CODEWITHSUNDEEP
javascriptjqueryhtmlspring-securitybasic-authentication
Swapnil Godambe
Swapnil Godambe

Reputation: 2044

Basic Authentication in Spring Security( authentication failure message)

I am developing website(HTML, javascript, jQuery, Ajax, css) in which, I am using basic authentication in spring in server side. I am sending Basic="Base64 Endcoded Username & password" in Authorization header of HTTP request. Login works fine on correct username & password. But on failure, it shows me a default prompt to enter a username & password. What can I do to so that prompt is not shown, Instead I should get a error code. So that, I can display proper failure message.

Spring Security

http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

<http create-session="never"> 
    <intercept-url pattern="/rest/user*" access="ROLE_USER" /> 
    <logout logout-success-url="/index.jsp" invalidate-session="true" />
    <http-basic />
</http> 

<authentication-manager>
    <authentication-provider>
    <password-encoder hash="md5"/>
        <jdbc-user-service data-source-ref="dataSource" 
            users-by-username-query="
                select UserName as username, Password as user_password,true 
                from User where username=?" 

            authorities-by-username-query="
                select UserName as username,'ROLE_USER' from User where username=?" 

        />
    </authentication-provider>

</authentication-manager>

Upvotes: 3

Views: 1606

Answers (2)

Swapnil Godambe
Swapnil Godambe

Reputation: 2044

After so much of hurdle .. finally I have done it.

I have posted it on my blog

http://swapgo20.wordpress.com/2012/10/21/website-spring-security-basic-authorization-in-javascript/

Upvotes: 1

Varun Achar
Varun Achar

Reputation: 15109

By default, the class AuthenticationEntryPoint redirects user to the login page when there is a failure in the authentication process. To change the default behavior and provide a custom Authentication Failure page, you can specify an entry in your security.xml file

<form-login login-processing-url="your-login-check" login-page="/login"
            username-parameter="j_username" password-parameter="j_password"
            authentication-failure-url="/login/authenticationFailure" />

That should be it! You'll get redirected to the page specified in the authentication-failure-url attributte in the xml.

Upvotes: 0

Related Questions