Skip to content

Fix Compromised Password Checker Docs Sample Not Working #15305

New issue
New issue
Closed
Closed
Fix Compromised Password Checker Docs Sample Not Working#15305
Assignees
marcusdacoregio
Labels
in: docsAn issue in Documentation or samplestype: bugA general bug
Milestone
6.3.2
@marcusdacoregio

Description

@marcusdacoregio
marcusdacoregio
opened on Jun 26, 2024

The current documentation uses a @ControllerAdvice to handle the CompromisedPasswordException and redirect the user to the /reset-password page:

@ControllerAdvice
public class MyControllerAdvice {

    @ExceptionHandler(CompromisedPasswordException.class)
    public String handleCompromisedPasswordException(CompromisedPasswordException ex, RedirectAttributes attributes) {
        attributes.addFlashAttribute("error", ex.message);
        return "redirect:/reset-password";
    }

}

The Controller Advice won't work for handling compromised passwords when the check is done by Spring Security because the Filter happens before the advice can be applied. Instead, a failureHandler should be used in the formLogin DSL.

Metadata

Metadata

Assignees

Labels

in: docsAn issue in Documentation or samplestype: bugA general bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions