org.springframework.security.ui
Class ExceptionTranslationFilter
java.lang.Object
org.springframework.security.ui.SpringSecurityFilter
org.springframework.security.ui.ExceptionTranslationFilter
- All Implemented Interfaces:
- Filter, InitializingBean, Ordered
public class ExceptionTranslationFilter
- extends SpringSecurityFilter
- implements InitializingBean
Handles any AccessDeniedException and AuthenticationException thrown within the
filter chain.
This filter is necessary because it provides the bridge between Java exceptions and HTTP responses.
It is solely concerned with maintaining the user interface. This filter does not do any actual security enforcement.
If an AuthenticationException is detected, the filter will launch the authenticationEntryPoint.
This allows common handling of authentication failures originating from any subclass of
AbstractSecurityInterceptor.
If an AccessDeniedException is detected, the filter will determine whether or not the user is an anonymous
user. If they are an anonymous user, the authenticationEntryPoint will be launched. If they are not
an anonymous user, the filter will delegate to the AccessDeniedHandler.
By default the filter will use AccessDeniedHandlerImpl.
To use this filter, it is necessary to specify the following properties:
authenticationEntryPoint indicates the handler that
should commence the authentication process if an
AuthenticationException is detected. Note that this may also
switch the current protocol from http to https for an SSL login.portResolver is used to determine the "real" port that a
request was received on.
- Version:
- $Id$
- Author:
- Ben Alex, colin sampaleanu
ExceptionTranslationFilter
public ExceptionTranslationFilter()
afterPropertiesSet
public void afterPropertiesSet()
throws Exception
- Specified by:
afterPropertiesSet in interface InitializingBean
- Throws:
Exception
doFilterHttp
public void doFilterHttp(HttpServletRequest request,
HttpServletResponse response,
FilterChain chain)
throws IOException,
ServletException
- Specified by:
doFilterHttp in class SpringSecurityFilter
- Throws:
IOException
ServletException
getAuthenticationEntryPoint
public AuthenticationEntryPoint getAuthenticationEntryPoint()
getAuthenticationTrustResolver
public AuthenticationTrustResolver getAuthenticationTrustResolver()
getPortResolver
public PortResolver getPortResolver()
isCreateSessionAllowed
public boolean isCreateSessionAllowed()
- If
true, indicates that SecurityEnforcementFilter is permitted to store the target
URL and exception information in the HttpSession (the default).
In situations where you do not wish to unnecessarily create HttpSessions - because the user agent
will know the failed URL, such as with BASIC or Digest authentication - you may wish to
set this property to false. Remember to also set the
HttpSessionContextIntegrationFilter.allowSessionCreation
to false if you set this property to false.
- Returns:
true if the HttpSession will be
used to store information about the failed request, false
if the HttpSession will not be used
sendStartAuthentication
protected void sendStartAuthentication(ServletRequest request,
ServletResponse response,
FilterChain chain,
AuthenticationException reason)
throws ServletException,
IOException
- Throws:
ServletException
IOException
setAccessDeniedHandler
public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler)
setAuthenticationEntryPoint
public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
setAuthenticationTrustResolver
public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver)
setCreateSessionAllowed
public void setCreateSessionAllowed(boolean createSessionAllowed)
setPortResolver
public void setPortResolver(PortResolver portResolver)
setThrowableAnalyzer
public void setThrowableAnalyzer(ThrowableAnalyzer throwableAnalyzer)
getOrder
public int getOrder()
- Specified by:
getOrder in interface Ordered
Copyright © 2004-2010 SpringSource, Inc. All Rights Reserved.