取出Spring Security的异常信息
${sessionScope['SPRING_SECURITY_LAST_EXCEPTION'].message}
异常信息已经经过国际化处理,所以只要直接取出异常的message属性即可。
如在org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(Authentication)中:
...
try {
user = retrieveUser(username,(UsernamePasswordAuthenticationToken) authentication);
} catch (UsernameNotFoundException notFound) {
if (hideUserNotFoundExceptions) {
throw new BadCredentialsException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
} else {
throw notFound;
}
}
...
messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials")
org.springframework.context.support.MessageSourceAccessor
protected Locale getDefaultLocale() {
return (this.defaultLocale != null ? this.defaultLocale : LocaleContextHolder.getLocale());
}
public String getMessage(String code, String defaultMessage) {
return this.messageSource.getMessage(code, null, defaultMessage, getDefaultLocale());
}
org.springframework.context.i18n.LocaleContextHolder
public static Locale getLocale() {
LocaleContext localeContext = getLocaleContext();
return (localeContext != null ? localeContext.getLocale() : Locale.getDefault());
}
public static LocaleContext getLocaleContext() {
LocaleContext localeContext = (LocaleContext) localeContextHolder.get();
if (localeContext == null) {
localeContext = (LocaleContext) inheritableLocaleContextHolder.get();
}
return localeContext;
}
可知保存Local信息的localeContext是从线程变量localeContextHolder中取出来的,从而可以知道必须先在localeContextHolder中设置好localeContext,国际化才能正确工作。
Spring框架中有一个过滤器是负责这个工作的,它就是org.springframework.web.filter.RequestContextFilter。
在web.xml中定义RequestContextFilter,注意要定义在springSecurityFilterChain前面才能正确工作。
<filter> <filter-name>localizationFilter</filter-name> <filter-class>org.springframework.web.filter.RequestContextFilter</filter-class> </filter> <filter-mapping> <filter-name>localizationFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
/**
* Servlet 2.3 Filter that exposes the request to the current thread,
* through both {@link org.springframework.context.i18n.LocaleContextHolder} and
* {@link RequestContextHolder}. To be registered as filter in <code>web.xml</code>.
*
* <p>Alternatively, Spring's {@link org.springframework.web.context.request.RequestContextListener}
* and Spring's {@link org.springframework.web.servlet.DispatcherServlet} also expose
* the same request context to the current thread.
*
* <p>This filter is mainly for use with third-party servlets, e.g. the JSF FacesServlet.
* Within Spring's own web support, DispatcherServlet's processing is perfectly sufficient.
*
* @author Juergen Hoeller
* @author Rod Johnson
* @since 2.0
* @see org.springframework.context.i18n.LocaleContextHolder
* @see org.springframework.web.context.request.RequestContextHolder
* @see org.springframework.web.context.request.RequestContextListener
* @see org.springframework.web.servlet.DispatcherServlet
*/
由RequestContextFilter的注释可知它主要用于third-party servlets,Spring MVC正常是不需要使用的,由此可知Spring Security与Spring MVC配合得不太完美。
参考链接:
http://stackoverflow.com/questions/6572377/spring-security-with-acceptheaderlocaleresolver-and-i18n