java.lang.Object | ||
↳ | org.springframework.web.filter.GenericFilterBean | |
↳ | org.springframework.security.web.access.ExceptionTranslationFilter |
Handles any AccessDeniedException
and AuthenticationException
thrown within the
filter chain.
This filter is necessary because it provides the bridge between Java exceptions and HTTP responses. It is solely concerned with maintaining the user interface. This filter does not do any actual security enforcement.
If an AuthenticationException
is detected, the filter will launch the authenticationEntryPoint
.
This allows common handling of authentication failures originating from any subclass of
AbstractSecurityInterceptor
.
If an AccessDeniedException
is detected, the filter will determine whether or not the user is an anonymous
user. If they are an anonymous user, the authenticationEntryPoint
will be launched. If they are not
an anonymous user, the filter will delegate to the AccessDeniedHandler
.
By default the filter will use AccessDeniedHandlerImpl
.
To use this filter, it is necessary to specify the following properties:
authenticationEntryPoint
indicates the handler that
should commence the authentication process if an
AuthenticationException
is detected. Note that this may also
switch the current protocol from http to https for an SSL login.HttpSessionRequestCache
.
[Expand]
Inherited Fields | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
org.springframework.web.filter.GenericFilterBean
|
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
This constructor is deprecated.
Use constructor injection
| |||||||||||
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
This method is deprecated.
Use constructor
| |||||||||||
This method is deprecated.
Use constructor
| |||||||||||
Protected Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
org.springframework.web.filter.GenericFilterBean
| |||||||||||
From class
java.lang.Object
| |||||||||||
From interface
javax.servlet.Filter
| |||||||||||
From interface
org.springframework.beans.factory.BeanNameAware
| |||||||||||
From interface
org.springframework.beans.factory.DisposableBean
| |||||||||||
From interface
org.springframework.beans.factory.InitializingBean
| |||||||||||
From interface
org.springframework.web.context.ServletContextAware
|
This constructor is deprecated.
Use constructor injection
IOException | |
---|---|
ServletException |
This method is deprecated.
Use constructor
This method is deprecated.
Use constructor
The RequestCache implementation used to store the current request before starting authentication.
Defaults to an HttpSessionRequestCache
.
IOException | |
---|---|
ServletException |