public class ExceptionTranslationFilter
extends org.springframework.web.filter.GenericFilterBean
AccessDeniedException
and AuthenticationException
thrown within the filter chain.
This filter is necessary because it provides the bridge between Java exceptions and HTTP responses. It is solely concerned with maintaining the user interface. This filter does not do any actual security enforcement.
If an AuthenticationException
is detected, the filter will launch the
authenticationEntryPoint
. This allows common handling of authentication
failures originating from any subclass of
AbstractSecurityInterceptor
.
If an AccessDeniedException
is detected, the filter will determine whether or
not the user is an anonymous user. If they are an anonymous user, the
authenticationEntryPoint
will be launched. If they are not an anonymous
user, the filter will delegate to the
AccessDeniedHandler
. By default the
filter will use AccessDeniedHandlerImpl
.
To use this filter, it is necessary to specify the following properties:
authenticationEntryPoint
indicates the handler that should commence
the authentication process if an AuthenticationException
is detected. Note
that this may also switch the current protocol from http to https for an SSL login.HttpSessionRequestCache
.Constructor and Description |
---|
ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint) |
ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint,
RequestCache requestCache) |
Modifier and Type | Method and Description |
---|---|
void |
afterPropertiesSet() |
void |
doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain) |
AuthenticationEntryPoint |
getAuthenticationEntryPoint() |
protected AuthenticationTrustResolver |
getAuthenticationTrustResolver() |
protected void |
sendStartAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain chain,
AuthenticationException reason) |
void |
setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) |
void |
setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) |
void |
setThrowableAnalyzer(ThrowableAnalyzer throwableAnalyzer) |
public ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint)
public ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint, RequestCache requestCache)
public void afterPropertiesSet()
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
afterPropertiesSet
in class org.springframework.web.filter.GenericFilterBean
public void doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
java.io.IOException
javax.servlet.ServletException
public AuthenticationEntryPoint getAuthenticationEntryPoint()
protected AuthenticationTrustResolver getAuthenticationTrustResolver()
protected void sendStartAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain, AuthenticationException reason) throws javax.servlet.ServletException, java.io.IOException
javax.servlet.ServletException
java.io.IOException
public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler)
public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver)
public void setThrowableAnalyzer(ThrowableAnalyzer throwableAnalyzer)