ExceptionTranslationFilter
extends GenericFilterBean| java.lang.Object | ||
| ↳ | org.springframework.web.filter.GenericFilterBean | |
| ↳ | org.springframework.security.web.access.ExceptionTranslationFilter | |
Class Overview
Handles any AccessDeniedException and AuthenticationException thrown within the
filter chain.
This filter is necessary because it provides the bridge between Java exceptions and HTTP responses. It is solely concerned with maintaining the user interface. This filter does not do any actual security enforcement.
If an AuthenticationException is detected, the filter will launch the authenticationEntryPoint.
This allows common handling of authentication failures originating from any subclass of
AbstractSecurityInterceptor.
If an AccessDeniedException is detected, the filter will determine whether or not the user is an anonymous
user. If they are an anonymous user, the authenticationEntryPoint will be launched. If they are not
an anonymous user, the filter will delegate to the AccessDeniedHandler.
By default the filter will use AccessDeniedHandlerImpl.
To use this filter, it is necessary to specify the following properties:
authenticationEntryPointindicates the handler that should commence the authentication process if anAuthenticationExceptionis detected. Note that this may also switch the current protocol from http to https for an SSL login.- requestCache determines the strategy used to save a request during the authentication process in order
that it may be retrieved and reused once the user has authenticated. The default implementation is
HttpSessionRequestCache.
Summary
|
[Expand]
Inherited Fields | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
 From class
org.springframework.web.filter.GenericFilterBean
| |||||||||||
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
This constructor is deprecated.
Use constructor injection
| |||||||||||
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
This method is deprecated.
Use constructor
| |||||||||||
This method is deprecated.
Use constructor
| |||||||||||
| Protected Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
From class
org.springframework.web.filter.GenericFilterBean
| |||||||||||
|
From class
java.lang.Object
| |||||||||||
|
From interface
javax.servlet.Filter
| |||||||||||
|
From interface
org.springframework.beans.factory.BeanNameAware
| |||||||||||
|
From interface
org.springframework.beans.factory.DisposableBean
| |||||||||||
|
From interface
org.springframework.beans.factory.InitializingBean
| |||||||||||
|
From interface
org.springframework.web.context.ServletContextAware
| |||||||||||
Public Constructors
public ExceptionTranslationFilter ()
This constructor is deprecated.
Use constructor injection
public ExceptionTranslationFilter (AuthenticationEntryPoint authenticationEntryPoint, RequestCache requestCache)
Public Methods
public void afterPropertiesSet ()
public void doFilter (ServletRequest req, ServletResponse res, FilterChain chain)
Throws
| IOException | |
|---|---|
| ServletException |
public void setAuthenticationEntryPoint (AuthenticationEntryPoint authenticationEntryPoint)
This method is deprecated.
Use constructor
public void setAuthenticationTrustResolver (AuthenticationTrustResolver authenticationTrustResolver)
public void setRequestCache (RequestCache requestCache)
This method is deprecated.
Use constructor
The RequestCache implementation used to store the current request before starting authentication.
Defaults to an HttpSessionRequestCache.
Protected Methods
protected void sendStartAuthentication (HttpServletRequest request, HttpServletResponse response, FilterChain chain, AuthenticationException reason)
Throws
| IOException | |
|---|---|
| ServletException |