Printing login error messages not working

[sachin_yadav]

I am migrating my application from spring security 2.x to 3.0 Everything is working fine now except one thing. I want my login page to print authentication failure error messages. ex- Bad Credentials which are not getting printed.

Code:

<?xml version="1.0"......
<body>
  <c:if test="${not empty param.error}">
  Login error. <br />
  Reason : ${SPRING_SECURITY_LAST_EXCEPTION.message}
</c:if>
<div class="containerWrapper">
<form method="post" action="j_spring_security_check"......</jsp:root>

config:

Code:

<http auto-config="false" access-decision-manager-ref="accessDecisionManager" 
	entry-point-ref="authenticationProcessingFilterEntryPoint">
	<custom-filter position="FORM_LOGIN_FILTER" ref="authenticationProcessingFilter" />
	<custom-filter position="LOGOUT_FILTER" ref="customLogoutFilter"/>
	<access-denied-handler error-page="/login.jsp?login_error=true"/> 
	<intercept-url pattern="/login.htm" filters="none" />
	<intercept-url pattern="/admin/*" access="ROLE_ADMIN"/>
	<anonymous enabled='false'/>
    <session-management session-authentication-strategy-ref="sas"/>
	</http>

I tried using "/login.jsp?error=true" but that doesn't work as well. Following is the log file -

Code:

