1010import org .springframework .beans .factory .annotation .Autowired ;
1111import org .springframework .context .MessageSource ;
1212import org .springframework .security .core .AuthenticationException ;
13+ import org .springframework .security .web .WebAttributes ;
1314import org .springframework .security .web .authentication .SimpleUrlAuthenticationFailureHandler ;
1415import org .springframework .stereotype .Component ;
1516import org .springframework .web .servlet .LocaleResolver ;
@@ -31,14 +32,16 @@ public void onAuthenticationFailure(final HttpServletRequest request, final Http
3132
3233 final Locale locale = localeResolver .resolveLocale (request );
3334
35+ String errorMessage = messages .getMessage ("message.badCredentials" , null , locale );
36+
3437 if (exception .getMessage ().equalsIgnoreCase ("User is disabled" )) {
35- request . getSession (). setAttribute ( "SPRING_SECURITY_LAST_EXCEPTION" , messages .getMessage ("auth.message.disabled" , null , locale ) );
38+ errorMessage = messages .getMessage ("auth.message.disabled" , null , locale );
3639 } else if (exception .getMessage ().equalsIgnoreCase ("User account has expired" )) {
37- request . getSession (). setAttribute ( "SPRING_SECURITY_LAST_EXCEPTION" , messages .getMessage ("auth.message.expired" , null , locale ) );
40+ errorMessage = messages .getMessage ("auth.message.expired" , null , locale );
3841 } else if (exception .getMessage ().equalsIgnoreCase ("blocked" )) {
39- request .getSession ().setAttribute ("SPRING_SECURITY_LAST_EXCEPTION" , messages .getMessage ("auth.message.blocked" , null , locale ));
40- } else {
41- request .getSession ().setAttribute ("SPRING_SECURITY_LAST_EXCEPTION" , messages .getMessage ("message.badCredentials" , null , locale ));
42+ errorMessage = messages .getMessage ("auth.message.blocked" , null , locale );
4243 }
44+
45+ request .getSession ().setAttribute (WebAttributes .AUTHENTICATION_EXCEPTION , errorMessage );
4346 }
4447}
0 commit comments