public class

LoginUrlAuthenticationEntryPoint

extends Object
implements InitializingBean AuthenticationEntryPoint
java.lang.Object
   ↳ org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

Class Overview

Used by the ExceptionTranslationFilter to commence a form login authentication via the UsernamePasswordAuthenticationFilter.

Holds the location of the login form in the loginFormUrl property, and uses that to build a redirect URL to the login page. Alternatively, an absolute URL can be set in this property and that will be used exclusively.

When using a relative URL, you can set the forceHttps property to true, to force the protocol used for the login form to be HTTPS, even if the original intercepted request for a resource used the HTTP protocol. When this happens, after a successful login (via HTTPS), the original resource will still be accessed as HTTP, via the original request URL. For the forced HTTPS feature to work, the PortMapper is consulted to determine the HTTP:HTTPS pairs. The value of forceHttps will have no effect if an absolute URL is used.

Summary

Public Constructors
LoginUrlAuthenticationEntryPoint()
This constructor is deprecated. Use constructor injection
LoginUrlAuthenticationEntryPoint(String loginFormUrl)
Public Methods
void afterPropertiesSet()
void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
Performs the redirect (or forward) to the login form URL.
String getLoginFormUrl()
void setForceHttps(boolean forceHttps)
Set to true to force login form access to be via https.
void setLoginFormUrl(String loginFormUrl)
This method is deprecated. use constructor injection
void setPortMapper(PortMapper portMapper)
void setPortResolver(PortResolver portResolver)
void setUseForward(boolean useForward)
Tells if we are to do a forward to the loginFormUrl using the RequestDispatcher, instead of a 302 redirect.
Protected Methods
String buildHttpsRedirectUrlForRequest(HttpServletRequest request)
Builds a URL to redirect the supplied request to HTTPS.
String buildRedirectUrlToLoginPage(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
String determineUrlToUseForThisRequest(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
Allows subclasses to modify the login form URL that should be applicable for a given request.
PortMapper getPortMapper()
PortResolver getPortResolver()
boolean isForceHttps()
boolean isUseForward()
[Expand]
Inherited Methods
From class java.lang.Object
From interface org.springframework.beans.factory.InitializingBean
From interface org.springframework.security.web.AuthenticationEntryPoint

Public Constructors

public LoginUrlAuthenticationEntryPoint ()

This constructor is deprecated.
Use constructor injection

public LoginUrlAuthenticationEntryPoint (String loginFormUrl)

Parameters
loginFormUrl URL where the login page can be found. Should either be relative to the web-app context path (include a leading /) or an absolute URL.

Public Methods

public void afterPropertiesSet ()

Throws
Exception

public void commence (HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)

Performs the redirect (or forward) to the login form URL.

Parameters
request that resulted in an AuthenticationException
response so that the user agent can begin authentication
authException that caused the invocation
Throws
IOException
ServletException

public String getLoginFormUrl ()

public void setForceHttps (boolean forceHttps)

Set to true to force login form access to be via https. If this value is true (the default is false), and the incoming request for the protected resource which triggered the interceptor was not already https, then the client will first be redirected to an https URL, even if serverSideRedirect is set to true.

public void setLoginFormUrl (String loginFormUrl)

This method is deprecated.
use constructor injection

The URL where the UsernamePasswordAuthenticationFilter login page can be found. Should either be relative to the web-app context path (include a leading /) or an absolute URL.

public void setPortMapper (PortMapper portMapper)

public void setPortResolver (PortResolver portResolver)

public void setUseForward (boolean useForward)

Tells if we are to do a forward to the loginFormUrl using the RequestDispatcher, instead of a 302 redirect.

Parameters
useForward true if a forward to the login page should be used. Must be false (the default) if loginFormUrl is set to an absolute value.

Protected Methods

protected String buildHttpsRedirectUrlForRequest (HttpServletRequest request)

Builds a URL to redirect the supplied request to HTTPS. Used to redirect the current request to HTTPS, before doing a forward to the login page.

Throws
IOException
ServletException

protected String buildRedirectUrlToLoginPage (HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)

protected String determineUrlToUseForThisRequest (HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)

Allows subclasses to modify the login form URL that should be applicable for a given request.

Parameters
request the request
response the response
exception the exception
Returns

protected PortMapper getPortMapper ()

protected PortResolver getPortResolver ()

protected boolean isForceHttps ()

protected boolean isUseForward ()