Spring Security国际化

Spring Security版本:2.0.5

取出Spring Security的异常信息
${sessionScope['SPRING_SECURITY_LAST_EXCEPTION'].message}

异常信息已经经过国际化处理,所以只要直接取出异常的message属性即可。
如在org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(Authentication)中:
...
            try {
                user = retrieveUser(username,(UsernamePasswordAuthenticationToken) authentication);
            } catch (UsernameNotFoundException notFound) {
                if (hideUserNotFoundExceptions) {
                    throw new BadCredentialsException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
                } else {
                    throw notFound;
                }
            }
...


messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials")


org.springframework.context.support.MessageSourceAccessor
	protected Locale getDefaultLocale() {
		return (this.defaultLocale != null ? this.defaultLocale : LocaleContextHolder.getLocale());
	}

	public String getMessage(String code, String defaultMessage) {
		return this.messageSource.getMessage(code, null, defaultMessage, getDefaultLocale());
	}


org.springframework.context.i18n.LocaleContextHolder
	public static Locale getLocale() {
		LocaleContext localeContext = getLocaleContext();
		return (localeContext != null ? localeContext.getLocale() : Locale.getDefault());
	}

	public static LocaleContext getLocaleContext() {
		LocaleContext localeContext = (LocaleContext) localeContextHolder.get();
		if (localeContext == null) {
			localeContext = (LocaleContext) inheritableLocaleContextHolder.get();
		}
		return localeContext;
	}


可知保存Local信息的localeContext是从线程变量localeContextHolder中取出来的,从而可以知道必须先在localeContextHolder中设置好localeContext,国际化才能正确工作。

Spring框架中有一个过滤器是负责这个工作的,它就是org.springframework.web.filter.RequestContextFilter。

在web.xml中定义RequestContextFilter,注意要定义在springSecurityFilterChain前面才能正确工作。

	<filter>
	    <filter-name>localizationFilter</filter-name>
	    <filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
	</filter>
	
	<filter-mapping>
	    <filter-name>localizationFilter</filter-name>
	    <url-pattern>/*</url-pattern>
	</filter-mapping>


/**
 * Servlet 2.3 Filter that exposes the request to the current thread,
 * through both {@link org.springframework.context.i18n.LocaleContextHolder} and
 * {@link RequestContextHolder}. To be registered as filter in <code>web.xml</code>.
 *
 * <p>Alternatively, Spring's {@link org.springframework.web.context.request.RequestContextListener}
 * and Spring's {@link org.springframework.web.servlet.DispatcherServlet} also expose
 * the same request context to the current thread.
 *
 * <p>This filter is mainly for use with third-party servlets, e.g. the JSF FacesServlet.
 * Within Spring's own web support, DispatcherServlet's processing is perfectly sufficient.
 *
 * @author Juergen Hoeller
 * @author Rod Johnson
 * @since 2.0
 * @see org.springframework.context.i18n.LocaleContextHolder
 * @see org.springframework.web.context.request.RequestContextHolder
 * @see org.springframework.web.context.request.RequestContextListener
 * @see org.springframework.web.servlet.DispatcherServlet
 */

由RequestContextFilter的注释可知它主要用于third-party servlets,Spring MVC正常是不需要使用的,由此可知Spring Security与Spring MVC配合得不太完美。

参考链接:
http://stackoverflow.com/questions/6572377/spring-security-with-acceptheaderlocaleresolver-and-i18n

你可能感兴趣的:(Spring Security)