AccessDeniedException and AuthenticationException thrown within the filter chain. This filter is necessary because it provides the bridge between Java exceptions and HTTP responses. It is solely concerned with maintaining the user interface. This filter does not do any actual security enforcement.
If an {@link AuthenticationException} is detected, the filter will launch the authenticationEntryPoint.This allows common handling of authentication failures originating from any subclass of {@link org.acegisecurity.intercept.AbstractSecurityInterceptor}.
If an {@link AccessDeniedException} is detected, the filter will determine whether or not the user is an anonymoususer. If they are an anonymous user, the authenticationEntryPoint will be launched. If they are not an anonymous user, the filter will delegate to the {@link org.acegisecurity.ui.AccessDeniedHandler}. By default the filter will use {@link org.acegisecurity.ui.AccessDeniedHandlerImpl}.
To use this filter, it is necessary to specify the following properties:
authenticationEntryPoint indicates the handler that should commence the authentication process if an AuthenticationException is detected. Note that this may also switch the current protocol from http to https for an SSL login.portResolver is used to determine the "real" port that a request was received on. Do not use this class directly. Instead configure web.xml to use the {@link org.acegisecurity.util.FilterToBeanProxy}.
| |