public class Http403ForbiddenEntryPoint extends java.lang.Object implements AuthenticationEntryPoint
In the pre-authenticated authentication case (unlike CAS, for example) the user will already have been identified through some external mechanism and a secure context established by the time the security-enforcement filter is invoked.
Therefore this class isn't actually responsible for the commencement of authentication, as it is in the case of other providers. It will be called if the user is rejected by the AbstractPreAuthenticatedProcessingFilter, resulting in a null authentication.
The commence
method will always return an
HttpServletResponse.SC_FORBIDDEN
(403 error).
ExceptionTranslationFilter
Constructor and Description |
---|
Http403ForbiddenEntryPoint() |
Modifier and Type | Method and Description |
---|---|
void |
commence(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException arg2)
Always returns a 403 error code to the client.
|
public void commence(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationException arg2) throws java.io.IOException
commence
in interface AuthenticationEntryPoint
request
- that resulted in an AuthenticationException
response
- so that the user agent can begin authenticationarg2
- that caused the invocationjava.io.IOException