Merge pull request eugenp#307 from Doha2012/master

fix error message

Author: Eugen

spring-security-login-and-registration/src/main/java/org/baeldung/security/CustomAuthenticationFailureHandler.java

@@ -0,0 +1,44 @@
+package org.baeldung.security;
+
+import java.io.IOException;
+import java.util.Locale;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.MessageSource;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.LocaleResolver;
+
+@Component
+public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
+
+    @Autowired
+    private MessageSource messages;
+
+    @Autowired
+    private LocaleResolver localeResolver;
+
+    @Override
+    public void onAuthenticationFailure(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException exception) throws IOException, ServletException {
+        setDefaultFailureUrl("/login.html?error=true");
+
+        super.onAuthenticationFailure(request, response, exception);
+
+        final Locale locale = localeResolver.resolveLocale(request);
+
+        if (exception.getMessage().equalsIgnoreCase("User is disabled")) {
+            request.getSession().setAttribute("SPRING_SECURITY_LAST_EXCEPTION", messages.getMessage("auth.message.disabled", null, locale));
+        } else if (exception.getMessage().equalsIgnoreCase("User account has expired")) {
+            request.getSession().setAttribute("SPRING_SECURITY_LAST_EXCEPTION", messages.getMessage("auth.message.expired", null, locale));
+        } else if (exception.getMessage().equalsIgnoreCase("blocked")) {
+            request.getSession().setAttribute("SPRING_SECURITY_LAST_EXCEPTION", messages.getMessage("auth.message.blocked", null, locale));
+        } else {
+            request.getSession().setAttribute("SPRING_SECURITY_LAST_EXCEPTION", messages.getMessage("message.badCredentials", null, locale));
+        }
+    }
+}

spring-security-login-and-registration/src/main/java/org/baeldung/spring/SecSecurityConfig.java

@@ -13,6 +13,7 @@
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 
 @Configuration
@@ -26,6 +27,9 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
     @Autowired
     private AuthenticationSuccessHandler myAuthenticationSuccessHandler;
 
+    @Autowired
+    private AuthenticationFailureHandler authenticationFailureHandler;
+
     public SecSecurityConfig() {
         super();
     }
@@ -59,6 +63,7 @@ protected void configure(final HttpSecurity http) throws Exception {
                 .defaultSuccessUrl("/homepage.html")
                 .failureUrl("/login.html?error=true")
                 .successHandler(myAuthenticationSuccessHandler)
+                .failureHandler(authenticationFailureHandler)
                 .usernameParameter("j_username")
                 .passwordParameter("j_password")
             .permitAll()

spring-security-login-and-registration/src/main/webapp/WEB-INF/view/login.jsp

@@ -7,34 +7,7 @@
 <%@ page session="true"%>
 <fmt:message key="message.password" var="noPass" />
 <fmt:message key="message.username" var="noUser" />
-<c:if test="${param.error != null}">
-    <c:choose>
-        <c:when
-            test="${SPRING_SECURITY_LAST_EXCEPTION.message == 'User is disabled'}">
-            <div class="alert alert-danger">
-                <spring:message code="auth.message.disabled"></spring:message>
-            </div>
-        </c:when>
-        <c:when
-            test="${SPRING_SECURITY_LAST_EXCEPTION.message == 'User account has expired'}">
-            <div class="alert alert-danger">
-                <spring:message code="auth.message.expired"></spring:message>
-            </div>
-        </c:when>
-        <c:when
-            test="${SPRING_SECURITY_LAST_EXCEPTION.message == 'blocked'}">
-            <div class="alert alert-danger">
-               <spring:message code="auth.message.blocked"></spring:message>
-            </div>
-        </c:when>
-        <c:otherwise>
-            <div class="alert alert-danger">
-            <!-- <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}"/> -->
-                <spring:message code="message.badCredentials"></spring:message>
-            </div>
-        </c:otherwise>
-    </c:choose>
-</c:if>
+
 <html>
 
 <head>
@@ -72,6 +45,13 @@ ${param.message}
 </div>
 </c:if>
 
+
+<c:if test="${param.error != null}">
+<div class="alert alert-danger">
+${SPRING_SECURITY_LAST_EXCEPTION}
+</div>
+</c:if>
+
     <div class="container">
         <div class="row wrapper">
             <h1>