SEC-1055: Converted interfaces and methods using ServletRequest/Response to HttpServletRequest/Response where appropriate.

cas/src/main/java/org/springframework/security/ui/cas/CasProcessingFilterEntryPoint.java

@@ -18,8 +18,7 @@ package org.springframework.security.ui.cas;
 import java.io.IOException;
 
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.jasig.cas.client.util.CommonUtils;
@@ -66,7 +65,7 @@ public class CasProcessingFilterEntryPoint implements AuthenticationEntryPoint,
         Assert.notNull(this.serviceProperties, "serviceProperties must be specified");
     }
 
-    public void commence(final ServletRequest servletRequest, final ServletResponse servletResponse,
+    public void commence(final HttpServletRequest servletRequest, final HttpServletResponse servletResponse,
     		final AuthenticationException authenticationException) throws IOException, ServletException {
 
         final HttpServletResponse response = (HttpServletResponse) servletResponse;

core/src/main/java/org/springframework/security/intercept/web/FilterInvocation.java

@@ -27,9 +27,10 @@ import javax.servlet.http.HttpServletResponse;
 /**
  * Holds objects associated with a HTTP filter.<P>Guarantees the request and response are instances of
  * <code>HttpServletRequest</code> and <code>HttpServletResponse</code>, and that there are no <code>null</code>
- * objects.</p>
- *  <P>Required so that security system classes can obtain access to the filter environment, as well as the request
- * and response.</p>
+ * objects.
+ * <p>
+ * Required so that security system classes can obtain access to the filter environment, as well as the request
+ * and response.
  *
  * @author Ben Alex
  * @author colin sampaleanu
@@ -39,8 +40,8 @@ public class FilterInvocation {
     //~ Instance fields ================================================================================================
 
     private FilterChain chain;
-    private ServletRequest request;
-    private ServletResponse response;
+    private HttpServletRequest request;
+    private HttpServletResponse response;
 
     //~ Constructors ===================================================================================================
 
@@ -49,16 +50,8 @@ public class FilterInvocation {
             throw new IllegalArgumentException("Cannot pass null values to constructor");
         }
 
-        if (!(request instanceof HttpServletRequest)) {
-            throw new IllegalArgumentException("Can only process HttpServletRequest");
-        }
-
-        if (!(response instanceof HttpServletResponse)) {
-            throw new IllegalArgumentException("Can only process HttpServletResponse");
-        }
-
-        this.request = request;
-        this.response = response;
+        this.request = (HttpServletRequest) request;
+        this.response = (HttpServletResponse) response;
         this.chain = chain;
     }
 
@@ -69,8 +62,10 @@ public class FilterInvocation {
     }
 
     /**
-     * Indicates the URL that the user agent used for this request.<P>The returned URL does <b>not</b> reflect
-     * the port number determined from a {@link org.springframework.security.util.PortResolver}.</p>
+     * Indicates the URL that the user agent used for this request.
+     * <p>
+     * The returned URL does <b>not</b> reflect the port number determined from a
+     * {@link org.springframework.security.util.PortResolver}.
      *
      * @return the full URL of this request
      */
@@ -79,17 +74,13 @@ public class FilterInvocation {
     }
 
     public HttpServletRequest getHttpRequest() {
-        return (HttpServletRequest) request;
+        return request;
     }
 
     public HttpServletResponse getHttpResponse() {
         return (HttpServletResponse) response;
     }
 
-    public ServletRequest getRequest() {
-        return request;
-    }
-
     /**
      * Obtains the web application-specific fragment of the URL.
      *
@@ -99,8 +90,12 @@ public class FilterInvocation {
         return UrlUtils.getRequestUrl(this);
     }
 
-    public ServletResponse getResponse() {
-        return response;
+    public HttpServletRequest getRequest() {
+        return getHttpRequest();
+    }
+
+    public HttpServletResponse getResponse() {
+        return getHttpResponse();
     }
 
     public String toString() {

core/src/main/java/org/springframework/security/intercept/web/FilterSecurityInterceptor.java

@@ -32,10 +32,12 @@ import javax.servlet.ServletResponse;
 
 
 /**
- * Performs security handling of HTTP resources via a filter implementation.<p>The
- * <code>ObjectDefinitionSource</code> required by this security interceptor is of type {@link
- * FilterInvocationDefinitionSource}.</p>
- *  <p>Refer to {@link AbstractSecurityInterceptor} for details on the workflow.</p>
+ * Performs security handling of HTTP resources via a filter implementation.
+ * <p>
+ * The <code>ObjectDefinitionSource</code> required by this security interceptor is of type {@link
+ * FilterInvocationDefinitionSource}.
+ * <p>
+ * Refer to {@link AbstractSecurityInterceptor} for details on the workflow.</p>
  *
  * @author Ben Alex
  * @version $Id$
@@ -78,7 +80,7 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
      * @throws ServletException if the filter chain fails
      */
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
-        throws IOException, ServletException {
+            throws IOException, ServletException {
         FilterInvocation fi = new FilterInvocation(request, response, chain);
         invoke(fi);
     }
@@ -93,7 +95,7 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
 
     public void invoke(FilterInvocation fi) throws IOException, ServletException {
         if ((fi.getRequest() != null) && (fi.getRequest().getAttribute(FILTER_APPLIED) != null)
-            && observeOncePerRequest) {
+                && observeOncePerRequest) {
             // filter already applied to this request and user wants us to observce
             // once-per-request handling, so don't re-do security checking
             fi.getChain().doFilter(fi.getRequest(), fi.getResponse());

core/src/main/java/org/springframework/security/securechannel/AbstractRetryEntryPoint.java

