Spring Security关于验证提示！

另外需要解决的是验证码问题，可以用filter方式解决，只有验证码通过了才去真的用spring security验证

------------------------------------------------------------------------------------

In Spring Security, when authentication is failed, following predefined error messages will be displayed :

Spring display : Bad credentials

In this article, we show you how to override above error message and display your custom error message. For example,

Spring display : Bad credentialsYou want override it with this message : Invalid username or password

Solution

Spring Security stored messages in “messages.properties” inside “spring-security-core.jar“, see figure below :

To override it, find which key generate what error message in spring security message.properties file, and redefine it with your own properties file.

1. Override Key and Message

Create a new properties file, put it on project classpath, and override the Spring’s “key” with your custom error message. In this case, just override “AbstractUserDetailsAuthenticationProvider.badCredentials“.

File : mymessages.properties

AbstractUserDetailsAuthenticationProvider.badCredentials=Invalid username or password 

2. Register ResourceBundleMessageSource

To load above properties file, define ResourceBundleMessageSource in Spring bean configuration file.

    <bean id="messageSource"       class="org.springframework.context.support.ResourceBundleMessageSource">       <property name="basenames">        <list>          <value>mymessages</value>        </list>        </property>      </bean>

Now, when authentication is failed, it will display your custom error message “Invalid username or password“, instead of the default “Bad credentials“.