eugenp · maibin · Jul 18, 2018 · Jun 26, 2018 · Jul 13, 2018 · Jul 14, 2018
diff --git a/...c/main/java/com/baeldung/springbootsecurity/form_login/SpringBootSecurityApplication.java b/...c/main/java/com/baeldung/springbootsecurity/form_login/SpringBootSecurityApplication.java
diff --git a/.../java/com/baeldung/springbootsecurity/form_login/configuration/SecurityConfiguration.java b/.../java/com/baeldung/springbootsecurity/form_login/configuration/SecurityConfiguration.java
diff --git a/...ty/src/test/java/com/baeldung/springbootsecurity/form_login/FormLoginIntegrationTest.java b/...ty/src/test/java/com/baeldung/springbootsecurity/form_login/FormLoginIntegrationTest.java
diff --git a/...-security/src/test/java/com/baeldung/springbootsecurity/form_login/FormLoginUnitTest.java b/...-security/src/test/java/com/baeldung/springbootsecurity/form_login/FormLoginUnitTest.java
diff --git a/...ity-mvc-login/src/main/java/org/baeldung/security/CustomAuthenticationFailureHandler.java b/...ity-mvc-login/src/main/java/org/baeldung/security/CustomAuthenticationFailureHandler.java
@@ -0,0 +1,22 @@
+package org.baeldung.security;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Calendar;
+
+public class CustomAuthenticationFailureHandler implements AuthenticationFailureHandler {
+
+    @Override
+    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
+        httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
+
+        String jsonPayload = "{\"message\" : \"%s\", \"timestamp\" : \"%s\" }";
+        httpServletResponse.getOutputStream().println(String.format(jsonPayload, e.getMessage(), Calendar.getInstance().getTime()));
+    }
+}
diff --git a/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java b/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java
@@ -1,6 +1,7 @@
 package org.baeldung.spring;
 
 import org.baeldung.security.CustomAccessDeniedHandler;
+import org.baeldung.security.CustomAuthenticationFailureHandler;
 import org.baeldung.security.CustomLogoutSuccessHandler;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -10,6 +11,7 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
 
 @Configuration
@@ -26,35 +28,36 @@ public SecSecurityConfig() {
     protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
         // @formatter:off
         auth.inMemoryAuthentication()
-        .withUser("user1").password("user1Pass").roles("USER")
-        .and()
-        .withUser("user2").password("user2Pass").roles("USER")
-        .and()
-        .withUser("admin").password("adminPass").roles("ADMIN");
+                .withUser("user1").password("user1Pass").roles("USER")
+                .and()
+                .withUser("user2").password("user2Pass").roles("USER")
+                .and()
+                .withUser("admin").password("adminPass").roles("ADMIN");
         // @formatter:on
     }
 
     @Override
     protected void configure(final HttpSecurity http) throws Exception {
         // @formatter:off
         http
-        .csrf().disable()
-        .authorizeRequests()
-        .antMatchers("/admin/**").hasRole("ADMIN")
-        .antMatchers("/anonymous*").anonymous()
-        .antMatchers("/login*").permitAll()
-        .anyRequest().authenticated()
-        .and()
-        .formLogin()
-        .loginPage("/login.html")
-        .loginProcessingUrl("/perform_login")
-        .defaultSuccessUrl("/homepage.html",true)
-        .failureUrl("/login.html?error=true")
-        .and()
-        .logout()
-        .logoutUrl("/perform_logout")
-        .deleteCookies("JSESSIONID")
-        .logoutSuccessHandler(logoutSuccessHandler());
+                .csrf().disable()
+                .authorizeRequests()
+                .antMatchers("/admin/**").hasRole("ADMIN")
+                .antMatchers("/anonymous*").anonymous()
+                .antMatchers("/login*").permitAll()
+                .anyRequest().authenticated()
+                .and()
+                .formLogin()
+                .loginPage("/login.html")
+                .loginProcessingUrl("/perform_login")
+                .defaultSuccessUrl("/homepage.html", true)
+                //.failureUrl("/login.html?error=true")
+                .failureHandler(authenticationFailureHandler())
+                .and()
+                .logout()
+                .logoutUrl("/perform_logout")
+                .deleteCookies("JSESSIONID")
+                .logoutSuccessHandler(logoutSuccessHandler());
         //.and()
         //.exceptionHandling().accessDeniedPage("/accessDenied");
         //.exceptionHandling().accessDeniedHandler(accessDeniedHandler());
@@ -71,4 +74,8 @@ public AccessDeniedHandler accessDeniedHandler() {
         return new CustomAccessDeniedHandler();
     }
 
+    @Bean
+    public AuthenticationFailureHandler authenticationFailureHandler() {
+        return new CustomAuthenticationFailureHandler();
+    }
 }
diff --git a/spring-security-mvc-login/src/main/resources/webSecurityConfig.xml b/spring-security-mvc-login/src/main/resources/webSecurityConfig.xml
@@ -15,20 +15,22 @@
 
         <csrf disabled="true"/>
 
-        <form-login login-page='/login.html' login-processing-url="/perform_login" default-target-url="/homepage.html" authentication-failure-url="/login.html?error=true"
-            always-use-default-target="true"/>
+        <form-login login-page='/login.html' login-processing-url="/perform_login" default-target-url="/homepage.html"
+            always-use-default-target="true" authentication-failure-handler-ref="authenticationFailureHandler"/>
 
         <logout logout-url="/perform_logout" delete-cookies="JSESSIONID" success-handler-ref="customLogoutSuccessHandler"/>
 
         <!-- <access-denied-handler error-page="/accessDenied"/> -->
         <access-denied-handler ref="customAccessDeniedHandler"/>
-    	
+
     </http>
 
     <beans:bean name="customLogoutSuccessHandler" class="org.baeldung.security.CustomLogoutSuccessHandler"/>
 
     <beans:bean name="customAccessDeniedHandler" class="org.baeldung.security.CustomAccessDeniedHandler" />
 
+    <beans:bean id="authenticationFailureHandler" name="customAuthenticationFaiureHandler" class="org.baeldung.security.CustomAuthenticationFailureHandler"/>
+
     <authentication-manager>
         <authentication-provider>
             <user-service>