Add FacesMessage on login error

**sebastian_goetz** · Aug 4th, 2011, 08:23 AM

Dear guys,

I am new to spring security and got it finally working with my JSF 2.0 application. But one thing is left, that makes me a little annoyed. I have a custom AuthenticationFailureHandler that does nothing else but add a FacesMessage to the current FacesContext so I can tell the user what's wrong.

Code:

public class MyUrlAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler
{
    private static final Log log = LogFactory.getLog(MyUrlAuthenticationFailureHandler.class);

    @Override
    public void onAuthenticationFailure(final HttpServletRequest p_request,
                                        final HttpServletResponse p_response,
                                        final AuthenticationException p_exception) throws IOException, ServletException
    {
        log.info("Authentication failure (" + p_exception.getLocalizedMessage() + ")!");
        I18nUtil.addFacesMessage("msg_loginFailure", FacesMessage.SEVERITY_ERROR);

        super.onAuthenticationFailure(p_request, p_response, p_exception);
    }
}

I can debug the code and it works fine, but I get nothing displayed on my login page, although I have a messages component on tany page. Seems that I have'nt yet understood the whole thing. So can anyone give me a little hint please?

Regards,

Sebastian

**Rob Winch** · Aug 4th, 2011, 08:41 AM

I'm not certain what I18NUtil.addFacesMessage does, but I am guessing it adds the message as a request attribute. The SimpleUrlAuthenticationFailureHandler will do a redirect by default. This means that anything set as a request attribute on the handler will be gone by the time the actual error page is rendered. Most likely you will want to retrieve the message Spring Security places in session using the attribute SPRING_SECURITY_LAST_EXCEPTION at the time you are rendering the page (rather than using the error handler). Alternatively you could configure your error handler to forward on failure, but this would not follow the redirect after post pattern that you find in most web applications.

**sebastian_goetz** · Aug 4th, 2011, 08:52 AM

Thanks for your thoughts.

Here is what the method does.

Code:

public static void addFacesMessage(final String p_strKey, final Severity p_severity, final Object... p_objParams)
    {
        FacesContext context = FacesContext.getCurrentInstance();
        if (context != null)
        {
            context.addMessage(null, getFacesMessage(p_strKey, p_severity, p_objParams));
        }
    }

I do not know, where these FacesMessages are actually placed. But what you explain sounds quite logical. It's for internationalisation purposes only to show the user a message in his language. So I will try an put the message in the session also.

Thank you,

Sebastian

**sebastian_goetz** · Aug 10th, 2011, 03:05 AM

Ok,

this is solved.
I just added the login failure message into the session upon a failed login try.

Code:

@Override
    public void onAuthenticationFailure(final HttpServletRequest p_request,
                                        final HttpServletResponse p_response,
                                        final AuthenticationException p_exception) throws IOException, ServletException
    {
        log.info("Authentication failure (" + p_exception.getLocalizedMessage() + ")!");

        HttpSession session = p_request.getSession(false);
        if (session != null)
        {
            session.setAttribute("LoginFailureMessage", I18nUtil.get("msg_loginFailure"));
        }

        super.onAuthenticationFailure(p_request, p_response, p_exception);
    }

So I was able to show the message on page by doing:

Code:

<h:outputText value="#{sessionScope['LoginFailureMessage']}" rendered="#{not empty sessionScope['LoginFailureMessage']}" styleClass="highlight"/>

Thanks.

Thread: Add FacesMessage on login error

Thread Tools

Display

Add FacesMessage on login error

I18nUtil

Tags for this Thread

Posting Permissions