Reputation: 395
cannot override spring security error messages
Good day SO people!
I have a question regarding custom spring security error messages. I've done some searching on how to do this and came up with putting the snippet below in my root-context.xml
<!-- override spring security messages -->
<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basenames">
<list>
<value>mymessages</value>
</list>
</property>
</bean>
and creating a properties file named mymessages.properties in WEB-INF\classes\ folder.
I don't know if anyone here has encountered the same problem but I'm giving this a shot. You see I was able to override the message for the "Bad Credentials" message.
AbstractUserDetailsAuthenticationProvider.badCredentials=Invalid username or password.
Now, I wanted to override the message for maximum allowable sessions which uses the key
ConcurrentSessionControlStrategy.exceededAllowed=Maximum sessions of {0} for this principal exceeded
but for some reason when I change the value of the key, it is not being reflected.
Anybody who has the same situation? Thanks in advance!
Upvotes: 1
Views: 1098
Answers (1)
Reputation: 19
I had the exact same problem, I looked throught the spring code to see what message they use and it is different:
As you said, the messages say:
ConcurrentSessionControlStrategy.exceededAllowed
However, in the code ConcurrentSessionControlStrategy the message they use is different to the one in messages.properties
protected void allowableSessionsExceeded(List<SessionInformation> sessions,
int allowableSessions, SessionRegistry registry)
throws SessionAuthenticationException {
if (exceptionIfMaximumExceeded || (sessions == null)) {
throw new SessionAuthenticationException(messages.getMessage(
"ConcurrentSessionControlAuthenticationStrategy.exceededAllowed",
new Object[] { Integer.valueOf(allowableSessions) },
"Maximum sessions of {0} for this principal exceeded"));
}
So in summary, override using this:
ConcurrentSessionControlAuthenticationStrategy.exceededAllowed
instead of this:
ConcurrentSessionControlStrategy.exceededAllowed
Hope someone finds it helpful
Upvotes: 2
Related Questions
- how to override default error messages on spring-security
- Custom message in Spring AccessDeniedException
- How to customize SPRING_SECURITY_LAST_EXCEPTION.message according to the error I get
- Overriding J_Spring_Security_Check
- Spring security tags do not work in error pages
- How to override default spring security XML configuration?
- How to override security access in Spring?
- Spring Security custom message for "Authentication method not supported: GET"
- Spring security not displaying error messages
- Issue with displaying error message on Login page in Spring Security