In spring security 3.0.5.RELEASE, which class and method can I override to catch the BadCredentialsException for wrong password. Here is a snippet of my security.xml
<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="hideUserNotFoundExceptions" value="true" />
开发者_开发百科<beans:property name="userDetailsService" ref="userDao"/>
<beans:property name="passwordEncoder" ref="passwordEncoder"/>
</beans:bean>
<security:authentication-manager>
<security:authentication-provider ref='daoAuthenticationProvider'/>
</security:authentication-manager>
Subclass SimpleUrlAuthenticationFailureHandler and override onAuthenticationFailure(). It gets an exception passed to it. exception.getAuthentication().getCredentials() will return the password that was tried.
Configure your AuthenticationFailureHandler in the form-login element:
<form-login authentication-failure-handler-ref="authenticationFailureHandler" />
精彩评论