I have a problem with Spring Security 3 and probably with i18n. I use Velocity for my view templates and I have the following code in one of them:
#if($SPRING_SECURITY_LAST_EXCEPTION)
<div class="error"><p>#springMessage($SPRING_SECURITY_LAST_EXCEPTION.message)</p></div>
#end
When user tried to login and he passed bad credentials for example, there should be error message shown on the page. The problem is that application try to resolve message in locale 'pl' and I receive the following exception:
org.springframework.context.NoSuchMessageException: No message found under code 'Bad credentials' for locale 'pl'.
In my configuration files I don't have any informations about i18n because I just don't need it.
I noticed that information about 'pl' locale can be retrieved from request (header Accept-Language: pl,en-us;q=0.7,en;q=0.3).
How to ignore this and serve pages only in defult language?
If you don't want i18n, don't use #springMessage. $SPRING_SECURITY_LAST_EXCEPTION.message is a message itself, not message code, thus you need to output it as is (though I'm not sure about HTML escape in Velocity):
#if($SPRING_SECURITY_LAST_EXCEPTION)
<div class="error"><p>${SPRING_SECURITY_LAST_EXCEPTION.message}</p></div>
#end
I've had fun with il8n in the past. What I do is to force spring to only use the default language, I've done this by using a FixedLocaleResolver in the config files. Change the value to which ever locale you want to have as default.
<bean id="localeResolver" class="org.springframework.web.servlet.i18n.FixedLocaleResolver">
<property name="defaultLocale" value="en_US" />
</bean>
Related
<spring:message code="someMessageCode" />
This works with the user locale (browser locale). I have a need to force locale on a particular message. I can handle this with a scriplet but I was wondering if there is a way we can tell Spring to use a specific locale for a particular messsage.
I don't think it is possible with spring messages macro, but you can create a MessageSourceAccessor and use it.
Ex:
MessageSourceAccessor messageResolver = new MessageSourceAccessor(messageSource, locale);
Pass it to freemarker, then in freemarker
${messageResolver.getMessage("someMessageCode")}
I have the following key/message in a properties file:
kadjoukor.registration.form.successMessage=You've been successfully registered. An email has been sent to <b>{0}</b>. Please activate your registration by consulting your email.
In my template, I try to display it as follows in a Thymeleaf template:
<div id="alert-success" th:if="${#bools.isTrue(member)}" class="alert alert-success" th:utext="#{kadjoukor.registration.form.successMessage(${member.email})}"></div>
All I get is:
Youve been successfully registered. An email has been sent to {0}. Please activate your registration by consulting your email.
Notice the argument has not been replaced by its value i.e. I get this: {0}. Also notice the apostrophe has been removed by Spring...
EDIT:
Here is how I've configured the message source:
<bean class="org.springframework.context.support.ResourceBundleMessageSource" id="messageSource">
<property name="basenames" value="/META-INF/i18n/application,/META-INF/i18n/messages" />
</bean>
In order to prevent this problem, the apostrophe has to be escaped by another apostrophe.
See: Why Spring MessageSource arguments are not filled correctly in some locales?
However, note that this only occurs when there's one or several arguments in the message.
I am building an application using spring mvc and jpa using jboss7 and mysql in eclipse ide. I am having a strange problem. All my jsp pages are encoded with charset: utf8, which I think is working correctly. But whenever I try to post a data from the jsp to the controller, my data gets encoded with a different encoding style. I tried to look for the header using firebug and was astonished to see that the post request has a header with content-type : "text/plain;charset=ISO-8859-1". I have already configured the SetCharacterEncodingFilter for UTF-8 in my web.xml (it is the first filter). But still the problem exists.
I also set "org.apache.catalina.connector.URI_ENCODING" to value="UTF-8".But in vain .
Also I have added bean messageSource with property defaultEncoding set to "UTF-8".
<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource" >
The problem still exists. Please help
Thanks in advance.
The request header is set by the browser, so your application can't control it. Usually, in your HTML form you could put an accept-charset=utf-8 attribute to specify the encoding, but that doesn't necessarily work. See this question Setting the character encoding in form submit for Internet Explorer.
you should need to set the encoding of the JVM like follow :
-Dfile.encoding=UTF-8 -Dfile.io.encoding=UTF-8 -DjavaEncoding=UTF-8
thus there wont be any doubt at all.
We are using Spring Security for managing authentication. The issue we are seeing is that when a user's session is timed out between bringing up a GET form and hitting the save button that does a POST, they are sent to the login page but spring is saving the original post information in the session.
