Make Spring Security filters implement the Ordered interface, for use when post-processing the application context

core/src/main/java/org/springframework/security/context/HttpSessionContextIntegrationFilter.java

@@ -18,12 +18,8 @@ package org.springframework.security.context;
 import java.io.IOException;
 import java.lang.reflect.Method;
 
-import javax.servlet.Filter;
 import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpServletResponseWrapper;
@@ -34,6 +30,8 @@ import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.util.Assert;
 import org.springframework.util.ReflectionUtils;
+import org.springframework.security.ui.SpringSecurityFilter;
+import org.springframework.security.ui.FilterChainOrderUtils;
 
 /**
  * Populates the {@link SecurityContextHolder} with information obtained from
@@ -99,7 +97,7 @@ import org.springframework.util.ReflectionUtils;
  *
  * @version $Id$
  */
-public class HttpSessionContextIntegrationFilter implements InitializingBean, Filter {
+public class HttpSessionContextIntegrationFilter extends SpringSecurityFilter implements InitializingBean {
     //~ Static fields/initializers =====================================================================================
 
     protected static final Log logger = LogFactory.getLog(HttpSessionContextIntegrationFilter.class);
@@ -174,8 +172,8 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
     public void afterPropertiesSet() throws Exception {
         if ((this.context == null) || (!SecurityContext.class.isAssignableFrom(this.context))) {
             throw new IllegalArgumentException("context must be defined and implement SecurityContext "
-                    + "(typically use org.springframework.security.context.SecurityContextImpl; existing class is " + this.context
-                    + ")");
+                    + "(typically use org.springframework.security.context.SecurityContextImpl; existing class is "
+                    + this.context + ")");
         }
 
         if (forceEagerSessionCreation && !allowSessionCreation) {
@@ -184,14 +182,8 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
         }
     }
 
-    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException,
-            ServletException {
-
-        Assert.isInstanceOf(HttpServletRequest.class, req, "ServletRequest must be an instance of HttpServletRequest");
-        Assert.isInstanceOf(HttpServletResponse.class, res, "ServletResponse must be an instance of HttpServletResponse");
-
-        HttpServletRequest request = (HttpServletRequest) req;
-        HttpServletResponse response = (HttpServletResponse) res;
+    public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+            throws IOException, ServletException {
 
         if (request.getAttribute(FILTER_APPLIED) != null) {
             // ensure that filter is only applied once per request
@@ -261,7 +253,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
             // if something in the chain called sendError() or sendRedirect(). This ensures we only call it
             // once per request.
             if ( !responseWrapper.isSessionUpdateDone() ) {
-              storeSecurityContextInSession(contextAfterChainExecution, request,
+                storeSecurityContextInSession(contextAfterChainExecution, request,
                       httpSessionExistedAtStartOfRequest, contextHashBeforeChainExecution);
             }
 
@@ -425,21 +417,6 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
         }
     }
 
-    /**
-     * Does nothing. We use IoC container lifecycle services instead.
-     *
-     * @param filterConfig ignored
-     * @throws ServletException ignored
-     */
-    public void init(FilterConfig filterConfig) throws ServletException {
-    }
-
-    /**
-     * Does nothing. We use IoC container lifecycle services instead.
-     */
-    public void destroy() {
-    }
-
     public boolean isAllowSessionCreation() {
         return allowSessionCreation;
     }
@@ -464,6 +441,9 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
         this.forceEagerSessionCreation = forceEagerSessionCreation;
     }
 
+    public int getOrder() {
+        return FilterChainOrderUtils.HTTP_SESSION_CONTEXT_FILTER_ORDER;
+    }
 
     //~ Inner Classes ==================================================================================================
 

core/src/main/java/org/springframework/security/intercept/web/FilterSecurityInterceptor.java

@@ -18,6 +18,8 @@ package org.springframework.security.intercept.web;
 import org.springframework.security.intercept.AbstractSecurityInterceptor;
 import org.springframework.security.intercept.InterceptorStatusToken;
 import org.springframework.security.intercept.ObjectDefinitionSource;
+import org.springframework.security.ui.FilterChainOrderUtils;
+import org.springframework.core.Ordered;
 
 import java.io.IOException;
 
@@ -33,12 +35,12 @@ import javax.servlet.ServletResponse;
  * Performs security handling of HTTP resources via a filter implementation.<p>The
  * <code>ObjectDefinitionSource</code> required by this security interceptor is of type {@link
  * FilterInvocationDefinitionSource}.</p>
- *  <P>Refer to {@link AbstractSecurityInterceptor} for details on the workflow.</p>
+ *  <p>Refer to {@link AbstractSecurityInterceptor} for details on the workflow.</p>
  *
  * @author Ben Alex
  * @version $Id$
  */
-public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
+public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter, Ordered {
     //~ Static fields/initializers =====================================================================================
 
     private static final String FILTER_APPLIED = "__spring_security_filterSecurityInterceptor_filterApplied";
@@ -50,6 +52,15 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
 
     //~ Methods ========================================================================================================
 
+    /**
+     * Not used (we rely on IoC container lifecycle services instead)
+     *
+     * @param arg0 ignored
+     *
+     * @throws ServletException never thrown
+     */
+    public void init(FilterConfig arg0) throws ServletException {}
+
     /**
      * Not used (we rely on IoC container lifecycle services instead)
      */
@@ -80,15 +91,6 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
         return FilterInvocation.class;
     }
 
-    /**
-     * Not used (we rely on IoC container lifecycle services instead)
-     *
-     * @param arg0 ignored
-     *
-     * @throws ServletException never thrown
-     */
-    public void init(FilterConfig arg0) throws ServletException {}
-
     public void invoke(FilterInvocation fi) throws IOException, ServletException {
         if ((fi.getRequest() != null) && (fi.getRequest().getAttribute(FILTER_APPLIED) != null)
             && observeOncePerRequest) {
@@ -136,4 +138,8 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
     public void setObserveOncePerRequest(boolean observeOncePerRequest) {
         this.observeOncePerRequest = observeOncePerRequest;
     }
+
+    public int getOrder() {
+        return FilterChainOrderUtils.FILTER_SECURITY_INTERCEPTOR_ORDER;
+    }
 }

core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java

@@ -50,12 +50,8 @@ import java.util.HashMap;
 import java.util.Iterator;
 import java.util.Map;
 
-import javax.servlet.Filter;
 import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
@@ -139,8 +135,8 @@ import javax.servlet.http.HttpSession;
  * @version $Id: AbstractProcessingFilter.java 1909 2007-06-19 04:08:19Z
  * vishalpuri $
  */
-public abstract class AbstractProcessingFilter implements Filter, InitializingBean, ApplicationEventPublisherAware,
-		MessageSourceAware {
+public abstract class AbstractProcessingFilter extends SpringSecurityFilter implements InitializingBean,
+        ApplicationEventPublisherAware, MessageSourceAware {
 	//~ Static fields/initializers =====================================================================================
 
 	public static final String SPRING_SECURITY_SAVED_REQUEST_KEY = "SPRING_SECURITY_SAVED_REQUEST_KEY";
@@ -239,26 +235,10 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
 	 */
 	public abstract Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException;
 
-	/**
-	 * Does nothing. We use IoC container lifecycle services instead.
-	 */
-	public void destroy() {
-	}
-
-	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
+	public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException,
 			ServletException {
-		if (!(request instanceof HttpServletRequest)) {
-			throw new ServletException("Can only process HttpServletRequest");
-		}
-
-		if (!(response instanceof HttpServletResponse)) {
-			throw new ServletException("Can only process HttpServletResponse");
-		}
 
-		HttpServletRequest httpRequest = (HttpServletRequest) request;
-		HttpServletResponse httpResponse = (HttpServletResponse) response;
-
-		if (requiresAuthentication(httpRequest, httpResponse)) {
+		if (requiresAuthentication(request, response)) {
 			if (logger.isDebugEnabled()) {
 				logger.debug("Request is to process authentication");
 			}
@@ -266,12 +246,12 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
 			Authentication authResult;
 
 			try {
-				onPreAuthentication(httpRequest, httpResponse);
-				authResult = attemptAuthentication(httpRequest);
+				onPreAuthentication(request, response);
+				authResult = attemptAuthentication(request);
 			}
 			catch (AuthenticationException failed) {
 				// Authentication failed
-				unsuccessfulAuthentication(httpRequest, httpResponse, failed);
+				unsuccessfulAuthentication(request, response, failed);
 
 				return;
 			}
@@ -281,7 +261,7 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
 				chain.doFilter(request, response);
 			}
 
