public class

SimpleUrlAuthenticationFailureHandler

extends Object
implements AuthenticationFailureHandler
java.lang.Object
   ↳ org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
Known Direct Subclasses

Class Overview

AuthenticationFailureHandler which performs a redirect to the value of the defaultFailureUrl property when the onAuthenticationFailure method is called. If the property has not been set it will send a 401 response to the client, with the error message from the AuthenticationException which caused the failure.

If the useForward property is set, a RequestDispatcher.forward call will be made to the destination instead of a redirect.

Summary

Fields
protected final Log logger
Public Constructors
SimpleUrlAuthenticationFailureHandler()
SimpleUrlAuthenticationFailureHandler(String defaultFailureUrl)
Public Methods
void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
Performs the redirect or forward to the defaultFailureUrl if set, otherwise returns a 401 error code.
void setAllowSessionCreation(boolean allowSessionCreation)
void setDefaultFailureUrl(String defaultFailureUrl)
The URL which will be used as the failure destination.
void setRedirectStrategy(RedirectStrategy redirectStrategy)
Allows overriding of the behaviour when redirecting to a target URL.
void setUseForward(boolean forwardToDestination)
If set to true, performs a forward to the failure destination URL instead of a redirect.
Protected Methods
RedirectStrategy getRedirectStrategy()
boolean isAllowSessionCreation()
boolean isUseForward()
final void saveException(HttpServletRequest request, AuthenticationException exception)
Caches the AuthenticationException for use in view rendering.
[Expand]
Inherited Methods
From class java.lang.Object
From interface org.springframework.security.web.authentication.AuthenticationFailureHandler

Fields

protected final Log logger

Public Constructors

public SimpleUrlAuthenticationFailureHandler ()

public SimpleUrlAuthenticationFailureHandler (String defaultFailureUrl)

Public Methods

public void onAuthenticationFailure (HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)

Performs the redirect or forward to the defaultFailureUrl if set, otherwise returns a 401 error code.

If redirecting or forwarding, saveException will be called to cache the exception for use in the target view.

Parameters
request the request during which the authentication attempt occurred.
response the response.
exception the exception which was thrown to reject the authentication request.
Throws
IOException
ServletException

public void setAllowSessionCreation (boolean allowSessionCreation)

public void setDefaultFailureUrl (String defaultFailureUrl)

The URL which will be used as the failure destination.

Parameters
defaultFailureUrl the failure URL, for example "/loginFailed.jsp".

public void setRedirectStrategy (RedirectStrategy redirectStrategy)

Allows overriding of the behaviour when redirecting to a target URL.

public void setUseForward (boolean forwardToDestination)

If set to true, performs a forward to the failure destination URL instead of a redirect. Defaults to false.

Protected Methods

protected RedirectStrategy getRedirectStrategy ()

protected boolean isAllowSessionCreation ()

protected boolean isUseForward ()

protected final void saveException (HttpServletRequest request, AuthenticationException exception)

Caches the AuthenticationException for use in view rendering.

If forwardToDestination is set to true, request scope will be used, otherwise it will attempt to store the exception in the session. If there is no session and allowSessionCreation is true a session will be created. Otherwise the exception will not be stored.