public class

ExceptionTranslationFilter

extends GenericFilterBean
java.lang.Object
   ↳ org.springframework.web.filter.GenericFilterBean
     ↳ org.springframework.security.web.access.ExceptionTranslationFilter

Class Overview

Handles any AccessDeniedException and AuthenticationException thrown within the filter chain.

This filter is necessary because it provides the bridge between Java exceptions and HTTP responses. It is solely concerned with maintaining the user interface. This filter does not do any actual security enforcement.

If an AuthenticationException is detected, the filter will launch the authenticationEntryPoint. This allows common handling of authentication failures originating from any subclass of AbstractSecurityInterceptor.

If an AccessDeniedException is detected, the filter will determine whether or not the user is an anonymous user. If they are an anonymous user, the authenticationEntryPoint will be launched. If they are not an anonymous user, the filter will delegate to the AccessDeniedHandler. By default the filter will use AccessDeniedHandlerImpl.

To use this filter, it is necessary to specify the following properties:

  • authenticationEntryPoint indicates the handler that should commence the authentication process if an AuthenticationException is detected. Note that this may also switch the current protocol from http to https for an SSL login.
  • requestCache determines the strategy used to save a request during the authentication process in order that it may be retrieved and reused once the user has authenticated. The default implementation is HttpSessionRequestCache.

Summary

[Expand]
Inherited Fields
From class org.springframework.web.filter.GenericFilterBean
Public Constructors
ExceptionTranslationFilter()
This constructor is deprecated. Use constructor injection
ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint)
ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint, RequestCache requestCache)
Public Methods
void afterPropertiesSet()
void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
AuthenticationEntryPoint getAuthenticationEntryPoint()
void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler)
void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
This method is deprecated. Use constructor
void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver)
void setRequestCache(RequestCache requestCache)
This method is deprecated. Use constructor
void setThrowableAnalyzer(ThrowableAnalyzer throwableAnalyzer)
Protected Methods
AuthenticationTrustResolver getAuthenticationTrustResolver()
void sendStartAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, AuthenticationException reason)
[Expand]
Inherited Methods
From class org.springframework.web.filter.GenericFilterBean
From class java.lang.Object
From interface javax.servlet.Filter
From interface org.springframework.beans.factory.BeanNameAware
From interface org.springframework.beans.factory.DisposableBean
From interface org.springframework.beans.factory.InitializingBean
From interface org.springframework.web.context.ServletContextAware

Public Constructors

public ExceptionTranslationFilter ()

This constructor is deprecated.
Use constructor injection

public ExceptionTranslationFilter (AuthenticationEntryPoint authenticationEntryPoint)

public ExceptionTranslationFilter (AuthenticationEntryPoint authenticationEntryPoint, RequestCache requestCache)

Public Methods

public void afterPropertiesSet ()

public void doFilter (ServletRequest req, ServletResponse res, FilterChain chain)

Throws
IOException
ServletException

public AuthenticationEntryPoint getAuthenticationEntryPoint ()

public void setAccessDeniedHandler (AccessDeniedHandler accessDeniedHandler)

public void setAuthenticationEntryPoint (AuthenticationEntryPoint authenticationEntryPoint)

This method is deprecated.
Use constructor

public void setAuthenticationTrustResolver (AuthenticationTrustResolver authenticationTrustResolver)

public void setRequestCache (RequestCache requestCache)

This method is deprecated.
Use constructor

The RequestCache implementation used to store the current request before starting authentication. Defaults to an HttpSessionRequestCache.

public void setThrowableAnalyzer (ThrowableAnalyzer throwableAnalyzer)

Protected Methods

protected AuthenticationTrustResolver getAuthenticationTrustResolver ()

protected void sendStartAuthentication (HttpServletRequest request, HttpServletResponse response, FilterChain chain, AuthenticationException reason)

Throws
IOException
ServletException