org.springframework.security.web.authentication

Class SimpleUrlAuthenticationFailureHandler

java.lang.Object

org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler

All Implemented Interfaces:

AuthenticationFailureHandler

Direct Known Subclasses:

ExceptionMappingAuthenticationFailureHandler

public class SimpleUrlAuthenticationFailureHandler
extends java.lang.Object
implements AuthenticationFailureHandler

AuthenticationFailureHandler which performs a redirect to the value of the defaultFailureUrl property when the onAuthenticationFailure method is called. If the property has not been set it will send a 401 response to the client, with the error message from the AuthenticationException which caused the failure.

If the useForward property is set, a RequestDispatcher.forward call will be made to the destination instead of a redirect.

Since:

3.0

Field Summary

Fields

Modifier and Type	Field and Description
protected org.apache.commons.logging.Log	logger

Constructor Summary

Constructors

Constructor and Description
SimpleUrlAuthenticationFailureHandler()
SimpleUrlAuthenticationFailureHandler(java.lang.String defaultFailureUrl)

Method Summary

Modifier and Type	Method and Description
protected RedirectStrategy	getRedirectStrategy()
protected boolean	isAllowSessionCreation()
protected boolean	isUseForward()
void	onAuthenticationFailure(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationException exception) Performs the redirect or forward to the defaultFailureUrl if set, otherwise returns a 401 error code.
protected void	saveException(javax.servlet.http.HttpServletRequest request, AuthenticationException exception) Caches the AuthenticationException for use in view rendering.
void	setAllowSessionCreation(boolean allowSessionCreation)
void	setDefaultFailureUrl(java.lang.String defaultFailureUrl) The URL which will be used as the failure destination.
void	setRedirectStrategy(RedirectStrategy redirectStrategy) Allows overriding of the behaviour when redirecting to a target URL.
void	setUseForward(boolean forwardToDestination) If set to true, performs a forward to the failure destination URL instead of a redirect.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected final org.apache.commons.logging.Log logger

Constructor Detail

SimpleUrlAuthenticationFailureHandler

public SimpleUrlAuthenticationFailureHandler()

SimpleUrlAuthenticationFailureHandler

public SimpleUrlAuthenticationFailureHandler(java.lang.String defaultFailureUrl)

Method Detail

onAuthenticationFailure

public void onAuthenticationFailure(javax.servlet.http.HttpServletRequest request,
                                    javax.servlet.http.HttpServletResponse response,
                                    AuthenticationException exception)
                             throws java.io.IOException,
                                    javax.servlet.ServletException

Performs the redirect or forward to the defaultFailureUrl if set, otherwise returns a 401 error code.

If redirecting or forwarding, saveException will be called to cache the exception for use in the target view.

Specified by:

onAuthenticationFailure in interface AuthenticationFailureHandler

Parameters:

request - the request during which the authentication attempt occurred.

response - the response.

exception - the exception which was thrown to reject the authentication request.

Throws:

java.io.IOException

javax.servlet.ServletException

saveException

protected final void saveException(javax.servlet.http.HttpServletRequest request,
                                   AuthenticationException exception)

Caches the AuthenticationException for use in view rendering.

If forwardToDestination is set to true, request scope will be used, otherwise it will attempt to store the exception in the session. If there is no session and allowSessionCreation is true a session will be created. Otherwise the exception will not be stored.

setDefaultFailureUrl

public void setDefaultFailureUrl(java.lang.String defaultFailureUrl)

The URL which will be used as the failure destination.

Parameters:

defaultFailureUrl - the failure URL, for example "/loginFailed.jsp".

isUseForward

protected boolean isUseForward()

setUseForward

public void setUseForward(boolean forwardToDestination)

If set to true, performs a forward to the failure destination URL instead of a redirect. Defaults to false.

setRedirectStrategy

public void setRedirectStrategy(RedirectStrategy redirectStrategy)

Allows overriding of the behaviour when redirecting to a target URL.

getRedirectStrategy

protected RedirectStrategy getRedirectStrategy()

isAllowSessionCreation

protected boolean isAllowSessionCreation()

setAllowSessionCreation

public void setAllowSessionCreation(boolean allowSessionCreation)