Spring Security : Add custom message for authentication failure ( "Bad Credentials" to "Invalid Credentials")

huangapple
未分类评论52阅读模式
标题翻译

Spring Security : Add custom message for authentication failure ( "Bad Credentials" to "Invalid Credentials")

问题

Authentication authentication = authenticationManager.authenticate(
    new UsernamePasswordAuthenticationToken(
        loginRequest.getUserName(),
        loginRequest.getPassword()
    )
);

当前的响应如下:

{
  "timestamp": "2020-05-30T17:50:38.307+0000",
  "message": "Bad credentials",
  "details": "uri=/auth"
}

我希望它变成这样:

{
  "timestamp": "2020-05-30T17:50:38.307+0000",
  "message": "Invalid credentials",
  "details": "uri=/auth"
}
英文翻译 
Authentication authentication = authenticationManager.authenticate(
	new UsernamePasswordAuthenticationToken(
		loginRequest.getUserName(),
		loginRequest.getPassword()
	)
);

Currently the response is like below:

{
  "timestamp": "2020-05-30T17:50:38.307+0000",
  "message": "Bad credentials",
  "details": "uri=/auth"
}

I want this to be like this:

{
  "timestamp": "2020-05-30T17:50:38.307+0000",
  "message": "Invalid credentials",
  "details": "uri=/auth"
}

答案1

得分: 0

以下是翻译好的部分:

Spring Security 使用 messages.properties 文件,其中包含默认的消息,我们可以添加自定义消息。在 messages.properties 文件中添加如下消息:

messages.properties

AbstractUserDetailsAuthenticationProvider.badCredentials=无效的凭据

默认消息

AbstractAccessDecisionManager.accessDenied=拒绝访问
AbstractLdapAuthenticationProvider.emptyPassword=空密码
AbstractSecurityInterceptor.authenticationNotFound=在 SecurityContext 中找不到 Authentication 对象
AbstractUserDetailsAuthenticationProvider.badCredentials=凭据不正确
AbstractUserDetailsAuthenticationProvider.credentialsExpired=用户凭据已过期
AbstractUserDetailsAuthenticationProvider.disabled=用户已被禁用
AbstractUserDetailsAuthenticationProvider.expired=用户帐户已过期
AbstractUserDetailsAuthenticationProvider.locked=用户帐户已锁定
AbstractUserDetailsAuthenticationProvider.onlySupports=仅支持 UsernamePasswordAuthenticationToken
AccountStatusUserDetailsChecker.credentialsExpired=用户凭据已过期
AccountStatusUserDetailsChecker.disabled=用户已被禁用
AccountStatusUserDetailsChecker.expired=用户帐户已过期
AccountStatusUserDetailsChecker.locked=用户帐户已锁定
AclEntryAfterInvocationProvider.noPermission=认证 {0} 没有权限访问域对象 {1}
AnonymousAuthenticationProvider.incorrectKey=所提供的 AnonymousAuthenticationToken 不包含预期的密钥
BindAuthenticator.badCredentials=凭据不正确
BindAuthenticator.emptyPassword=空密码
CasAuthenticationProvider.incorrectKey=所提供的 CasAuthenticationToken 不包含预期的密钥
CasAuthenticationProvider.noServiceTicket=无法提供 CAS 服务票据以进行验证
ConcurrentSessionControlAuthenticationStrategy.exceededAllowed=此主体的最大会话数 {0} 超过允许值
DigestAuthenticationFilter.incorrectRealm=响应领域名称 {0} 与系统领域名称 {1} 不匹配
DigestAuthenticationFilter.incorrectResponse=响应不正确
DigestAuthenticationFilter.missingAuth=缺少“auth”QOP的强制摘要值;接收到的标头 {0}
...
英文翻译

Spring Security uses the messages.properties which consist of default messages, we can add our custom message with the same. Add messages.properties and add a message as shown below.