@@ -9,8 +9,6 @@ import org.springframework.util.Assert;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -42,7 +40,7 @@ public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {
 
     //~ Methods ========================================================================================================
 
-    public void commence(ServletRequest req, ServletResponse res) throws IOException, ServletException {
+    public void commence(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException {
         HttpServletRequest request = (HttpServletRequest) req;
 
         String pathInfo = request.getPathInfo();

core/src/main/java/org/springframework/security/securechannel/ChannelEntryPoint.java

@@ -18,19 +18,17 @@ package org.springframework.security.securechannel;
 import java.io.IOException;
 
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 
 /**
  * May be used by a {@link ChannelProcessor} to launch a web channel.
  *
- * <P>
- * <code>ChannelProcessor</code>s can elect to launch a new web channel
- * directly, or they can delegate to another class. The
- * <code>ChannelEntryPoint</code> is a pluggable interface to assist
- * <code>ChannelProcessor</code>s in performing this delegation.
- * </p>
+ * <p>
+ * <code>ChannelProcessor</code>s can elect to launch a new web channel directly, or they can delegate to another class.
+ * The <code>ChannelEntryPoint</code> is a pluggable interface to assist <code>ChannelProcessor</code>s in performing
+ * this delegation.
  *
  * @author Ben Alex
  * @version $Id$
@@ -39,16 +37,14 @@ public interface ChannelEntryPoint {
     //~ Methods ========================================================================================================
 
     /**
-     * Commences a secure channel.<P>Implementations should modify the headers on the
-     * <code>ServletResponse</code> as necessary to commence the user agent using the implementation's supported
-     * channel type.</p>
+     * Commences a secure channel.
+     * <p>
+     * Implementations should modify the headers on the <code>ServletResponse</code> as necessary to commence the user
+     * agent using the implementation's supported channel type.
      *
      * @param request that a <code>ChannelProcessor</code> has rejected
      * @param response so that the user agent can begin using a new channel
      *
-     * @throws IOException DOCUMENT ME!
-     * @throws ServletException DOCUMENT ME!
      */
-    void commence(ServletRequest request, ServletResponse response)
-        throws IOException, ServletException;
+    void commence(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException;
 }

core/src/main/java/org/springframework/security/ui/AccessDeniedHandler.java

@@ -20,8 +20,8 @@ import org.springframework.security.AccessDeniedException;
 import java.io.IOException;
 
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 
 /**
@@ -44,6 +44,6 @@ public interface AccessDeniedHandler {
      * @throws IOException in the event of an IOException
      * @throws ServletException in the event of a ServletException
      */
-    void handle(ServletRequest request, ServletResponse response, AccessDeniedException accessDeniedException)
+    void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException)
         throws IOException, ServletException;
 }

core/src/main/java/org/springframework/security/ui/AccessDeniedHandlerImpl.java

@@ -15,28 +15,27 @@
 
 package org.springframework.security.ui;
 
-import org.springframework.security.AccessDeniedException;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import java.io.IOException;
 
 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.security.AccessDeniedException;
+
 
 /**
- * Base implementation of {@link AccessDeniedHandler}.<p>This implementation sends a 403 (SC_FORBIDDEN) HTTP error
- * code. In addition, if a {@link #errorPage} is defined, the implementation will perform a request dispatcher
- * "forward" to the specified error page view. Being a "forward", the <code>SecurityContextHolder</code> will remain
+ * Base implementation of {@link AccessDeniedHandler}.
+ * <p>
+ * This implementation sends a 403 (SC_FORBIDDEN) HTTP error code. In addition, if an {@link #errorPage} is defined,
+ * the implementation will perform a request dispatcher "forward" to the specified error page view.
+ * Being a "forward", the <code>SecurityContextHolder</code> will remain
  * populated. This is of benefit if the view (or a tag library or macro) wishes to access the
  * <code>SecurityContextHolder</code>. The request scope will also be populated with the exception itself, available
- * from the key {@link #SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY}.</p>
+ * from the key {@link #SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY}.
  *
  * @author Ben Alex
  * @version $Id$
@@ -53,7 +52,7 @@ public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
 
     //~ Methods ========================================================================================================
 
-    public void handle(ServletRequest request, ServletResponse response, AccessDeniedException accessDeniedException)
+    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException)
             throws IOException, ServletException {
         if (!response.isCommitted()) {
             if (errorPage != null) {
@@ -61,15 +60,13 @@ public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
                 request.setAttribute(SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY, accessDeniedException);
 
                 // Set the 403 status code.
-                HttpServletResponse resp = (HttpServletResponse) response;
-                resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
+                response.setStatus(HttpServletResponse.SC_FORBIDDEN);
 
                 // forward to error page.
                 RequestDispatcher dispatcher = request.getRequestDispatcher(errorPage);
                 dispatcher.forward(request, response);
             } else {
-                HttpServletResponse resp = (HttpServletResponse) response;
-                resp.sendError(HttpServletResponse.SC_FORBIDDEN, accessDeniedException.getMessage());
+                response.sendError(HttpServletResponse.SC_FORBIDDEN, accessDeniedException.getMessage());
             }
         }
     }

core/src/main/java/org/springframework/security/ui/AuthenticationEntryPoint.java

@@ -20,13 +20,12 @@ import org.springframework.security.AuthenticationException;
 import java.io.IOException;
 
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 
 /**
- * Used by {@link ExceptionTranslationFilter} to commence an authentication
- * scheme.
+ * Used by {@link ExceptionTranslationFilter} to commence an authentication scheme.
  *
  * @author Ben Alex
  * @version $Id$
@@ -39,16 +38,16 @@ public interface AuthenticationEntryPoint {
      * <p>
      * <code>ExceptionTranslationFilter</code> will populate the <code>HttpSession</code> attribute named
      * <code>AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY</code> with the requested target URL before
-     * calling this method.</p>
-     *
-     * <p>Implementations should modify the headers on the <code>ServletResponse</code> as necessary to
-     * commence the authentication process.</p>
+     * calling this method.
+     * <p>
+     * Implementations should modify the headers on the <code>ServletResponse</code> as necessary to
+     * commence the authentication process.
      *
      * @param request that resulted in an <code>AuthenticationException</code>
      * @param response so that the user agent can begin authentication
      * @param authException that caused the invocation
      *
      */
-    void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
+    void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
         throws IOException, ServletException;
 }

core/src/main/java/org/springframework/security/ui/ExceptionTranslationFilter.java

@@ -35,8 +35,6 @@ import java.io.IOException;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -139,7 +137,7 @@ public class ExceptionTranslationFilter extends SpringSecurityFilter implements
         return portResolver;
     }
 
-    private void handleException(ServletRequest request, ServletResponse response, FilterChain chain,
+    private void handleException(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
             SpringSecurityException exception) throws IOException, ServletException {
         if (exception instanceof AuthenticationException) {
             if (logger.isDebugEnabled()) {
@@ -188,7 +186,7 @@ public class ExceptionTranslationFilter extends SpringSecurityFilter implements
         return createSessionAllowed;
     }
 
-    protected void sendStartAuthentication(ServletRequest request, ServletResponse response, FilterChain chain,
+    protected void sendStartAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
             AuthenticationException reason) throws ServletException, IOException {
         HttpServletRequest httpRequest = (HttpServletRequest) request;
 

core/src/main/java/org/springframework/security/ui/FilterChainOrder.java

@@ -31,6 +31,7 @@ public abstract class FilterChainOrder {
     public static final int AUTHENTICATION_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
     public static final int OPENID_PROCESSING_FILTER    = FILTER_CHAIN_FIRST + INTERVAL * i++;
     public static final int LOGIN_PAGE_FILTER           = FILTER_CHAIN_FIRST + INTERVAL * i++;
+    public static final int DIGEST_PROCESSING_FILTER     = FILTER_CHAIN_FIRST + INTERVAL * i++;
     public static final int BASIC_PROCESSING_FILTER     = FILTER_CHAIN_FIRST + INTERVAL * i++;
     public static final int SERVLET_API_SUPPORT_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
     public static final int REMEMBER_ME_FILTER          = FILTER_CHAIN_FIRST + INTERVAL * i++;

core/src/main/java/org/springframework/security/ui/SpringSecurityFilter.java

@@ -24,7 +24,7 @@ import java.io.IOException;
  */
 public abstract class SpringSecurityFilter implements Filter, Ordered {
     protected final Log logger = LogFactory.getLog(this.getClass());
-    
+
     /**
      * Does nothing. We use IoC container lifecycle services instead.
      *
@@ -41,15 +41,6 @@ public abstract class SpringSecurityFilter implements Filter, Ordered {
     }
 
     public final void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
-        // Do we really need the checks on the types in practice ?
-        if (!(request instanceof HttpServletRequest)) {
-            throw new ServletException("Can only process HttpServletRequest");
-        }
-
-        if (!(response instanceof HttpServletResponse)) {
-            throw new ServletException("Can only process HttpServletResponse");
-        }
-
         doFilterHttp((HttpServletRequest)request, (HttpServletResponse)response, chain);
     }
 
@@ -58,4 +49,4 @@ public abstract class SpringSecurityFilter implements Filter, Ordered {
     public String toString() {
         return getClass().getName() + "[ order=" + getOrder() + "; ]";
     }
-}
+}

core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilterEntryPoint.java

@@ -18,8 +18,7 @@ package org.springframework.security.ui.basicauth;
 import java.io.IOException;
 
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.security.AuthenticationException;
@@ -32,7 +31,7 @@ import org.springframework.util.Assert;
  * Used by the <code>SecurityEnforcementFilter</code> to commence authentication via the {@link
  * BasicProcessingFilter}.<P>Once a user agent is authenticated using BASIC authentication, logout requires that
  * the browser be closed or an unauthorized (401) header be sent. The simplest way of achieving the latter is to call
- * the {@link #commence(ServletRequest, ServletResponse, AuthenticationException)} method below. This will indicate to
+ * the {@link #commence(HttpServletRequest, HttpServletResponse, AuthenticationException)} method below. This will indicate to
  * the browser its credentials are no longer authorized, causing it to prompt the user to login again.</p>
  *
  * @author Ben Alex
@@ -49,7 +48,7 @@ public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint
 		Assert.hasText(realmName, "realmName must be specified");
     }
 
-    public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
         throws IOException, ServletException {
         HttpServletResponse httpResponse = (HttpServletResponse) response;
         httpResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\"");

core/src/main/java/org/springframework/security/ui/digestauth/DigestProcessingFilter.java

@@ -20,11 +20,9 @@ import java.util.Map;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.codec.digest.DigestUtils;
@@ -43,6 +41,8 @@ import org.springframework.security.providers.UsernamePasswordAuthenticationToke
 import org.springframework.security.providers.dao.UserCache;
 import org.springframework.security.providers.dao.cache.NullUserCache;
 import org.springframework.security.ui.AuthenticationDetailsSource;
+import org.springframework.security.ui.FilterChainOrder;
+import org.springframework.security.ui.SpringSecurityFilter;
 import org.springframework.security.ui.WebAuthenticationDetailsSource;
 import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.UserDetailsService;
@@ -78,7 +78,7 @@ import org.springframework.util.StringUtils;
  * than Basic authentication. Please see RFC 2617 section 4 for a full discussion on the advantages of Digest
  * authentication over Basic authentication, including commentary on the limitations that it still imposes.
  */
-public class DigestProcessingFilter implements Filter, InitializingBean, MessageSourceAware {
+public class DigestProcessingFilter extends SpringSecurityFilter implements Filter, InitializingBean, MessageSourceAware {
     //~ Static fields/initializers =====================================================================================
 
     private static final Log logger = LogFactory.getLog(DigestProcessingFilter.class);
@@ -99,15 +99,9 @@ public class DigestProcessingFilter implements Filter, InitializingBean, Message
         Assert.notNull(authenticationEntryPoint, "A DigestProcessingFilterEntryPoint is required");
     }
 
-    public void destroy() {
-    }
-
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+    public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
             throws IOException, ServletException {
-
-        HttpServletRequest httpRequest = (HttpServletRequest) request;
-
-        String header = httpRequest.getHeader("Authorization");
+        String header = request.getHeader("Authorization");
 
         if (logger.isDebugEnabled()) {
             logger.debug("Authorization header received from user agent: " + header);
@@ -322,7 +316,7 @@ public class DigestProcessingFilter implements Filter, InitializingBean, Message
         return a1Md5;
     }
 
-    private void fail(ServletRequest request, ServletResponse response, AuthenticationException failed)
+    private void fail(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed)
             throws IOException, ServletException {
         SecurityContextHolder.getContext().setAuthentication(null);
 
@@ -394,9 +388,6 @@ public class DigestProcessingFilter implements Filter, InitializingBean, Message
         return userDetailsService;
     }
 
-    public void init(FilterConfig ignored) throws ServletException {
-    }
-
     public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
         Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
         this.authenticationDetailsSource = authenticationDetailsSource;
@@ -421,4 +412,8 @@ public class DigestProcessingFilter implements Filter, InitializingBean, Message
     public void setUserDetailsService(UserDetailsService userDetailsService) {
         this.userDetailsService = userDetailsService;
     }
+
+    public int getOrder() {
+        return FilterChainOrder.DIGEST_PROCESSING_FILTER;
+    }
 }

core/src/main/java/org/springframework/security/ui/digestauth/DigestProcessingFilterEntryPoint.java

@@ -18,8 +18,7 @@ package org.springframework.security.ui.digestauth;
 import java.io.IOException;
 
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.security.AuthenticationException;
@@ -75,7 +74,7 @@ public class DigestProcessingFilterEntryPoint implements AuthenticationEntryPoin
         }
     }
 
-    public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
         throws IOException, ServletException {
         HttpServletResponse httpResponse = (HttpServletResponse) response;
 

core/src/main/java/org/springframework/security/ui/preauth/PreAuthenticatedProcessingFilterEntryPoint.java

