java.lang.Object | |
↳ | org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint |
Used by the ExceptionTranslationFilter
to commence a form login
authentication via the UsernamePasswordAuthenticationFilter
.
Holds the location of the login form in the loginFormUrl
property, and
uses that to build a redirect URL to the login page. Alternatively, an absolute URL
can be set in this property and that will be used exclusively.
When using a relative URL, you can set the forceHttps
property to true,
to force the protocol used for the login form to be HTTPS
,
even if the original intercepted request for a resource used the
HTTP
protocol. When this happens, after a successful login
(via HTTPS), the original resource will still be accessed as HTTP, via the
original request URL. For the forced HTTPS feature to work, the PortMapper
is consulted to determine the HTTP:HTTPS pairs. The value of
forceHttps
will have no effect if an absolute URL is used.
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
This constructor is deprecated.
Use constructor injection
| |||||||||||
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Performs the redirect (or forward) to the login form URL.
| |||||||||||
Set to true to force login form access to be via https.
| |||||||||||
This method is deprecated.
use constructor injection
| |||||||||||
Tells if we are to do a forward to the
loginFormUrl using the RequestDispatcher ,
instead of a 302 redirect. |
Protected Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Builds a URL to redirect the supplied request to HTTPS.
| |||||||||||
Allows subclasses to modify the login form URL that should be applicable for a given request.
| |||||||||||
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
From interface
org.springframework.beans.factory.InitializingBean
| |||||||||||
From interface
org.springframework.security.web.AuthenticationEntryPoint
|
This constructor is deprecated.
Use constructor injection
loginFormUrl | URL where the login page can be found. Should either be relative to the web-app context path
(include a leading / ) or an absolute URL.
|
---|
Performs the redirect (or forward) to the login form URL.
request | that resulted in an AuthenticationException |
---|---|
response | so that the user agent can begin authentication |
authException | that caused the invocation |
IOException | |
---|---|
ServletException |
Set to true to force login form access to be via https. If this value is true (the default is false),
and the incoming request for the protected resource which triggered the interceptor was not already
https
, then the client will first be redirected to an https URL, even if serverSideRedirect
is set to true.
This method is deprecated.
use constructor injection
The URL where the UsernamePasswordAuthenticationFilter
login
page can be found. Should either be relative to the web-app context path
(include a leading /
) or an absolute URL.
Tells if we are to do a forward to the loginFormUrl
using the RequestDispatcher
,
instead of a 302 redirect.
useForward | true if a forward to the login page should be used. Must be false (the default) if
loginFormUrl is set to an absolute value.
|
---|
Builds a URL to redirect the supplied request to HTTPS. Used to redirect the current request to HTTPS, before doing a forward to the login page.
IOException | |
---|---|
ServletException |
Allows subclasses to modify the login form URL that should be applicable for a given request.
request | the request |
---|---|
response | the response |
exception | the exception |
getLoginFormUrl()
)