamePasswordAuthenticationFilter .setAuthenticationSuccessHandler methods.
AuthenticationSuccessHandler true. AuthenticationFailureHandler false, AJAX .