spring security which class to override to get the wrong password

In spring security 3.0.5.RELEASE, which class and method can I override to catch the BadCredentialsException for wrong password. Here is a snippet of my security.xml

<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
    <beans:property name="hideUserNotFoundExceptions" value="true" />
    开发者_开发百科<beans:property name="userDetailsService" ref="userDao"/>
    <beans:property name="passwordEncoder" ref="passwordEncoder"/>
</beans:bean>

<security:authentication-manager>
    <security:authentication-provider ref='daoAuthenticationProvider'/>
</security:authentication-manager>

Subclass SimpleUrlAuthenticationFailureHandler and override onAuthenticationFailure(). It gets an exception passed to it. exception.getAuthentication().getCredentials() will return the password that was tried.

Configure your AuthenticationFailureHandler in the form-login element:

<form-login authentication-failure-handler-ref="authenticationFailureHandler" />