-			successfulAuthentication(httpRequest, httpResponse, authResult);
+			successfulAuthentication(request, response, authResult);
 
 			return;
 		}
@@ -330,16 +310,6 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
 		return rememberMeServices;
 	}
 
-	/**
-	 * Does nothing. We use IoC container lifecycle services instead.
-	 *
-	 * @param arg0 ignored
-	 *
-	 * @throws ServletException ignored
-	 */
-	public void init(FilterConfig arg0) throws ServletException {
-	}
-
 	public boolean isAlwaysUseDefaultTargetUrl() {
 		return alwaysUseDefaultTargetUrl;
 	}

core/src/main/java/org/springframework/security/ui/ExceptionTranslationFilter.java

@@ -21,11 +21,8 @@ import org.springframework.security.AuthenticationException;
 import org.springframework.security.AuthenticationTrustResolver;
 import org.springframework.security.AuthenticationTrustResolverImpl;
 import org.springframework.security.InsufficientAuthenticationException;
-
 import org.springframework.security.context.SecurityContextHolder;
-
 import org.springframework.security.ui.savedrequest.SavedRequest;
-
 import org.springframework.security.util.PortResolver;
 import org.springframework.security.util.PortResolverImpl;
 
@@ -38,9 +35,7 @@ import org.springframework.util.Assert;
 
 import java.io.IOException;
 
-import javax.servlet.Filter;
 import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
@@ -85,7 +80,7 @@ import javax.servlet.http.HttpServletResponse;
  * @author colin sampaleanu
  * @version $Id$
  */
-public class ExceptionTranslationFilter implements Filter, InitializingBean {
+public class ExceptionTranslationFilter extends SpringSecurityFilter implements InitializingBean {
 
     //~ Static fields/initializers =====================================================================================
 
@@ -107,15 +102,8 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean {
 		Assert.notNull(authenticationTrustResolver, "authenticationTrustResolver must be specified");
 	}
 
-	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
+	public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException,
 			ServletException {
-		if (!(request instanceof HttpServletRequest)) {
-			throw new ServletException("HttpServletRequest required");
-		}
-
-		if (!(response instanceof HttpServletResponse)) {
-			throw new ServletException("HttpServletResponse required");
-		}
 
 		try {
 			chain.doFilter(request, response);
@@ -223,7 +211,7 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean {
 		// existing Authentication is no longer considered valid
 		SecurityContextHolder.getContext().setAuthentication(null);
 
-		authenticationEntryPoint.commence(httpRequest, (HttpServletResponse) response, reason);
+		authenticationEntryPoint.commence(httpRequest, response, reason);
 	}
 
 	public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) {
@@ -247,9 +235,7 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean {
 		this.portResolver = portResolver;
 	}
 
-    public void init(FilterConfig filterConfig) throws ServletException {
-    }
-
-    public void destroy() {
+    public int getOrder() {
+        return FilterChainOrderUtils.EXCEPTION_TRANSLATION_FILTER_ORDER;
     }
 }

core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilter.java

@@ -17,12 +17,8 @@ package org.springframework.security.ui.basicauth;
 
 import java.io.IOException;
 
-import javax.servlet.Filter;
 import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -34,6 +30,8 @@ import org.springframework.security.providers.UsernamePasswordAuthenticationToke
 import org.springframework.security.ui.AuthenticationDetailsSource;
 import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
 import org.springframework.security.ui.AuthenticationEntryPoint;
+import org.springframework.security.ui.SpringSecurityFilter;
+import org.springframework.security.ui.FilterChainOrderUtils;
 import org.springframework.security.ui.rememberme.RememberMeServices;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.logging.Log;
@@ -72,7 +70,7 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  * @version $Id$
  */
-public class BasicProcessingFilter implements Filter, InitializingBean {
+public class BasicProcessingFilter extends SpringSecurityFilter implements InitializingBean {
     //~ Static fields/initializers =====================================================================================
 
 	private static final Log logger = LogFactory.getLog(BasicProcessingFilter.class);
@@ -92,22 +90,9 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
         Assert.notNull(this.authenticationEntryPoint, "An AuthenticationEntryPoint is required");
     }
 
-    public void destroy() {}
-
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+    public void doFilterHttp(HttpServletRequest httpRequest, HttpServletResponse httpResponse, FilterChain chain)
             throws IOException, ServletException {
 