@@ -6,8 +6,7 @@ import org.springframework.security.ui.AuthenticationEntryPoint;
 import java.io.IOException;
 
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
@@ -46,7 +45,7 @@ public class PreAuthenticatedProcessingFilterEntryPoint implements Authenticatio
 	/**
 	 * Always returns a 403 error code to the client.
 	 */
-	public void commence(ServletRequest request, ServletResponse response, AuthenticationException arg2) throws IOException,
+	public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException arg2) throws IOException,
 			ServletException {
 		if (logger.isDebugEnabled()) {
 			logger.debug("Pre-authenticated entry point called. Rejecting access");

core/src/main/java/org/springframework/security/ui/webapp/AuthenticationProcessingFilterEntryPoint.java

@@ -36,8 +36,6 @@ import java.io.IOException;
 
 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -103,7 +101,7 @@ public class AuthenticationProcessingFilterEntryPoint implements AuthenticationE
     /**
      * Performs the redirect (or forward) to the login form URL.
      */
-    public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
             throws IOException, ServletException {
 
         HttpServletRequest httpRequest = (HttpServletRequest) request;

core/src/main/java/org/springframework/security/util/FilterToBeanProxy.java

@@ -92,7 +92,7 @@ public class FilterToBeanProxy implements Filter {
     }
 
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
-        throws IOException, ServletException {
+            throws IOException, ServletException {
         if (!initialized) {
             doInit();
         }

core/src/test/java/org/springframework/security/MockAuthenticationEntryPoint.java

@@ -18,8 +18,6 @@ package org.springframework.security;
 import java.io.IOException;
 
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -39,15 +37,14 @@ public class MockAuthenticationEntryPoint implements AuthenticationEntryPoint {
 
     //~ Constructors ===================================================================================================
 
-	public MockAuthenticationEntryPoint(String url) {
+    public MockAuthenticationEntryPoint(String url) {
         this.url = url;
     }
 
     //~ Methods ========================================================================================================
 
-    public void commence(ServletRequest request, ServletResponse response,
-        AuthenticationException authenticationException)
-        throws IOException, ServletException {
-        ((HttpServletResponse) response).sendRedirect(((HttpServletRequest) request).getContextPath() + url);
+    public void commence(HttpServletRequest request, HttpServletResponse response,
+            AuthenticationException authenticationException) throws IOException, ServletException {
+        response.sendRedirect(request.getContextPath() + url);
     }
 }

core/src/test/java/org/springframework/security/securechannel/ChannelProcessingFilterTests.java

@@ -157,26 +157,6 @@ public class ChannelProcessingFilterTests extends TestCase {
         assertTrue(true);
     }
 
-    public void testDoFilterWithNonHttpServletRequestDetected() throws Exception {
-        ChannelProcessingFilter filter = new ChannelProcessingFilter();
-
-        try {
-            filter.doFilter(null, new MockHttpServletResponse(), new MockFilterChain());
-            fail("Should have thrown ServletException");
-        } catch (ServletException expected) {
-        }
-    }
-
-    public void testDoFilterWithNonHttpServletResponseDetected() throws Exception {
-        ChannelProcessingFilter filter = new ChannelProcessingFilter();
-
-        try {
-            filter.doFilter(new MockHttpServletRequest(null, null), null, new MockFilterChain());
-            fail("Should have thrown ServletException");
-        } catch (ServletException expected) {
-        }
-    }
-
     public void testGetterSetters() throws Exception {
         ChannelProcessingFilter filter = new ChannelProcessingFilter();
         filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "MOCK"));

core/src/test/java/org/springframework/security/ui/ExceptionTranslationFilterTests.java

@@ -27,6 +27,7 @@ import org.springframework.security.MockPortResolver;
 import org.springframework.security.context.SecurityContextHolder;
 
 import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
+import org.springframework.security.util.AuthorityUtils;
 
