Display custom error message in Spring Security
In Spring Security, when authentication is failed, following predefined error messages will be displayed :
Spring display : Bad credentials
In this article, we show you how to override above error message and display your custom error message. For example,
Spring display : Bad credentials You want override it with this message : Invalid username or password
Solution
Spring Security stored messages in “messages.properties” inside “spring-security-core.jar“, see figure below :
To override it, find which key generate what error message in spring security message.properties file, and redefine it with your own properties file.
1. Override Key and Message
Create a new properties file, put it on project classpath, and override the Spring’s “key” with your custom error message. In this case, just override “AbstractUserDetailsAuthenticationProvider.badCredentials“.
File : mymessages.properties
AbstractUserDetailsAuthenticationProvider.badCredentials=Invalid username or password
2. Register ResourceBundleMessageSource
To load above properties file, define ResourceBundleMessageSource in Spring bean configuration file.
<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource"> <property name="basenames"> <list> <value>mymessages</value> </list> </property> </bean>
Now, when authentication is failed, it will display your custom error message “Invalid username or password“, instead of the default “Bad credentials“.
With this trick, you can override any Spring Security messages easily.
Download Source Code
HI can you provide a simple example for remember me check box in spring login i need it to for my application
Not sure what the problem is. I downloaded this code and tried as it is by adding required jar files. But still, I’m not getting custom error message :-(
My bad!! Looks like I did’nt have the mymessages.properties in the class path. I ensured that now, by giving the path as resources/mymessages for my project structure and it is working fine now. Thank you very much!!
but can we custom the error authentication messages :
Locked Account
Dis-activated Account
…
Find keys in messages.properties” inside “spring-security-core.jar“, and override it.
[...] Error MessagesDefault Spring’s error message is not user friendly enough. Read this “how to display custom error message in Spring Security”File : mymessages.propertiesAbstractUserDetailsAuthenticationProvider.badCredentials=Invalid [...]