I am working on a Spring security project where if User inserts wrong userId - password, webpage will update with "Invalid Login Attempt" message.
I am sending redirect on AuthenticationFailureHandler.onAuthenticationFailure
code snippet for onAuthenticationFailure() implementation.
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
//some logic
response.sendRedirect(String.format("%s?error", getUrl());
}
}
Resource Html page has div tag with thymeleaf dependency to identify error object and display message
<div th:if="${error}" id="loginFailedMessage" class="alert alert-danger">
Invalid login attempt.
</div>
So far this implementation works on Jboss application server and WebLogic application server - however when not for websphere. Is there a reason why WebSphere is blocking such url invocation - any configuration am I missing. I have tired different version of WebSphere 8.5.5.9 up to 8.5.5.13
ps. there are no errors in any logs ffdc or application logs.
Solution will be to use error=true in url. for some reason websphere does not allow url parameter without assigning values.
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
//some logic
response.sendRedirect(String.format("%s?error=true", getUrl());
}
}