Package org.springframework.security.web.access

Class ExceptionTranslationFilter

  • All Implemented Interfaces:
    javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
    public class ExceptionTranslationFilter
extends org.springframework.web.filter.GenericFilterBean
implements org.springframework.context.MessageSourceAware
    Handles any AccessDeniedException and AuthenticationException thrown within the filter chain.

    This filter is necessary because it provides the bridge between Java exceptions and HTTP responses. It is solely concerned with maintaining the user interface. This filter does not do any actual security enforcement.

    If an AuthenticationException is detected, the filter will launch the authenticationEntryPoint. This allows common handling of authentication failures originating from any subclass of AbstractSecurityInterceptor.

    If an AccessDeniedException is detected, the filter will determine whether or not the user is an anonymous user. If they are an anonymous user, the authenticationEntryPoint will be launched. If they are not an anonymous user, the filter will delegate to the AccessDeniedHandler. By default the filter will use AccessDeniedHandlerImpl.

    To use this filter, it is necessary to specify the following properties:

    • authenticationEntryPoint indicates the handler that should commence the authentication process if an AuthenticationException is detected. Note that this may also switch the current protocol from http to https for an SSL login.
    • requestCache determines the strategy used to save a request during the authentication process in order that it may be retrieved and reused once the user has authenticated. The default implementation is HttpSessionRequestCache.

    • Field Detail

      • messages

        protected org.springframework.context.support.MessageSourceAccessor messages

    • Method Detail

      • afterPropertiesSet

        public void afterPropertiesSet()
        Specified by:
        afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
        Overrides:
        afterPropertiesSet in class org.springframework.web.filter.GenericFilterBean

      • doFilter

        public void doFilter​(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws java.io.IOException,
                     javax.servlet.ServletException
        Specified by:
        doFilter in interface javax.servlet.Filter
        Throws:
        java.io.IOException
        javax.servlet.ServletException

      • getAuthenticationTrustResolver

        protected org.springframework.security.authentication.AuthenticationTrustResolver getAuthenticationTrustResolver()

      • sendStartAuthentication

        protected void sendStartAuthentication​(javax.servlet.http.HttpServletRequest request,
                                       javax.servlet.http.HttpServletResponse response,
                                       javax.servlet.FilterChain chain,
                                       org.springframework.security.core.AuthenticationException reason)
                                throws javax.servlet.ServletException,
                                       java.io.IOException
        Throws:
        javax.servlet.ServletException
        java.io.IOException

      • setAccessDeniedHandler

        public void setAccessDeniedHandler​(AccessDeniedHandler accessDeniedHandler)

      • setAuthenticationTrustResolver

        public void setAuthenticationTrustResolver​(org.springframework.security.authentication.AuthenticationTrustResolver authenticationTrustResolver)

      • setThrowableAnalyzer

        public void setThrowableAnalyzer​(ThrowableAnalyzer throwableAnalyzer)

      • setMessageSource

        public void setMessageSource​(org.springframework.context.MessageSource messageSource)
        Specified by:
        setMessageSource in interface org.springframework.context.MessageSourceAware
        Since:
        5.5