Class ExceptionTranslationFilter
- java.lang.Object
-
- org.springframework.web.filter.GenericFilterBean
-
- org.springframework.security.web.access.ExceptionTranslationFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.context.MessageSourceAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public class ExceptionTranslationFilter extends org.springframework.web.filter.GenericFilterBean implements org.springframework.context.MessageSourceAware
Handles anyAccessDeniedException
andAuthenticationException
thrown within the filter chain.This filter is necessary because it provides the bridge between Java exceptions and HTTP responses. It is solely concerned with maintaining the user interface. This filter does not do any actual security enforcement.
If an
AuthenticationException
is detected, the filter will launch theauthenticationEntryPoint
. This allows common handling of authentication failures originating from any subclass ofAbstractSecurityInterceptor
.If an
AccessDeniedException
is detected, the filter will determine whether or not the user is an anonymous user. If they are an anonymous user, theauthenticationEntryPoint
will be launched. If they are not an anonymous user, the filter will delegate to theAccessDeniedHandler
. By default the filter will useAccessDeniedHandlerImpl
.To use this filter, it is necessary to specify the following properties:
authenticationEntryPoint
indicates the handler that should commence the authentication process if anAuthenticationException
is detected. Note that this may also switch the current protocol from http to https for an SSL login.- requestCache determines the strategy used to save a request during the
authentication process in order that it may be retrieved and reused once the user has
authenticated. The default implementation is
HttpSessionRequestCache
.
-
-
Field Summary
Fields Modifier and Type Field Description protected org.springframework.context.support.MessageSourceAccessor
messages
-
Constructor Summary
Constructors Constructor Description ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint)
ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint, RequestCache requestCache)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
afterPropertiesSet()
void
doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
AuthenticationEntryPoint
getAuthenticationEntryPoint()
protected AuthenticationTrustResolver
getAuthenticationTrustResolver()
protected void
sendStartAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain, AuthenticationException reason)
void
setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler)
void
setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver)
void
setMessageSource(org.springframework.context.MessageSource messageSource)
void
setThrowableAnalyzer(ThrowableAnalyzer throwableAnalyzer)
-
-
-
Constructor Detail
-
ExceptionTranslationFilter
public ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint)
-
ExceptionTranslationFilter
public ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint, RequestCache requestCache)
-
-
Method Detail
-
afterPropertiesSet
public void afterPropertiesSet()
- Specified by:
afterPropertiesSet
in interfaceorg.springframework.beans.factory.InitializingBean
- Overrides:
afterPropertiesSet
in classorg.springframework.web.filter.GenericFilterBean
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
- Specified by:
doFilter
in interfacejavax.servlet.Filter
- Throws:
java.io.IOException
javax.servlet.ServletException
-
getAuthenticationEntryPoint
public AuthenticationEntryPoint getAuthenticationEntryPoint()
-
getAuthenticationTrustResolver
protected AuthenticationTrustResolver getAuthenticationTrustResolver()
-
sendStartAuthentication
protected void sendStartAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain, AuthenticationException reason) throws javax.servlet.ServletException, java.io.IOException
- Throws:
javax.servlet.ServletException
java.io.IOException
-
setAccessDeniedHandler
public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler)
-
setAuthenticationTrustResolver
public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver)
-
setThrowableAnalyzer
public void setThrowableAnalyzer(ThrowableAnalyzer throwableAnalyzer)
-
setMessageSource
public void setMessageSource(org.springframework.context.MessageSource messageSource)
- Specified by:
setMessageSource
in interfaceorg.springframework.context.MessageSourceAware
- Since:
- 5.5
-
-