16:23:26,183 DEBUG FilterChainProxy:376 - /j_spring_security_check at position 1 of 10 in additional filter chain; firing Filter: 'ConcurrentSessionFilter'
16:23:26,183 DEBUG FilterChainProxy:376 - /j_spring_security_check at position 2 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
16:23:26,183 DEBUG HttpSessionSecurityContextRepository:142 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
16:23:26,183 DEBUG HttpSessionSecurityContextRepository:88 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@c19fbf. A new one will be created.
16:23:26,199 DEBUG FilterChainProxy:376 - /j_spring_security_check at position 3 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
16:23:26,199 DEBUG FilterChainProxy:376 - /j_spring_security_check at position 4 of 10 in additional filter chain; firing Filter: 'XXXAuthenticationProcessingFilter'
16:23:26,199 DEBUG XXXAuthenticationProcessingFilter:193 - Request is to process authentication
16:23:26,199 DEBUG ProviderManager:127 - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
16:23:26,199 DEBUG JdbcTemplate:634 - Executing prepared SQL query
16:23:26,199 DEBUG JdbcTemplate:569 - Executing prepared SQL statement [select user_id,user_password,status as enabled from user_master where user_email_id = ?]
16:23:26,199 DEBUG DataSourceUtils:110 - Fetching JDBC Connection from DataSource
16:23:26,214 DEBUG StatementCreatorUtils:206 - Setting SQL statement parameter value: column index 1, parameter value [a@a.com], value class [java.lang.String], SQL type unknown
16:23:26,214 DEBUG DataSourceUtils:332 - Returning JDBC Connection to DataSource
16:23:26,214 DEBUG JdbcTemplate:634 - Executing prepared SQL query
16:23:26,214 DEBUG JdbcTemplate:569 - Executing prepared SQL statement [SELECT user.user_id, role.role_type FROM user_master USER, role_master role, user_role ur WHERE user.user_id = ur.user_id AND role.role_id = ur.role_id AND user.user_id=?]
16:23:26,214 DEBUG DataSourceUtils:110 - Fetching JDBC Connection from DataSource
16:23:26,214 DEBUG StatementCreatorUtils:206 - Setting SQL statement parameter value: column index 1, parameter value [1], value class [java.lang.String], SQL type unknown
16:23:26,230 DEBUG DataSourceUtils:332 - Returning JDBC Connection to DataSource
16:23:26,230 DEBUG DaoAuthenticationProvider:69 - Authentication failed: password does not match stored value
16:23:26,230 DEBUG XmlWebApplicationContext:301 - Publishing event in Root WebApplicationContext: org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent[source=org.springframework.security.authentication.UsernamePasswordAuthenticationToken@820e0407: Principal: a@a.com; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 4D1E21817536F85DF250679319B802B1; Not granted any authorities]
16:23:26,230 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'org.springframework.security.core.session.SessionRegistryImpl#0'
16:23:26,230 DEBUG XXXAuthenticationProcessingFilter:318 - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
16:23:26,230 DEBUG XXXAuthenticationProcessingFilter:319 - Updated SecurityContextHolder to contain null Authentication
16:23:26,230 DEBUG XXXAuthenticationProcessingFilter:320 - Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@18d4c9a
16:23:26,230 DEBUG SimpleUrlAuthenticationFailureHandler:67 - Redirecting to /login.jsp?login_error=true
16:23:26,230 DEBUG DefaultRedirectStrategy:36 - Redirecting to '/XXX/login.jsp?login_error=true'
16:23:26,246 DEBUG HttpSessionSecurityContextRepository:338 - SecurityContext is empty or anonymous - context will not be stored in HttpSession. 
16:23:26,246 DEBUG SecurityContextPersistenceFilter:89 - SecurityContextHolder now cleared, as request processing completed
16:23:26,261 DEBUG FilterChainProxy:194 - Converted URL to lowercase, from: '/login.jsp'; to: '/login.jsp'
16:23:26,277 DEBUG FilterChainProxy:201 - Candidate is: '/login.jsp'; pattern is /login.htm; matched=false
16:23:26,277 DEBUG FilterChainProxy:194 - Converted URL to lowercase, from: '/login.jsp'; to: '/login.jsp'
16:23:26,277 DEBUG FilterChainProxy:201 - Candidate is: '/login.jsp'; pattern is /**; matched=true
16:23:26,277 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 1 of 10 in additional filter chain; firing Filter: 'ConcurrentSessionFilter'
16:23:26,277 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 2 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
16:23:26,293 DEBUG HttpSessionSecurityContextRepository:142 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
16:23:26,293 DEBUG HttpSessionSecurityContextRepository:88 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@c19fbf. A new one will be created.
16:23:26,293 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 3 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
16:23:26,293 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 4 of 10 in additional filter chain; firing Filter: 'XXXAuthenticationProcessingFilter'
16:23:26,293 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
16:23:26,293 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
16:23:26,293 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
16:23:26,293 DEBUG AnonymousAuthenticationFilter:67 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fa90ed4: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 4D1E21817536F85DF250679319B802B1; Granted Authorities: ROLE_ANONYMOUS'
16:23:26,293 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 8 of 10 in additional filter chain; firing Filter: 'SessionManagementFilter'
16:23:26,293 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
16:23:26,308 DEBUG FilterChainProxy:376 - /login.jsp?login_error=true at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
16:23:26,308 DEBUG DefaultFilterInvocationSecurityMetadataSource:173 - Converted URL to lowercase, from: '/login.jsp'; to: '/login.jsp'
16:23:26,308 DEBUG DefaultFilterInvocationSecurityMetadataSource:200 - Candidate is: '/login.jsp'; pattern is /order/**; matched=false
16:23:26,308 DEBUG DefaultFilterInvocationSecurityMetadataSource:200 - Candidate is: '/login.jsp'; pattern is /restaurent/*; matched=false
16:23:26,308 DEBUG DefaultFilterInvocationSecurityMetadataSource:200 - Candidate is: '/login.jsp'; pattern is /admin/*; matched=false
16:23:26,308 DEBUG FilterSecurityInterceptor:183 - Public object - authentication not attempted
16:23:26,308 DEBUG XmlWebApplicationContext:301 - Publishing event in Root WebApplicationContext: org.springframework.security.access.event.PublicInvocationEvent[source=FilterInvocation: URL: /login.jsp?login_error=true]
16:23:26,308 DEBUG FilterChainProxy:363 - /login.jsp?login_error=true reached end of additional filter chain; proceeding with original chain
16:23:26,308 DEBUG ExceptionTranslationFilter:100 - Chain processed normally
16:23:26,324 DEBUG HttpSessionSecurityContextRepository:338 - SecurityContext is empty or anonymous - context will not be stored in HttpSession. 
16:23:26,324 DEBUG SecurityContextPersistenceFilter:89 - SecurityContextHolder now cleared, as request processing completed

[Rob Winch]

The if statement needs to match the query param that Spring Security is using in the redirect. So with the configuration you have posted your if statement should be

Code:

<c:if test="${not empty param.login_error}">

You mentioned you also tried error=true. I assume that was with the same jsp if statement? What do you see? For example can you at least see "Login Error"?

[sachin_yadav]

changing c:if as per your suggestions has made is working perfectly. Thank you very much.