Our app does not bring them back to the original URL after login, but instead sends them back to a common starting page. This works fine, but when the user happens to return to the page they had originally tried to POST to (the form GET and POST are the same URLs) Spring tries to resubmit the POST automatically which is not what we want.
Is there a way to completely disable the SavedRequest storing logic in Spring?
I guess this jira issue of spring security describes your problem and how to handle this.
Based on Nathan's comment on Raghuram's answer, with namespaced XML it's something like this:
<security:http>
<security:request-cache ref="nullRequestCache" />
<!-- ... -->
</security:http>
<bean id="nullRequestCache" class="org.springframework.security.web.savedrequest.NullRequestCache" />
There are two scenarios:
1) If you want that after relogin, user should always get forwarded to the default target URL instead of the orginal requested URL then put always-use-default-target="true" in your security.xml like
<http auto-config="true">
.....
<form-login login-page="/login" always-use-default-target="true" default-target-url="/xyz"
authentication-failure-url="/login?error=true" login-processing-url="/j_security_check"/>
</http>
1) If you want that on session timeout after relogin, user should forward to the orginal requested URL but you do not want to resubmit the form then put session-fixation-protection="newSession" in your security.xml like
<http auto-config="true">
<session-management session-fixation-protection="newSession"/>
.....
</http>
Please put session-management tag as first line in http configuration.
It looks like the session-fixation-protection="newSession" attribute on (2.0) or (3.0) will also resolve the issue
With Spring 4.2.5 I ran into this too.
My case was almost identical: display GET form, wait for session timeout, then POST the form. In my app after re-authentication a start page is displayed. However, if the user then navigates to this GET form, and POSTs it, then the previous POST parameters are remembered and concatenated to the current request, resulting in comma separated values in the #RequestParam variables.
I dumped the session in my authentication controller and indeed I saw a "SPRING_SECURITY_SAVED_REQUEST" named key.
The spring documentation says that by default a "SavedRequestAwareAuthenticationSuccessHandler" is used for retrieving the saved request data from the session and apply it to the request.
I tried to use a do-nothing successHandler but couldn't make it work.
I also tried applying
http.sessionManagement().sessionFixation().newSession();
to the security config but that didn't help.
However
http.requestCache().requestCache(new NullRequestCache());
solved the issue.
I am trying to access a resource bundle using Spring framework (WebFlow). A messages.properties file and accordingly messages_ar_AE.properties file are kept in the classpath from where the Spring Framework access the resource bundle.
The code in invoked from a xhtml file using the JSTL resourceBundle attribute.
<myCustom:includedInSetValidator set="5.0, 5.0.1, 5.1"
validationMessage="#{resourceBundle['jboss.version.error']}" />
But irrespective of locale, the "#{resourceBundle['jboss.version.error']}" always fetches the default text, i.e; from English;
As I learned from some forums I got an hint that I need to handle this using LocaleChangeInterceptor or some other predefined classes. Once the Spring Locale is set, the proper resource bundle will be loaded by default, and hence solving my problem.
I need a way to change the Spring Framework Locale programatically to set the Locale. How do I achieve this programatically ?
Thanks.
Reached the solution for the problem.
Continuing from my question, when Spring Framework encounters a JSTL expression like "#{resourceBundle['jboss.version.error']}" by default it looks for message.properties file in the classpath, unless a resource bundle is defined explicitly.
When trying to fetch the proper resource bundle, the framework looks at the at the locale it is set to. As the locale of Spring Framework was not set in my case, it was not fetching me the expected resource bundle. Out of available options i chose Spring LocaleResolver
I modified existing JSF Custom ViewHandler in my application, where I added code to set the locale of Spring Framework.
public Locale calculateLocale(FacesContext arg0) {
HttpServletRequest request = (HttpServletRequest)arg0.getExternalContext().getRequest();
HttpServletResponse response = (HttpServletResponse)arg0.getExternalContext().getResponse();
LocaleResolver localeResolver = RequestContextUtils.getLocaleResolver(request);
localeResolver.setLocale(request, response, **setYourLocaleHere**);
}
The story just doesn't end here, setting the locale in locale resolver this way would throw the error:
Cannot change HTTP accept header – use a different locale resolution strategy
Refer Cannot change HTTP accept header error
To overcome this, one should include
<bean id="localeResolver"
class="org.springframework.web.servlet.i18n.SessionLocaleResolver">
<property name="defaultLocale" value="en" />
</bean>
in the Spring configuration file.
And now the desired locale of the Spring Framework is set.
There could possibly a better solution than what I did. One can also suggest their solutions if any.
Thanks.
You could do this multiple ways as outlined here in the doc.