-        if (!(request instanceof HttpServletRequest)) {
-            throw new ServletException("Can only process HttpServletRequest");
-        }
-
-        if (!(response instanceof HttpServletResponse)) {
-            throw new ServletException("Can only process HttpServletResponse");
-        }
-
-        HttpServletRequest httpRequest = (HttpServletRequest) request;
-        HttpServletResponse httpResponse = (HttpServletResponse) response;
-
         String header = httpRequest.getHeader("Authorization");
 
         if (logger.isDebugEnabled()) {
@@ -130,7 +115,7 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
             if (authenticationIsRequired(username)) {
                 UsernamePasswordAuthenticationToken authRequest =
                         new UsernamePasswordAuthenticationToken(username, password);
-                authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
+                authRequest.setDetails(authenticationDetailsSource.buildDetails(httpRequest));
 
                 Authentication authResult;
 
@@ -149,9 +134,9 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
                     }
 
                     if (ignoreFailure) {
-                        chain.doFilter(request, response);
+                        chain.doFilter(httpRequest, httpResponse);
                     } else {
-                        authenticationEntryPoint.commence(request, response, failed);
+                        authenticationEntryPoint.commence(httpRequest, httpResponse, failed);
                     }
 
                     return;
@@ -170,7 +155,7 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
             }
         }
 
-        chain.doFilter(request, response);
+        chain.doFilter(httpRequest, httpResponse);
     }
 
     private boolean authenticationIsRequired(String username) {
@@ -200,8 +185,6 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
         return authenticationManager;
     }
 
-    public void init(FilterConfig arg0) throws ServletException {}
-
     public boolean isIgnoreFailure() {
         return ignoreFailure;
     }
@@ -227,4 +210,7 @@ public class BasicProcessingFilter implements Filter, InitializingBean {
         this.rememberMeServices = rememberMeServices;
     }
 
+    public int getOrder() {
+        return FilterChainOrderUtils.BASIC_PROCESSING_FILTER_ORDER;
+    }
 }

core/src/main/java/org/springframework/security/ui/cas/CasProcessingFilter.java

@@ -21,6 +21,7 @@ import org.springframework.security.AuthenticationException;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 
 import org.springframework.security.ui.AbstractProcessingFilter;
+import org.springframework.security.ui.FilterChainOrderUtils;
 
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
@@ -71,7 +72,7 @@ public class CasProcessingFilter extends AbstractProcessingFilter {
 
         UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
 
-        authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
+        authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
 
         return this.getAuthenticationManager().authenticate(authRequest);
     }
@@ -85,5 +86,7 @@ public class CasProcessingFilter extends AbstractProcessingFilter {
         return "/j_spring_cas_security_check";
     }
 
-    public void init(FilterConfig filterConfig) throws ServletException {}
+    public int getOrder() {
+        return FilterChainOrderUtils.CAS_PROCESSING_FILTER_ORDER;
+    }
 }

core/src/main/java/org/springframework/security/ui/logout/LogoutFilter.java

@@ -27,6 +27,8 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.security.Authentication;
+import org.springframework.security.ui.SpringSecurityFilter;
+import org.springframework.security.ui.FilterChainOrderUtils;
 import org.springframework.security.util.RedirectUtils;
 import org.springframework.security.context.SecurityContextHolder;
 import org.apache.commons.logging.Log;
@@ -51,7 +53,7 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  * @version $Id$
  */
-public class LogoutFilter implements Filter {
+public class LogoutFilter extends SpringSecurityFilter {
     //~ Static fields/initializers =====================================================================================
 
     private static final Log logger = LogFactory.getLog(LogoutFilter.class);
@@ -74,26 +76,10 @@ public class LogoutFilter implements Filter {
 
     //~ Methods ========================================================================================================
 
-    /**
-     * Not used. Use IoC container lifecycle methods instead.
-     */
-    public void destroy() {
-    }
-
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
+    public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException,
             ServletException {
-        if (!(request instanceof HttpServletRequest)) {
-            throw new ServletException("Can only process HttpServletRequest");
-        }
-
-        if (!(response instanceof HttpServletResponse)) {
-            throw new ServletException("Can only process HttpServletResponse");
-        }
-
-        HttpServletRequest httpRequest = (HttpServletRequest) request;
-        HttpServletResponse httpResponse = (HttpServletResponse) response;
 