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
@@ -46,296 +47,270 @@ import javax.servlet.ServletResponse;
  * benalex $
  */
 public class ExceptionTranslationFilterTests extends TestCase {
-	//~ Methods ========================================================================================================
-
-	protected void tearDown() throws Exception {
-		super.tearDown();
-		SecurityContextHolder.clearContext();
-	}
-
-	public void testAccessDeniedWhenAnonymous() throws Exception {
-		// Setup our HTTP request
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.setServletPath("/secure/page.html");
-		request.setServerPort(80);
-		request.setScheme("http");
-		request.setServerName("www.example.com");
-		request.setContextPath("/mycontext");
-		request.setRequestURI("/mycontext/secure/page.html");
-
-		// Setup the FilterChain to thrown an access denied exception
-		MockFilterChain chain = new MockFilterChain(true, false, false, false);
-
-		// Setup SecurityContextHolder, as filter needs to check if user is
-		// anonymous
-		SecurityContextHolder.getContext().setAuthentication(
-				new AnonymousAuthenticationToken("ignored", "ignored",
-						new GrantedAuthority[] { new GrantedAuthorityImpl("IGNORED") }));
-
-		// Test
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
-		filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
-
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		filter.doFilter(request, response, chain);
-		assertEquals("/mycontext/login.jsp", response.getRedirectedUrl());
-		assertEquals("http://www.example.com/mycontext/secure/page.html", AbstractProcessingFilter
-				.obtainFullSavedRequestUrl(request));
-	}
-
-	public void testAccessDeniedWhenNonAnonymous() throws Exception {
-		// Setup our HTTP request
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.setServletPath("/secure/page.html");
-
-		// Setup the FilterChain to thrown an access denied exception
-		MockFilterChain chain = new MockFilterChain(true, false, false, false);
-
-		// Setup SecurityContextHolder, as filter needs to check if user is
-		// anonymous
-		SecurityContextHolder.getContext().setAuthentication(null);
-
-		// Setup a new AccessDeniedHandlerImpl that will do a "forward"
-		AccessDeniedHandlerImpl adh = new AccessDeniedHandlerImpl();
-		adh.setErrorPage("/error.jsp");
-
-		// Test
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
-		filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
-		filter.setAccessDeniedHandler(adh);
-
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		filter.doFilter(request, response, chain);
-		assertEquals(403, response.getStatus());
-		assertEquals(AccessDeniedException.class, request.getAttribute(
-				AccessDeniedHandlerImpl.SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY).getClass());
-	}
-
-	public void testDoFilterWithNonHttpServletRequestDetected() throws Exception {
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
-
-		try {
-			filter.doFilter(null, new MockHttpServletResponse(), new MockFilterChain(false, false, false, false));
-			fail("Should have thrown ServletException");
-		}
-		catch (ServletException expected) {
-			assertEquals("Can only process HttpServletRequest", expected.getMessage());
-		}
-	}
-
-	public void testDoFilterWithNonHttpServletResponseDetected() throws Exception {
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
-
-		try {
-			filter.doFilter(new MockHttpServletRequest(null, null), null, new MockFilterChain(false, false, false,
-					false));
-			fail("Should have thrown ServletException");
-		}
-		catch (ServletException expected) {
-			assertEquals("Can only process HttpServletResponse", expected.getMessage());
-		}
-	}
-
-	public void testGettersSetters() {
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
-
-		filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
-		assertTrue(filter.getAuthenticationEntryPoint() != null);
-
-		filter.setPortResolver(new MockPortResolver(80, 443));
-		assertTrue(filter.getPortResolver() != null);
-	}
-
-	public void testRedirectedToLoginFormAndSessionShowsOriginalTargetWhenAuthenticationException() throws Exception {
-		// Setup our HTTP request
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.setServletPath("/secure/page.html");
-		request.setServerPort(80);
-		request.setScheme("http");
-		request.setServerName("www.example.com");
-		request.setContextPath("/mycontext");
-		request.setRequestURI("/mycontext/secure/page.html");
-
-		// Setup the FilterChain to thrown an authentication failure exception
-		MockFilterChain chain = new MockFilterChain(false, true, false, false);
-
-		// Test
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
-		filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
-		filter.setPortResolver(new MockPortResolver(80, 443));
-		/*
-		 * Disabled the call to afterPropertiesSet as it requires
-		 * applicationContext to be injected before it is invoked. We do not
-		 * have this filter configured in IOC for this test hence no
-		 * ApplicationContext
-		 */
-		// filter.afterPropertiesSet();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		filter.doFilter(request, response, chain);
-		assertEquals("/mycontext/login.jsp", response.getRedirectedUrl());
-		assertEquals("http://www.example.com/mycontext/secure/page.html", AbstractProcessingFilter
-				.obtainFullSavedRequestUrl(request));
-	}
-
-	public void testRedirectedToLoginFormAndSessionShowsOriginalTargetWithExoticPortWhenAuthenticationException()
-			throws Exception {
-		// Setup our HTTP request
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.setServletPath("/secure/page.html");
-		request.setServerPort(8080);
-		request.setScheme("http");
-		request.setServerName("www.example.com");
-		request.setContextPath("/mycontext");
-		request.setRequestURI("/mycontext/secure/page.html");
-
-		// Setup the FilterChain to thrown an authentication failure exception
-		MockFilterChain chain = new MockFilterChain(false, true, false, false);
-
-		// Test
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
-		filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
-		filter.setPortResolver(new MockPortResolver(8080, 8443));
-		/*
-		 * Disabled the call to afterPropertiesSet as it requires
-		 * applicationContext to be injected before it is invoked. We do not
-		 * have this filter configured in IOC for this test hence no
-		 * ApplicationContext
-		 */
-		// filter.afterPropertiesSet();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		filter.doFilter(request, response, chain);
-		assertEquals("/mycontext/login.jsp", response.getRedirectedUrl());
-		assertEquals("http://www.example.com:8080/mycontext/secure/page.html", AbstractProcessingFilter
-				.obtainFullSavedRequestUrl(request));
-	}
-
-	public void testStartupDetectsMissingAuthenticationEntryPoint() throws Exception {
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
-
-		try {
-			filter.afterPropertiesSet();
-			fail("Should have thrown IllegalArgumentException");
-		}
-		catch (IllegalArgumentException expected) {
-			assertEquals("authenticationEntryPoint must be specified", expected.getMessage());
-		}
-	}
-
-	public void testStartupDetectsMissingPortResolver() throws Exception {
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
-		filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
-		filter.setPortResolver(null);
-
-		try {
-			filter.afterPropertiesSet();
-			fail("Should have thrown IllegalArgumentException");
-		}
-		catch (IllegalArgumentException expected) {
-			assertEquals("portResolver must be specified", expected.getMessage());
-		}
-	}
-
-	public void testSuccessfulAccessGrant() throws Exception {
-		// Setup our HTTP request
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.setServletPath("/secure/page.html");
-
-		// Setup the FilterChain to thrown no exceptions
-		MockFilterChain chain = new MockFilterChain(false, false, false, false);
-
-		// Test
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
-		filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
-
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		filter.doFilter(request, response, chain);
-	}
-
-	public void testSuccessfulStartupAndShutdownDown() throws Exception {
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
-
-		filter.init(null);
-		filter.destroy();
-		assertTrue(true);
-	}
-
-	public void testThrowIOException() throws Exception {
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
-
-		filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(""));
-		/*
-		 * Disabled the call to afterPropertiesSet as it requires
-		 * applicationContext to be injected before it is invoked. We do not
-		 * have this filter configured in IOC for this test hence no
-		 * ApplicationContext
-		 */
-		// filter.afterPropertiesSet();
-		try {
-			filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain(false,
-					false, false, true));
-			fail("Should have thrown IOException");
-		}
-		catch (IOException e) {
-			assertNull("The IOException thrown should not have been wrapped", e.getCause());
-		}
-	}
-
-	public void testThrowServletException() throws Exception {
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
-
-		filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(""));
-		/*
-		 * Disabled the call to afterPropertiesSet as it requires
-		 * applicationContext to be injected before it is invoked. We do not
-		 * have this filter configured in IOC for this test hence no
-		 * ApplicationContext
-		 */
-		// filter.afterPropertiesSet();
-		try {
-			filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain(false,
-					false, true, false));
-			fail("Should have thrown ServletException");
-		}
-		catch (ServletException e) {
-			assertNull("The ServletException thrown should not have been wrapped", e.getCause());
-		}
-	}
-
-	// ~ Inner Classes =================================================================================================
-
-	private class MockFilterChain implements FilterChain {
-		private boolean throwAccessDenied;
-
-		private boolean throwAuthenticationFailure;
-
-		private boolean throwIOException;
-
-		private boolean throwServletException;
-
-		public MockFilterChain(boolean throwAccessDenied, boolean throwAuthenticationFailure,
-				boolean throwServletException, boolean throwIOException) {
-			this.throwAccessDenied = throwAccessDenied;
-			this.throwAuthenticationFailure = throwAuthenticationFailure;
-			this.throwServletException = throwServletException;
-			this.throwIOException = throwIOException;
-		}
-
-		public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
-			if (throwAccessDenied) {
-				throw new AccessDeniedException("As requested");
-			}
-
-			if (throwAuthenticationFailure) {
-				throw new BadCredentialsException("As requested");
-			}
-
-			if (throwServletException) {
-				throw new ServletException("As requested");
-			}
-
-			if (throwIOException) {
-				throw new IOException("As requested");
-			}
-		}
-	}
+    //~ Methods ========================================================================================================
+
+    protected void tearDown() throws Exception {
+        super.tearDown();
+        SecurityContextHolder.clearContext();
+    }
+
+    public void testAccessDeniedWhenAnonymous() throws Exception {
+        // Setup our HTTP request
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setServletPath("/secure/page.html");
+        request.setServerPort(80);
+        request.setScheme("http");
+        request.setServerName("www.example.com");
+        request.setContextPath("/mycontext");
+        request.setRequestURI("/mycontext/secure/page.html");
+
+        // Setup the FilterChain to thrown an access denied exception
+        MockFilterChain chain = new MockFilterChain(true, false, false, false);
+
+        // Setup SecurityContextHolder, as filter needs to check if user is
+        // anonymous
+        SecurityContextHolder.getContext().setAuthentication(
+                new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED")));
+
+        // Test
+        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+        filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
+
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        filter.doFilter(request, response, chain);
+        assertEquals("/mycontext/login.jsp", response.getRedirectedUrl());
+        assertEquals("http://www.example.com/mycontext/secure/page.html", AbstractProcessingFilter
+                .obtainFullSavedRequestUrl(request));
+    }
+
+    public void testAccessDeniedWhenNonAnonymous() throws Exception {
+        // Setup our HTTP request
