I'm using Spring MVC and Spring Security on a project, and am implementing a login form with it. I've run into a sort of strange behaviour, which I wouldn't expect, and I was wondering if there is a way to avoid it.
When there is an authentication error on the login form, I have a method in my controller to handle it:
@RequestMapping(value="/failed", method = RequestMethod.GET)
public String showLoginFailurePage(Model model, HttpServletRequest request) {
String authExClass = "";
AuthenticationException authEx = (AuthenticationException) request.getSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
if (authEx != null) {
authExClass = authEx.getClass().getSimpleName();
}
model.addAttribute("authExClass", authExClass);
return LOGIN_PAGE;
}
This works initially, allowing me to display an error when an authentication error occurs. However, if I refresh the page, I would expect that the AuthenticationException would no lon开发者_JAVA百科ger be attached to the session, and thus I wouldn't display an error to the user. However, it seems that the exception persists beyond a refresh. Do I have an incorrect assumption? Should I not be using my request object this way?
Thanks! idbentley
Well, does any code clear the AUTHENTICATION_EXCEPTION from the Session? Spring Security may not automatically clear this from the session until an another authorization attempt is successful - I think you are assuming that this session attribute is automatically removed.
You may want to clear this attribute from the session yourself to not display it again.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论