-        if (requiresLogout(httpRequest, httpResponse)) {
+        if (requiresLogout(request, response)) {
             Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 
             if (logger.isDebugEnabled()) {
@@ -101,10 +87,10 @@ public class LogoutFilter implements Filter {
             }
 
             for (int i = 0; i < handlers.length; i++) {
-                handlers[i].logout(httpRequest, httpResponse, auth);
+                handlers[i].logout(request, response, auth);
             }
 
-            sendRedirect(httpRequest, httpResponse, logoutSuccessUrl);
+            sendRedirect(request, response, logoutSuccessUrl);
 
             return;
         }
@@ -112,16 +98,6 @@ public class LogoutFilter implements Filter {
         chain.doFilter(request, response);
     }
 
-    /**
-     * Not used. Use IoC container lifecycle methods instead.
-     *
-     * @param arg0 ignored
-     *
-     * @throws ServletException ignored
-     */
-    public void init(FilterConfig arg0) throws ServletException {
-	}
-
     /**
      * Allow subclasses to modify when a logout should take place.
      *
@@ -180,4 +156,8 @@ public class LogoutFilter implements Filter {
     public void setUseRelativeContext(boolean useRelativeContext) {
         this.useRelativeContext = useRelativeContext;
     }
+
+    public int getOrder() {
+        return FilterChainOrderUtils.LOGOUT_FILTER_ORDER;
+    }
 }

core/src/main/java/org/springframework/security/ui/webapp/AuthenticationProcessingFilter.java

@@ -21,10 +21,9 @@ import org.springframework.security.AuthenticationException;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 
 import org.springframework.security.ui.AbstractProcessingFilter;
+import org.springframework.security.ui.FilterChainOrderUtils;
 import org.springframework.util.Assert;
 
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 
 
@@ -90,8 +89,6 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
         return "/j_spring_security_check";
     }
 
-    public void init(FilterConfig filterConfig) throws ServletException {}
-
     /**
      * Enables subclasses to override the composition of the password, such as by including additional values
      * and a separator.<p>This might be used for example if a postcode/zipcode was required in addition to the
@@ -150,4 +147,16 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
         Assert.hasText(passwordParameter, "Password parameter must not be empty or null");
         this.passwordParameter = passwordParameter;
     }
+
+    public int getOrder() {
+        return FilterChainOrderUtils.AUTH_PROCESSING_FILTER_ORDER;
+    }
+
+    String getUsernameParameter() {
+        return usernameParameter;
+    }
+
+    String getPasswordParameter() {
+        return passwordParameter;
+    }
 }

core/src/test/java/org/springframework/security/ui/AbstractProcessingFilterTests.java

@@ -480,6 +480,10 @@ public class AbstractProcessingFilterTests extends TestCase {
         public boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
             return super.requiresAuthentication(request, response);
         }
+
+        public int getOrder() {
+            return 0;
+        }
     }
 
     private class MockFilterChain implements FilterChain {

core/src/test/java/org/springframework/security/ui/ExceptionTranslationFilterTests.java

@@ -46,8 +46,7 @@ import javax.servlet.ServletResponse;
  * benalex $
  */
 public class ExceptionTranslationFilterTests extends TestCase {
-	// ~ Constructors
-	// ===================================================================================================
+	//~ Constructors ===================================================================================================
 
 	public ExceptionTranslationFilterTests() {
 		super();
@@ -57,16 +56,8 @@ public class ExceptionTranslationFilterTests extends TestCase {
 		super(arg0);
 	}
 
-	// ~ Methods
-	// ========================================================================================================
+	//~ Methods ========================================================================================================
 
-	public static void main(String[] args) {
-		junit.textui.TestRunner.run(ExceptionTranslationFilterTests.class);
-	}
-
-	public final void setUp() throws Exception {
-		super.setUp();
-	}
 
 	protected void tearDown() throws Exception {
 		super.tearDown();
@@ -139,7 +130,7 @@ public class ExceptionTranslationFilterTests extends TestCase {
 			fail("Should have thrown ServletException");
 		}
 		catch (ServletException expected) {
-			assertEquals("HttpServletRequest required", expected.getMessage());
+			assertEquals("Can only process HttpServletRequest", expected.getMessage());
 		}
 	}
 
@@ -152,7 +143,7 @@ public class ExceptionTranslationFilterTests extends TestCase {
 			fail("Should have thrown ServletException");
 		}
 		catch (ServletException expected) {
-			assertEquals("HttpServletResponse required", expected.getMessage());
+			assertEquals("Can only process HttpServletResponse", expected.getMessage());
 		}
 	}