SEC-1069: Localization is done too soon in the request chain #1320

spring-issuemaster opened this Issue Dec 29, 2008 · 2 comments


None yet

1 participant


Nicolas Romanetti (Migrated from SEC-1069) said:

SpringSecurity assumes that the Locale present in the LocaleContextHolder is the prefered locale.

This is often not the case as the SpringSecurity filter is in general defined before let’s say the spring mvc controller interceptors.
Actually, one of these interceptor, the LocaleChangeInterceptor sets the prefered locale for the current request.

Since this locale change occurs after SpringSecurity, SpringSecurity cannot take it into account when it resolves an error message such
as an invalid login or password.
As a result, the message displayed to the end use is not in the prefered locale.

Therefore, I think Spring Security should somehow also provide the message key (in the exception thrown ?) and let the view (ie jsp page)
resolve the message using the prefered locale.


Luke Taylor said:

See SEC-499.

@spring-issuemaster spring-issuemaster added this to the 3.0.0 M1 milestone Feb 5, 2016

This issue duplicates #761

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment