Main Tutorials

Display custom error message in Spring Security

In Spring Security, when authentication is failed, following predefined error messages will be displayed :


Spring display : Bad credentials

In this article, we show you how to override above error message and display your custom error message. For example,


Spring display : Bad credentials
You want override it with this message : Invalid username or password

Solution

Spring Security stored messages in “messages.properties” inside “spring-security-core.jar“, see figure below :

message.properties

To override it, find which key generate what error message in spring security message.properties file, and redefine it with your own properties file.

1. Override Key and Message

Create a new properties file, put it on project classpath, and override the Spring’s “key” with your custom error message. In this case, just override “AbstractUserDetailsAuthenticationProvider.badCredentials“.

File : mymessages.properties


AbstractUserDetailsAuthenticationProvider.badCredentials=Invalid username or password

2. Register ResourceBundleMessageSource

To load above properties file, define ResourceBundleMessageSource in Spring bean configuration file.


  <bean id="messageSource"
	class="org.springframework.context.support.ResourceBundleMessageSource">
	<property name="basenames">
	    <list>
		<value>mymessages</value>
	    </list>
	</property>
  </bean>

Now, when authentication is failed, it will display your custom error message “Invalid username or password“, instead of the default “Bad credentials“.

Note
With this trick, you can override any Spring Security messages easily.

Download Source Code

About Author

author image
Founder of Mkyong.com, love Java and open source stuff. Follow him on Twitter. If you like my tutorials, consider make a donation to these charities.

Comments

Subscribe
Notify of
16 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Mallesh
8 years ago

Its not working when i take the userName and passwords from database can find where is my mistake
please help anybody if it show the invalid userName

and Invalid password two different messages whenever i try to login with different userName & password…

Derbali Chaymae
8 years ago
Reply to  Mallesh

me too !! did u find any solution please ?

Sébastien Saison
10 years ago

My custom message properties file is under a specific package, so I modified “spring-beans.xml” as defined below :

fr/i18n/mymessages

And it works great
Thanks

Vicky
10 years ago

I provided two types of implementations for displaying error message like below ones:

Your login attempt was not successful, try again. Caused :
${sessionScope[“SPRING_SECURITY_LAST_EXCEPTION”].message}

Failed to login.

Reason:

Both are using SPRING_SECURITY_LAST_EXCEPTION but noone is displaying error message!!! I am using spring 3.2 and spring security 3.1

Thanks.

Sébastien Saison
10 years ago
Reply to  Vicky

“SPRING_SECURITY_LAST_EXCEPTION.message” is only filled by Spring when the username exists. If not, “SPRING_SECURITY_LAST_EXCEPTION.message” stay empty.

bansal
10 years ago

How we can our own new key error which are not the part default error message properties file

Thiago
10 years ago

SOLVED:

THANK´s 😀

Thiago
10 years ago
Reply to  Thiago
Thiago
10 years ago

Hello, this not work to me. I?m using spring security 3.0.0. I try make change for messages_pt_BR and still the same (message default). I?m setting the code <bean id=… in applicationContext-security.xml in folder WebContent/WEB-INF.

virendra
12 years ago

HI can you provide a simple example for remember me check box in spring login i need it to for my application

Kalyana
12 years ago

Not sure what the problem is. I downloaded this code and tried as it is by adding required jar files. But still, I’m not getting custom error message 🙁

Kalyana
12 years ago
Reply to  Kalyana

My bad!! Looks like I did’nt have the mymessages.properties in the class path. I ensured that now, by giving the path as resources/mymessages for my project structure and it is working fine now. Thank you very much!!

habou
12 years ago

but can we custom the error authentication messages :

Locked Account
Dis-activated Account

Sourav Nandan
9 years ago

Hi,

In my project i placed my properties file under src/main/java/messages_en_US.properties,now on my spring-servlet.xml file am trying to load that file by bellow code:

Am able to access my properties file in jsp by spring tag like below:

But the problem is that am not able to access my custom messages from spring security error this:

IN Properties file:

ConcurrentSessionControllerImpl.exceededAllowed:mamimum user
In JSP:

testtest
5 years ago
Reply to  Sourav Nandan

testtest