Package org.springframework.security.web.authentication

Class SimpleUrlAuthenticationFailureHandler

java.lang.Object
org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
All Implemented Interfaces:
AuthenticationFailureHandler
Direct Known Subclasses:
ExceptionMappingAuthenticationFailureHandler
public class SimpleUrlAuthenticationFailureHandler extends Object implements AuthenticationFailureHandler
AuthenticationFailureHandler which performs a redirect to the value of the defaultFailureUrl property when the onAuthenticationFailure method is called. If the property has not been set it will send a 401 response to the client, with the error message from the AuthenticationException which caused the failure.

If the useForward property is set, a RequestDispatcher.forward call will be made to the destination instead of a redirect.

Since:
3.0

  • Field Details

    • logger

      protected final org.apache.commons.logging.Log logger

  • Constructor Details

    • SimpleUrlAuthenticationFailureHandler

      public SimpleUrlAuthenticationFailureHandler()

    • SimpleUrlAuthenticationFailureHandler

      public SimpleUrlAuthenticationFailureHandler(String defaultFailureUrl)

  • Method Details

    • onAuthenticationFailure

      public void onAuthenticationFailure(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, AuthenticationException exception) throws IOException, jakarta.servlet.ServletException
      Performs the redirect or forward to the defaultFailureUrl if set, otherwise returns a 401 error code.

      If redirecting or forwarding, saveException will be called to cache the exception for use in the target view.

      Specified by:
      onAuthenticationFailure in interface AuthenticationFailureHandler
      Parameters:
      request - the request during which the authentication attempt occurred.
      response - the response.
      exception - the exception which was thrown to reject the authentication request.
      Throws:
      IOException
      jakarta.servlet.ServletException

    • saveException

      protected final void saveException(jakarta.servlet.http.HttpServletRequest request, AuthenticationException exception)
      Caches the AuthenticationException for use in view rendering.

      If forwardToDestination is set to true, request scope will be used, otherwise it will attempt to store the exception in the session. If there is no session and allowSessionCreation is true a session will be created. Otherwise the exception will not be stored.

    • setDefaultFailureUrl

      public void setDefaultFailureUrl(String defaultFailureUrl)
      The URL which will be used as the failure destination.
      Parameters:
      defaultFailureUrl - the failure URL, for example "/loginFailed.jsp".

    • isUseForward

      protected boolean isUseForward()

    • setUseForward

      public void setUseForward(boolean forwardToDestination)
      If set to true, performs a forward to the failure destination URL instead of a redirect. Defaults to false.

    • setRedirectStrategy

      public void setRedirectStrategy(RedirectStrategy redirectStrategy)
      Allows overriding of the behaviour when redirecting to a target URL.

    • getRedirectStrategy

      protected RedirectStrategy getRedirectStrategy()

    • isAllowSessionCreation

      protected boolean isAllowSessionCreation()

    • setAllowSessionCreation

      public void setAllowSessionCreation(boolean allowSessionCreation)