Fix Compromised Password Checker Docs Sample Not Working
marcusdacoregio opened this issue · comments
Marcus Hert Da Coregio commented
The current documentation uses a @ControllerAdvice
to handle the CompromisedPasswordException
and redirect the user to the /reset-password
page:
@ControllerAdvice
public class MyControllerAdvice {
@ExceptionHandler(CompromisedPasswordException.class)
public String handleCompromisedPasswordException(CompromisedPasswordException ex, RedirectAttributes attributes) {
attributes.addFlashAttribute("error", ex.message);
return "redirect:/reset-password";
}
}
The Controller Advice won't work for handling compromised passwords when the check is done by Spring Security because the Filter happens before the advice can be applied. Instead, a failureHandler
should be used in the formLogin
DSL.