public class ExceptionTranslationFilter extends GenericFilterBean
AccessDeniedException and AuthenticationException thrown within the
filter chain.
This filter is necessary because it provides the bridge between Java exceptions and HTTP responses. It is solely concerned with maintaining the user interface. This filter does not do any actual security enforcement.
If an AuthenticationException is detected, the filter will launch the authenticationEntryPoint.
This allows common handling of authentication failures originating from any subclass of
AbstractSecurityInterceptor.
If an AccessDeniedException is detected, the filter will determine whether or not the user is an anonymous
user. If they are an anonymous user, the authenticationEntryPoint will be launched. If they are not
an anonymous user, the filter will delegate to the AccessDeniedHandler.
By default the filter will use AccessDeniedHandlerImpl.
To use this filter, it is necessary to specify the following properties:
authenticationEntryPoint indicates the handler that
should commence the authentication process if an
AuthenticationException is detected. Note that this may also
switch the current protocol from http to https for an SSL login.HttpSessionRequestCache.logger| Constructor and Description |
|---|
ExceptionTranslationFilter()
Deprecated.
Use constructor injection
|
ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint) |
ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint,
RequestCache requestCache) |
| Modifier and Type | Method and Description |
|---|---|
void |
afterPropertiesSet() |
void |
doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain) |
AuthenticationEntryPoint |
getAuthenticationEntryPoint() |
protected org.springframework.security.authentication.AuthenticationTrustResolver |
getAuthenticationTrustResolver() |
protected void |
sendStartAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain chain,
org.springframework.security.core.AuthenticationException reason) |
void |
setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) |
void |
setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
Deprecated.
Use constructor
|
void |
setAuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver authenticationTrustResolver) |
void |
setRequestCache(RequestCache requestCache)
Deprecated.
Use constructor
|
void |
setThrowableAnalyzer(ThrowableAnalyzer throwableAnalyzer) |
addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext@Deprecated public ExceptionTranslationFilter()
public ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint)
public ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint, RequestCache requestCache)
public void afterPropertiesSet()
afterPropertiesSet in interface InitializingBeanafterPropertiesSet in class GenericFilterBeanpublic void doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
IOExceptionjavax.servlet.ServletExceptionpublic AuthenticationEntryPoint getAuthenticationEntryPoint()
protected org.springframework.security.authentication.AuthenticationTrustResolver getAuthenticationTrustResolver()
protected void sendStartAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain chain,
org.springframework.security.core.AuthenticationException reason)
throws javax.servlet.ServletException,
IOException
javax.servlet.ServletExceptionIOExceptionpublic void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler)
@Deprecated public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
public void setAuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver authenticationTrustResolver)
public void setThrowableAnalyzer(ThrowableAnalyzer throwableAnalyzer)
@Deprecated public void setRequestCache(RequestCache requestCache)
HttpSessionRequestCache.