org.springframework.security.web.access
Class ExceptionTranslationFilter

java.lang.Object
  extended by org.springframework.web.filter.GenericFilterBean
      extended by org.springframework.security.web.access.ExceptionTranslationFilter
All Implemented Interfaces:
Filter, BeanNameAware, DisposableBean, InitializingBean, ServletContextAware

public class ExceptionTranslationFilter
extends GenericFilterBean

Handles any AccessDeniedException and AuthenticationException thrown within the filter chain.

This filter is necessary because it provides the bridge between Java exceptions and HTTP responses. It is solely concerned with maintaining the user interface. This filter does not do any actual security enforcement.

If an AuthenticationException is detected, the filter will launch the authenticationEntryPoint. This allows common handling of authentication failures originating from any subclass of AbstractSecurityInterceptor.

If an AccessDeniedException is detected, the filter will determine whether or not the user is an anonymous user. If they are an anonymous user, the authenticationEntryPoint will be launched. If they are not an anonymous user, the filter will delegate to the AccessDeniedHandler. By default the filter will use AccessDeniedHandlerImpl.

To use this filter, it is necessary to specify the following properties:

Version:
$Id: ExceptionTranslationFilter.java 3813 2009-08-10 14:18:18Z ltaylor $
Author:
Ben Alex, colin sampaleanu

Field Summary
 
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
 
Constructor Summary
ExceptionTranslationFilter()
           
 
Method Summary
 void afterPropertiesSet()
           
 void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
           
 AuthenticationEntryPoint getAuthenticationEntryPoint()
           
protected  AuthenticationTrustResolver getAuthenticationTrustResolver()
           
protected  void sendStartAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, AuthenticationException reason)
           
 void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler)
           
 void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
           
 void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver)
           
 void setRequestCache(RequestCache requestCache)
          The RequestCache implementation used to store the current request before starting authentication.
 void setThrowableAnalyzer(ThrowableAnalyzer throwableAnalyzer)
           
 
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setServletContext
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ExceptionTranslationFilter

public ExceptionTranslationFilter()
Method Detail

afterPropertiesSet

public void afterPropertiesSet()
Specified by:
afterPropertiesSet in interface InitializingBean
Overrides:
afterPropertiesSet in class GenericFilterBean

doFilter

public void doFilter(ServletRequest req,
                     ServletResponse res,
                     FilterChain chain)
              throws IOException,
                     ServletException
Throws:
IOException
ServletException

getAuthenticationEntryPoint

public AuthenticationEntryPoint getAuthenticationEntryPoint()

getAuthenticationTrustResolver

protected AuthenticationTrustResolver getAuthenticationTrustResolver()

sendStartAuthentication

protected void sendStartAuthentication(HttpServletRequest request,
                                       HttpServletResponse response,
                                       FilterChain chain,
                                       AuthenticationException reason)
                                throws ServletException,
                                       IOException
Throws:
ServletException
IOException

setAccessDeniedHandler

public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler)

setAuthenticationEntryPoint

public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)

setAuthenticationTrustResolver

public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver)

setThrowableAnalyzer

public void setThrowableAnalyzer(ThrowableAnalyzer throwableAnalyzer)

setRequestCache

public void setRequestCache(RequestCache requestCache)
The RequestCache implementation used to store the current request before starting authentication. Defaults to an HttpSessionRequestCache.



Copyright © 2004-2009 SpringSource, Inc. All Rights Reserved.