All geek questions in one place

Spring security interception invalid password

I use spring security. I use aspectj to register the wrong username or password. I was able to intercept the wrong username by checking loadUserByUsername for an exception. How to intercept the wrong password.

It looks like spring gets the user object and checks the entered password against the user password. How can I catch this for any exception

Thanks in advance

+3
source share
2 answers

I don’t have much idea of ​​the aspects, so this may not help.

First, you need to ask yourself if you really need to distinguish between an incorrect username and an incorrect password, especially if this information is returned to the user.

spring -security , BadCredentialsException .

Spring security 3.0.x public authenticate() ( AbstractUserDetailsAuthenticationProvider), protected retrieveUser(), protected additionalAuthenticationChecks().

hideUserNotFoundExceptions false ( true), authenticate() UserNotFoundException ( ) BadCredentialsException .

+2

ExceptionTranslationFilter FilterSecurityInterceptor . " " , , .

0

Source: https://habr.com/ru/post/1790023/

More articles:


All Articles