public class ExceptionTranslationFilter extends Object implements javax.servlet.Filter, org.springframework.beans.factory.InitializingBean
AccessDeniedException
and AuthenticationException
thrown within the
filter chain.
This filter is necessary because it provides the bridge between Java exceptions and HTTP responses. It is solely concerned with maintaining the user interface. This filter does not do any actual security enforcement.
If an AuthenticationException
is detected, the filter will launch the authenticationEntryPoint
.
This allows common handling of authentication failures originating from any subclass of
AbstractSecurityInterceptor
.
If an AccessDeniedException
is detected, the filter will determine whether or not the user is an anonymous
user. If they are an anonymous user, the authenticationEntryPoint
will be launched. If they are not
an anonymous user, the filter will delegate to the AccessDeniedHandler
.
By default the filter will use AccessDeniedHandlerImpl
.
To use this filter, it is necessary to specify the following properties:
authenticationEntryPoint
indicates the handler that
should commence the authentication process if an
AuthenticationException
is detected. Note that this may also
switch the current protocol from http to https for an SSL login.portResolver
is used to determine the "real" port that a
request was received on.
Do not use this class directly. Instead configure
web.xml
to use the FilterToBeanProxy
.
Constructor and Description |
---|
ExceptionTranslationFilter() |
Modifier and Type | Method and Description |
---|---|
void |
afterPropertiesSet() |
void |
destroy() |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain) |
AuthenticationEntryPoint |
getAuthenticationEntryPoint() |
AuthenticationTrustResolver |
getAuthenticationTrustResolver() |
PortResolver |
getPortResolver() |
void |
init(javax.servlet.FilterConfig filterConfig) |
boolean |
isCreateSessionAllowed()
If
true , indicates that SecurityEnforcementFilter is permitted to store the target
URL and exception information in the HttpSession (the default). |
protected void |
sendStartAuthentication(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain,
AuthenticationException reason) |
void |
setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) |
void |
setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) |
void |
setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) |
void |
setCreateSessionAllowed(boolean createSessionAllowed) |
void |
setPortResolver(PortResolver portResolver) |
public void afterPropertiesSet() throws Exception
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
Exception
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
doFilter
in interface javax.servlet.Filter
IOException
javax.servlet.ServletException
public AuthenticationEntryPoint getAuthenticationEntryPoint()
public AuthenticationTrustResolver getAuthenticationTrustResolver()
public PortResolver getPortResolver()
public boolean isCreateSessionAllowed()
true
, indicates that SecurityEnforcementFilter
is permitted to store the target
URL and exception information in the HttpSession
(the default).
In situations where you do not wish to unnecessarily create HttpSession
s - because the user agent
will know the failed URL, such as with BASIC or Digest authentication - you may wish to
set this property to false
. Remember to also set the
HttpSessionContextIntegrationFilter.allowSessionCreation
to false
if you set this property to false
.true
if the HttpSession
will be
used to store information about the failed request, false
if the HttpSession
will not be usedprotected void sendStartAuthentication(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain, AuthenticationException reason) throws javax.servlet.ServletException, IOException
javax.servlet.ServletException
IOException
public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler)
public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver)
public void setCreateSessionAllowed(boolean createSessionAllowed)
public void setPortResolver(PortResolver portResolver)
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
init
in interface javax.servlet.Filter
javax.servlet.ServletException
public void destroy()
destroy
in interface javax.servlet.Filter
Copyright © 2016. All rights reserved.