public class ExceptionTranslationFilter extends GenericFilterBean
AccessDeniedException and AuthenticationException
thrown within the filter chain.
This filter is necessary because it provides the bridge between Java exceptions and HTTP responses. It is solely concerned with maintaining the user interface. This filter does not do any actual security enforcement.
If an AuthenticationException is detected, the filter will launch the
authenticationEntryPoint. This allows common handling of authentication
failures originating from any subclass of
AbstractSecurityInterceptor.
If an AccessDeniedException is detected, the filter will determine whether or
not the user is an anonymous user. If they are an anonymous user, the
authenticationEntryPoint will be launched. If they are not an anonymous
user, the filter will delegate to the
AccessDeniedHandler. By default the
filter will use AccessDeniedHandlerImpl.
To use this filter, it is necessary to specify the following properties:
authenticationEntryPoint indicates the handler that should commence
the authentication process if an AuthenticationException is detected. Note
that this may also switch the current protocol from http to https for an SSL login.HttpSessionRequestCache.logger| Constructor and Description |
|---|
ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint) |
ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint,
RequestCache requestCache) |
| Modifier and Type | Method and Description |
|---|---|
void |
afterPropertiesSet() |
void |
doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain) |
AuthenticationEntryPoint |
getAuthenticationEntryPoint() |
protected org.springframework.security.authentication.AuthenticationTrustResolver |
getAuthenticationTrustResolver() |
protected void |
sendStartAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain chain,
org.springframework.security.core.AuthenticationException reason) |
void |
setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) |
void |
setAuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver authenticationTrustResolver) |
void |
setThrowableAnalyzer(ThrowableAnalyzer throwableAnalyzer) |
addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContextpublic ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint)
public ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint, RequestCache requestCache)
public void afterPropertiesSet()
afterPropertiesSet in interface InitializingBeanafterPropertiesSet in class GenericFilterBeanpublic void doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
IOExceptionjavax.servlet.ServletExceptionpublic AuthenticationEntryPoint getAuthenticationEntryPoint()
protected org.springframework.security.authentication.AuthenticationTrustResolver getAuthenticationTrustResolver()
protected void sendStartAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain chain,
org.springframework.security.core.AuthenticationException reason)
throws javax.servlet.ServletException,
IOException
javax.servlet.ServletExceptionIOExceptionpublic void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler)
public void setAuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver authenticationTrustResolver)
public void setThrowableAnalyzer(ThrowableAnalyzer throwableAnalyzer)