I am using the AuthenticationProcessingFilter for logins to my web application. From a security standpoint everything works nicely, but I am having some trouble customizing the error messages on failed login attempts. The requirements are such that I display error messages indicated the reason for the login failure. These messages include:
"You have entered an invalid password. "
"User name not found. "
The issue is that upon failure, I do not have the necessary information to figure out the reason for the login failure. In both of the cases above, I am forwarded back to a jsp with access to a BadCredentialsException containing a "Bad credentials presented" error message. Am I missing something? Thanks.