Custom Spring Security Web failure handler..
/**
* @author Wasim Ansari
*
*/
<!-- custom form security developed using spring -->
<security:http auto-config="true" use-expressions="true" >
<!-- When we working on ip address validation through role at that time you can use hasIpAddress validation with access security interceptor -->
<!-- <security:intercept-url pattern="/successurl/**" access="hasAnyRole('ROLE_ADMIN', 'ROLE_USER') and hasIpAddress('127.0.0.1')" /> -->
<security:intercept-url pattern="/successurl/**" access="hasAnyRole('ROLE_ADMIN', 'ROLE_USER')" />
<security:form-login login-page="/login" always-use-default-target="true"
authentication-success-handler-ref="customAuthSuccessHandler" authentication-failure-handler-ref="customAuthFailureHandler" />
<security:session-management invalid-session-url="/loginfailed" >
<!-- <security:concurrency-control expired-url="/loginfailed" max-sessions="1" error-if-maximum-exceeded="true" /> -->
<security:concurrency-control expired-url="/loginfailed" />
</security:session-management>
<security:logout invalidate-session="true" success-handler-ref="customLogoutSuccessHandler" delete-cookies="JSESSIONID" />
<!-- by default , on back click link session will be destroyed.. -->
<!-- <security:logout invalidate-session="true" success-handler-ref="customLogoutSuccessHandler" delete-cookies="JSESSIONID" /> -->
</security:http>
Spring security - Bean dependencies .
<bean id="customAuthFailureHandler" class="com.techa2zsoln.allcustom.auth.CustomAuthFailureHandler" >
<property name="defaultFailureUrl" value="/login?login_error=1"></property>
</bean>
public class CustomAuthFailureHandler extends SimpleUrlAuthenticationFailureHandler {
/* (non-Javadoc)
* @see org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler#onAuthenticationFailure(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.springframework.security.core.AuthenticationException)
*/
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
String deviceType = request.getParameter("deviceType");
if(null != deviceType && !"".equals(deviceType)){
RequestDispatcher dispatcher = request.getRequestDispatcher("/logout");
dispatcher.forward(request, response);
}else{
super.onAuthenticationFailure(request, response, exception);
}
}
}
/**
* @author Wasim Ansari
*
*/
<!-- custom form security developed using spring -->
<security:http auto-config="true" use-expressions="true" >
<!-- When we working on ip address validation through role at that time you can use hasIpAddress validation with access security interceptor -->
<!-- <security:intercept-url pattern="/successurl/**" access="hasAnyRole('ROLE_ADMIN', 'ROLE_USER') and hasIpAddress('127.0.0.1')" /> -->
<security:intercept-url pattern="/successurl/**" access="hasAnyRole('ROLE_ADMIN', 'ROLE_USER')" />
<security:form-login login-page="/login" always-use-default-target="true"
authentication-success-handler-ref="customAuthSuccessHandler" authentication-failure-handler-ref="customAuthFailureHandler" />
<security:session-management invalid-session-url="/loginfailed" >
<!-- <security:concurrency-control expired-url="/loginfailed" max-sessions="1" error-if-maximum-exceeded="true" /> -->
<security:concurrency-control expired-url="/loginfailed" />
</security:session-management>
<security:logout invalidate-session="true" success-handler-ref="customLogoutSuccessHandler" delete-cookies="JSESSIONID" />
<!-- by default , on back click link session will be destroyed.. -->
<!-- <security:logout invalidate-session="true" success-handler-ref="customLogoutSuccessHandler" delete-cookies="JSESSIONID" /> -->
</security:http>
Spring security - Bean dependencies .
<bean id="customAuthFailureHandler" class="com.techa2zsoln.allcustom.auth.CustomAuthFailureHandler" >
<property name="defaultFailureUrl" value="/login?login_error=1"></property>
</bean>
public class CustomAuthFailureHandler extends SimpleUrlAuthenticationFailureHandler {
/* (non-Javadoc)
* @see org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler#onAuthenticationFailure(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.springframework.security.core.AuthenticationException)
*/
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
String deviceType = request.getParameter("deviceType");
if(null != deviceType && !"".equals(deviceType)){
RequestDispatcher dispatcher = request.getRequestDispatcher("/logout");
dispatcher.forward(request, response);
}else{
super.onAuthenticationFailure(request, response, exception);
}
}
}