Display error login message on custom spring boot login form

Question

I'm working on a custom spring boot login form. When user provides wrong credentials, I want my application redirect to the same page and show an error. What I tried, is to create my own failureHandler and there in onAuthenticationFailure pass a parameter to a request. Then in my login .jsp form check if this parameter exists and based on it show an error, but it doesn't work. What am I doing wrong?

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .csrf()
            .disable()
        .authorizeRequests()
            .antMatchers("/admin/**")
                .hasRole("ADMIN")
            .antMatchers("/user/**")
                .hasAnyRole("USER", "ADMIN")
            .antMatchers("/guest*")
                .permitAll()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/guest/login")
            .permitAll()
            .defaultSuccessUrl("/user/all-tasks", true)
            .failureUrl("/guest/login")
            .failureHandler(new MyAuthenticationFailureHandler())
            .and()
        .logout()
            .logoutUrl("/user/logout")
            .deleteCookies("JSESSIONID");
}

@Component
public class MyAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
        super.onAuthenticationFailure(request, response, exception);
        request.setAttribute("error", true);
    }
}

@Controller
@RequestMapping("/guest")
public class GuestController {
    @GetMapping("/login")
    public String login(){
        return "login";
    }
}

<div>
    <c:if test="${error == true}">
        <h1>DUPA</h1>
    </c:if>
</div>

Answer 1

When login fails. Spring security sends you back on the same login page with special request param something like guest/login?error or You can change this to custom by setting up .failureUrl() in security config which you are not doing.

So change it to .failureUrl("/guest/login?error")

Use this error param to identify if something went wrong using ${not empty param.error} .

I am guessing you are using JSP and the EL is by default available. You can add something like below on your login page which will give you the actual reason why it failed.

<c:if test="${not empty param.error}">
            <p style="color:red">
                Your login attempt was not
                successful, try again.<br /> Reason: <c:out
                    value="${SPRING_SECURITY_LAST_EXCEPTION.message}" />.
            </p>
        </c:if>

Where SPRING_SECURITY_LAST_EXCEPTION param is available in user's session scope added by spring security with actual cause.