Package org.springframework.security.web.authentication

Class LoginUrlAuthenticationEntryPoint

java.lang.Object
org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean, AuthenticationEntryPoint
public class LoginUrlAuthenticationEntryPoint extends Object implements AuthenticationEntryPoint, org.springframework.beans.factory.InitializingBean
Used by the ExceptionTranslationFilter to commence a form login authentication via the UsernamePasswordAuthenticationFilter.

Holds the location of the login form in the loginFormUrl property, and uses that to build a redirect URL to the login page. Alternatively, an absolute URL can be set in this property and that will be used exclusively.

When using a relative URL, you can set the forceHttps property to true, to force the protocol used for the login form to be HTTPS, even if the original intercepted request for a resource used the HTTP protocol. When this happens, after a successful login (via HTTPS), the original resource will still be accessed as HTTP, via the original request URL. For the forced HTTPS feature to work, the PortMapper is consulted to determine the HTTP:HTTPS pairs. The value of forceHttps will have no effect if an absolute URL is used.

Since:
3.0

  • Constructor Details

    • LoginUrlAuthenticationEntryPoint

      public LoginUrlAuthenticationEntryPoint(String loginFormUrl)
      Parameters:
      loginFormUrl - URL where the login page can be found. Should either be relative to the web-app context path (include a leading /) or an absolute URL.

  • Method Details

    • afterPropertiesSet

      public void afterPropertiesSet()
      Specified by:
      afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

    • determineUrlToUseForThisRequest

      protected String determineUrlToUseForThisRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, AuthenticationException exception)
      Allows subclasses to modify the login form URL that should be applicable for a given request.
      Parameters:
      request - the request
      response - the response
      exception - the exception
      Returns:
      the URL (cannot be null or empty; defaults to getLoginFormUrl())

    • commence

      public void commence(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, AuthenticationException authException) throws IOException, jakarta.servlet.ServletException
      Performs the redirect (or forward) to the login form URL.
      Specified by:
      commence in interface AuthenticationEntryPoint
      Parameters:
      request - that resulted in an AuthenticationException
      response - so that the user agent can begin authentication
      authException - that caused the invocation
      Throws:
      IOException
      jakarta.servlet.ServletException

    • buildRedirectUrlToLoginPage

      protected String buildRedirectUrlToLoginPage(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, AuthenticationException authException)

    • buildHttpsRedirectUrlForRequest

      protected @Nullable String buildHttpsRedirectUrlForRequest(jakarta.servlet.http.HttpServletRequest request) throws IOException, jakarta.servlet.ServletException
      Builds a URL to redirect the supplied request to HTTPS. Used to redirect the current request to HTTPS, before doing a forward to the login page.
      Throws:
      IOException
      jakarta.servlet.ServletException

    • getServerPort

      public int getServerPort(jakarta.servlet.ServletRequest request)

    • setForceHttps

      public void setForceHttps(boolean forceHttps)
      Set to true to force login form access to be via https. If this value is true (the default is false), and the incoming request for the protected resource which triggered the interceptor was not already https, then the client will first be redirected to an https URL, even if serverSideRedirect is set to true.

    • isForceHttps

      protected boolean isForceHttps()

    • getLoginFormUrl

      public String getLoginFormUrl()

    • setPortMapper

      public void setPortMapper(PortMapper portMapper)

    • getPortMapper

      protected PortMapper getPortMapper()

    • setUseForward

      public void setUseForward(boolean useForward)
      Tells if we are to do a forward to the loginFormUrl using the RequestDispatcher, instead of a 302 redirect.
      Parameters:
      useForward - true if a forward to the login page should be used. Must be false (the default) if loginFormUrl is set to an absolute value.

    • isUseForward

      protected boolean isUseForward()

    • setFavorRelativeUris

      public void setFavorRelativeUris(boolean favorRelativeUris)
      Favor using relative URIs when formulating a redirect.

      Note that a relative redirect is not always possible. For example, when redirecting from http to https, the URL needs to be absolute.

      Parameters:
      favorRelativeUris - whether to favor relative URIs or not
      Since:
      6.5