messages.properties

AbstractUserDetailsAuthenticationProvider.badCredentials=Invalid credentials

Defaults

AbstractAccessDecisionManager.accessDenied=Access is denied
AbstractLdapAuthenticationProvider.emptyPassword=Empty Password
AbstractSecurityInterceptor.authenticationNotFound=An Authentication object was not found in the SecurityContext
AbstractUserDetailsAuthenticationProvider.badCredentials=Bad credentials
AbstractUserDetailsAuthenticationProvider.credentialsExpired=User credentials have expired
AbstractUserDetailsAuthenticationProvider.disabled=User is disabled
AbstractUserDetailsAuthenticationProvider.expired=User account has expired
AbstractUserDetailsAuthenticationProvider.locked=User account is locked
AbstractUserDetailsAuthenticationProvider.onlySupports=Only UsernamePasswordAuthenticationToken is supported
AccountStatusUserDetailsChecker.credentialsExpired=User credentials have expired
AccountStatusUserDetailsChecker.disabled=User is disabled
AccountStatusUserDetailsChecker.expired=User account has expired
AccountStatusUserDetailsChecker.locked=User account is locked
AclEntryAfterInvocationProvider.noPermission=Authentication {0} has NO permissions to the domain object {1}
AnonymousAuthenticationProvider.incorrectKey=The presented AnonymousAuthenticationToken does not contain the expected key
BindAuthenticator.badCredentials=Bad credentials
BindAuthenticator.emptyPassword=Empty Password
CasAuthenticationProvider.incorrectKey=The presented CasAuthenticationToken does not contain the expected key
CasAuthenticationProvider.noServiceTicket=Failed to provide a CAS service ticket to validate
ConcurrentSessionControlAuthenticationStrategy.exceededAllowed=Maximum sessions of {0} for this principal exceeded
DigestAuthenticationFilter.incorrectRealm=Response realm name {0} does not match system realm name of {1}
DigestAuthenticationFilter.incorrectResponse=Incorrect response
DigestAuthenticationFilter.missingAuth=Missing mandatory digest value for 'auth' QOP; received header {0}
DigestAuthenticationFilter.missingMandatory=Missing mandatory digest value; received header {0}
DigestAuthenticationFilter.nonceCompromised=Nonce token compromised {0}
DigestAuthenticationFilter.nonceEncoding=Nonce is not encoded in Base64; received nonce {0}
DigestAuthenticationFilter.nonceExpired=Nonce has expired/timed out
DigestAuthenticationFilter.nonceNotNumeric=Nonce token should have yielded a numeric first token, but was {0}
DigestAuthenticationFilter.nonceNotTwoTokens=Nonce should have yielded two tokens but was {0}
DigestAuthenticationFilter.usernameNotFound=Username {0} not found
JdbcDaoImpl.noAuthority=User {0} has no GrantedAuthority
JdbcDaoImpl.notFound=User {0} not found
LdapAuthenticationProvider.badCredentials=Bad credentials
LdapAuthenticationProvider.badLdapConnection=Connection to LDAP server failed
LdapAuthenticationProvider.credentialsExpired=User credentials have expired
LdapAuthenticationProvider.disabled=User is disabled
LdapAuthenticationProvider.expired=User account has expired
LdapAuthenticationProvider.locked=User account is locked
LdapAuthenticationProvider.emptyUsername=Empty username not allowed
LdapAuthenticationProvider.onlySupports=Only UsernamePasswordAuthenticationToken is supported
PasswordComparisonAuthenticator.badCredentials=Bad credentials
PersistentTokenBasedRememberMeServices.cookieStolen=Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack.
ProviderManager.providerNotFound=No AuthenticationProvider found for {0}
RememberMeAuthenticationProvider.incorrectKey=The presented RememberMeAuthenticationToken does not contain the expected key
RunAsImplAuthenticationProvider.incorrectKey=The presented RunAsUserToken does not contain the expected key
SubjectDnX509PrincipalExtractor.noMatching=No matching pattern was found in subjectDN: {0}
SwitchUserFilter.noCurrentUser=No current user associated with this request
SwitchUserFilter.noOriginalAuthentication=Could not find original Authentication object

huangapple
  • 本文由 发表于 2020年5月31日 01:59:01
  • 转载请务必保留本文链接:https://java.coder-hub.com/62106597.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定