Spring Security
  1. Spring Security
  2. SEC-1069

Localization is done too soon in the request chain

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Won't Fix
    • Affects Version/s: 2.0.4
    • Fix Version/s: 3.0.0 M1
    • Component/s: None
    • Labels:
      None
    • Environment:
      SpringSecurity used as a servlet filter
      SpringMVC with the LocaleChangeInterceptor

      Description

      SpringSecurity assumes that the Locale present in the LocaleContextHolder is the prefered locale.

      This is often not the case as the SpringSecurity filter is in general defined before let's say the spring mvc controller interceptors.
      Actually, one of these interceptor, the LocaleChangeInterceptor sets the prefered locale for the current request.

      Since this locale change occurs after SpringSecurity, SpringSecurity cannot take it into account when it resolves an error message such
      as an invalid login or password.
      As a result, the message displayed to the end use is not in the prefered locale.

      Therefore, I think Spring Security should somehow also provide the message key (in the exception thrown ?) and let the view (ie jsp page)
      resolve the message using the prefered locale.

        Issue Links

          Activity

          Hide
          Luke Taylor added a comment -

          See SEC-499.

          Show
          Luke Taylor added a comment - See SEC-499 .

            People

            • Assignee:
              Luke Taylor
              Reporter:
              Nicolas Romanetti
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: