ok thanks! do you know the reason why in the login.jsp with j_security there is no use of struts tags?
i think i read something that its not a good idea? will it break security? tibi Matt Raible wrote: > I believe there are different errors that Spring Security sends for > different events. The one that's commented out below merely grabs the > last one set. > > On Thu, Apr 8, 2010 at 2:29 AM, <t...@dds.nl <mailto:t...@dds.nl>> wrote: > > ok it seems to work. > don't forget to add: > <property name="passwordEncoder" > ref="passwordEncoder" /> > to myAuthenticationProvider bean in the blow config file. > > > one other question in the login jsp i want to show the error message. > > now this is used: > <c:if test="${param.error != null}"> > <li class="error"> > <img src="${ctx}/images/iconWarning.gif" alt="<fmt:message > key='icon.warning'/>" class="icon"/> > <fmt:message key="errors.password.mismatch"/> > <%--${sessionScope.SPRING_SECURITY_LAST_EXCEPTION.message}--%> > </li> > </c:if> > > how can i diffirentiate between different errors? > (wrong credentials or no more attempts) > > > tibi > > > > > > ok it works. > > what i did: > > in the applicationContext-struts.xml i added (changed) this: > > <beans xmlns="http://www.springframework.org/schema/beans"; > > xmlns:security="http://www.springframework.org/schema/security"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > xsi:schemaLocation="http://www.springframework.org/schema/beans > > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd > http://www.springframework.org/schema/security > > > http://www.springframework.org/schema/security/spring-security-2.0.xsd"; > default-lazy-init="true"> > > <bean id="adminInterceptor" > > > class="nl.rapidsugar.emailOpMaat.webapp.interceptor.UserRoleAuthorizationInterceptor"> > <property name="authorizedRoles" > value="ROLE_ADMIN" /> > </bean> > <bean id="authenticationManager" > class="org.springframework.security.providers.ProviderManager"> > <property name="providers"> > <list> > <ref > local="myAuthenticationProvider" /> > </list> > </property> > </bean> > > <bean id="myAuthenticationProvider" > > > class="nl.rapidsugar.emailOpMaat.webapp.interceptor.MyAuthenticationProvider"> > <security:custom-authentication-provider /> > <property name="userDetailsService" > ref="userDao" /> > </bean> > .... > > basicaly i'm adding a bean into the providers list. > > than a java class: > > package nl.rapidsugar.emailOpMaat.webapp.interceptor; > > import org.springframework.security.AuthenticationException; > import > > org.springframework.security.providers.UsernamePasswordAuthenticationToken; > import > org.springframework.security.providers.dao.DaoAuthenticationProvider; > import org.springframework.security.userdetails.UserDetails; > > public class MyAuthenticationProvider extends > DaoAuthenticationProvider { > > @Override > protected void > additionalAuthenticationChecks(UserDetails userDetails, > UsernamePasswordAuthenticationToken > authentication) > throws AuthenticationException { > // TODO Auto-generated method stub > > super.additionalAuthenticationChecks(userDetails, > authentication); > } > } > > > in debug mode i'm hitting this method... so now lets see what > i can do here :D > > have fun! > > > i will look into this tomorrow: > > http://forum.springsource.org/showthread.php?t=52377 > > > > Quoting t...@dds.nl <mailto:t...@dds.nl>: > > :( > > > i will... > > > > > Quoting Matt Raible <m...@raibledesigns.com > <mailto:m...@raibledesigns.com>>: > > Unfortunately, I don't know the answer to this. > You might search Spring > Security's forums. > > On Tue, Apr 6, 2010 at 12:25 PM, <t...@dds.nl > <mailto:t...@dds.nl>> wrote: > > some investigation led me to the > postAuthenticationChecks > > seems to do the trick. but how can i inject my > own class there? > > is it autowired? > > thanks for any pointers, > > tibi > > > > > hi list > > hi matt, > > i need to count the wrong logins (after 3 > wrong logins block account). > how can i get in the loop of j_security_check? > > > thanks, > > tibi > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > users-unsubscr...@appfuse.dev.java.net > <mailto:users-unsubscr...@appfuse.dev.java.net> > For additional commands, e-mail: > users-h...@appfuse.dev.java.net > <mailto:users-h...@appfuse.dev.java.net> > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > users-unsubscr...@appfuse.dev.java.net > <mailto:users-unsubscr...@appfuse.dev.java.net> > For additional commands, e-mail: > users-h...@appfuse.dev.java.net > <mailto:users-h...@appfuse.dev.java.net> > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > users-unsubscr...@appfuse.dev.java.net > <mailto:users-unsubscr...@appfuse.dev.java.net> > For additional commands, e-mail: > users-h...@appfuse.dev.java.net > <mailto:users-h...@appfuse.dev.java.net> > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > users-unsubscr...@appfuse.dev.java.net > <mailto:users-unsubscr...@appfuse.dev.java.net> > For additional commands, e-mail: > users-h...@appfuse.dev.java.net > <mailto:users-h...@appfuse.dev.java.net> > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@appfuse.dev.java.net > <mailto:users-unsubscr...@appfuse.dev.java.net> > For additional commands, e-mail: > users-h...@appfuse.dev.java.net > <mailto:users-h...@appfuse.dev.java.net> > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@appfuse.dev.java.net > <mailto:users-unsubscr...@appfuse.dev.java.net> > For additional commands, e-mail: users-h...@appfuse.dev.java.net > <mailto:users-h...@appfuse.dev.java.net> > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@appfuse.dev.java.net For additional commands, e-mail: users-h...@appfuse.dev.java.net
