I'm using Spring 3.0. I have this in my securityContext.xml file ...
Then on my login.jsp page, I have this login for displaying an error when login fails ...
However, this seems a little dopey, and I was wondering if there is a more elegant way to get the error message to display. Right now, someone could (for whatever odd reason), add the "?fail" string to the page and get the login error to come up.
Mark Spritzler wrote:Looks like a good message to me. Why would you care if someone puts that in the URL and makes the error message display. It isn't like it gives them some secret way into your site.
I want to validate the form in spring security (displaying not empty, size related errors in login.jsp which we achieve it by @valid in spring MVC).
Can any of you please guide me how to achieve this?
Here I am using j_username and j_password spring security property in login.jsp.
Thanks in advance,
subject: A better way to display a login failure message