Class ExceptionTranslationFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.context.MessageSourceAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
AccessDeniedException
and AuthenticationException
thrown within the filter chain.
This filter is necessary because it provides the bridge between Java exceptions and HTTP responses. It is solely concerned with maintaining the user interface. This filter does not do any actual security enforcement.
If an AuthenticationException
is detected, the filter will launch the
authenticationEntryPoint
. This allows common handling of authentication
failures originating from any subclass of
AbstractSecurityInterceptor
.
If an AccessDeniedException
is detected, the filter will determine whether or
not the user is an anonymous user. If they are an anonymous user, the
authenticationEntryPoint
will be launched. If they are not an anonymous
user, the filter will delegate to the
AccessDeniedHandler
. By default the
filter will use
AccessDeniedHandlerImpl
.
To use this filter, it is necessary to specify the following properties:
authenticationEntryPoint
indicates the handler that should commence the authentication process if anAuthenticationException
is detected. Note that this may also switch the current protocol from http to https for an SSL login.- requestCache determines the strategy used to save a request during the
authentication process in order that it may be retrieved and reused once the user has
authenticated. The default implementation is
HttpSessionRequestCache
.
-
Field Summary
Modifier and TypeFieldDescriptionprotected org.springframework.context.support.MessageSourceAccessor
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
-
Constructor Summary
ConstructorDescriptionExceptionTranslationFilter
(AuthenticationEntryPoint authenticationEntryPoint) ExceptionTranslationFilter
(AuthenticationEntryPoint authenticationEntryPoint, RequestCache requestCache) -
Method Summary
Modifier and TypeMethodDescriptionvoid
void
doFilter
(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) protected AuthenticationTrustResolver
protected void
sendStartAuthentication
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain, AuthenticationException reason) void
setAccessDeniedHandler
(AccessDeniedHandler accessDeniedHandler) void
setAuthenticationTrustResolver
(AuthenticationTrustResolver authenticationTrustResolver) void
setMessageSource
(org.springframework.context.MessageSource messageSource) void
setSecurityContextHolderStrategy
(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use.void
setThrowableAnalyzer
(ThrowableAnalyzer throwableAnalyzer) Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Field Details
-
messages
protected org.springframework.context.support.MessageSourceAccessor messages
-
-
Constructor Details
-
ExceptionTranslationFilter
-
ExceptionTranslationFilter
public ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint, RequestCache requestCache)
-
-
Method Details
-
afterPropertiesSet
public void afterPropertiesSet()- Specified by:
afterPropertiesSet
in interfaceorg.springframework.beans.factory.InitializingBean
- Overrides:
afterPropertiesSet
in classorg.springframework.web.filter.GenericFilterBean
-
doFilter
public void doFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException - Specified by:
doFilter
in interfacejakarta.servlet.Filter
- Throws:
IOException
jakarta.servlet.ServletException
-
getAuthenticationEntryPoint
-
getAuthenticationTrustResolver
-
sendStartAuthentication
protected void sendStartAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain, AuthenticationException reason) throws jakarta.servlet.ServletException, IOException - Throws:
jakarta.servlet.ServletException
IOException
-
setAccessDeniedHandler
-
setAuthenticationTrustResolver
-
setThrowableAnalyzer
-
setMessageSource
public void setMessageSource(org.springframework.context.MessageSource messageSource) - Specified by:
setMessageSource
in interfaceorg.springframework.context.MessageSourceAware
- Since:
- 5.5
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-