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setServletPath("/secure/page.html");
+
+        // Setup the FilterChain to thrown an access denied exception
+        MockFilterChain chain = new MockFilterChain(true, false, false, false);
+
+        // Setup SecurityContextHolder, as filter needs to check if user is
+        // anonymous
+        SecurityContextHolder.getContext().setAuthentication(null);
+
+        // Setup a new AccessDeniedHandlerImpl that will do a "forward"
+        AccessDeniedHandlerImpl adh = new AccessDeniedHandlerImpl();
+        adh.setErrorPage("/error.jsp");
+
+        // Test
+        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+        filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
+        filter.setAccessDeniedHandler(adh);
+
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        filter.doFilter(request, response, chain);
+        assertEquals(403, response.getStatus());
+        assertEquals(AccessDeniedException.class, request.getAttribute(
+                AccessDeniedHandlerImpl.SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY).getClass());
+    }
+
+    public void testGettersSetters() {
+        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+
+        filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
+        assertTrue(filter.getAuthenticationEntryPoint() != null);
+
+        filter.setPortResolver(new MockPortResolver(80, 443));
+        assertTrue(filter.getPortResolver() != null);
+    }
+
+    public void testRedirectedToLoginFormAndSessionShowsOriginalTargetWhenAuthenticationException() throws Exception {
+        // Setup our HTTP request
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setServletPath("/secure/page.html");
+        request.setServerPort(80);
+        request.setScheme("http");
+        request.setServerName("www.example.com");
+        request.setContextPath("/mycontext");
+        request.setRequestURI("/mycontext/secure/page.html");
+
+        // Setup the FilterChain to thrown an authentication failure exception
+        MockFilterChain chain = new MockFilterChain(false, true, false, false);
+
+        // Test
+        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+        filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
+        filter.setPortResolver(new MockPortResolver(80, 443));
+        /*
+         * Disabled the call to afterPropertiesSet as it requires
+         * applicationContext to be injected before it is invoked. We do not
+         * have this filter configured in IOC for this test hence no
+         * ApplicationContext
+         */
+        // filter.afterPropertiesSet();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        filter.doFilter(request, response, chain);
+        assertEquals("/mycontext/login.jsp", response.getRedirectedUrl());
+        assertEquals("http://www.example.com/mycontext/secure/page.html", AbstractProcessingFilter
+                .obtainFullSavedRequestUrl(request));
+    }
+
+    public void testRedirectedToLoginFormAndSessionShowsOriginalTargetWithExoticPortWhenAuthenticationException()
+            throws Exception {
+        // Setup our HTTP request
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setServletPath("/secure/page.html");
+        request.setServerPort(8080);
+        request.setScheme("http");
+        request.setServerName("www.example.com");
+        request.setContextPath("/mycontext");
+        request.setRequestURI("/mycontext/secure/page.html");
+
+        // Setup the FilterChain to thrown an authentication failure exception
+        MockFilterChain chain = new MockFilterChain(false, true, false, false);
+
+        // Test
+        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+        filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
+        filter.setPortResolver(new MockPortResolver(8080, 8443));
+        /*
+         * Disabled the call to afterPropertiesSet as it requires
+         * applicationContext to be injected before it is invoked. We do not
+         * have this filter configured in IOC for this test hence no
+         * ApplicationContext
+         */
+        // filter.afterPropertiesSet();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        filter.doFilter(request, response, chain);
+        assertEquals("/mycontext/login.jsp", response.getRedirectedUrl());
+        assertEquals("http://www.example.com:8080/mycontext/secure/page.html", AbstractProcessingFilter
+                .obtainFullSavedRequestUrl(request));
+    }
+
+    public void testStartupDetectsMissingAuthenticationEntryPoint() throws Exception {
+        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+
+        try {
+            filter.afterPropertiesSet();
+            fail("Should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            assertEquals("authenticationEntryPoint must be specified", expected.getMessage());
+        }
+    }
+
+    public void testStartupDetectsMissingPortResolver() throws Exception {
+        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+        filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
+        filter.setPortResolver(null);
+
+        try {
+            filter.afterPropertiesSet();
+            fail("Should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            assertEquals("portResolver must be specified", expected.getMessage());
+        }
+    }
+
+    public void testSuccessfulAccessGrant() throws Exception {
+        // Setup our HTTP request
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setServletPath("/secure/page.html");
+
+        // Setup the FilterChain to thrown no exceptions
+        MockFilterChain chain = new MockFilterChain(false, false, false, false);
+
+        // Test
+        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+        filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
+
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        filter.doFilter(request, response, chain);
+    }
+
+    public void testSuccessfulStartupAndShutdownDown() throws Exception {
+        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+
+        filter.init(null);
+        filter.destroy();
+        assertTrue(true);
+    }
+
+    public void testThrowIOException() throws Exception {
+        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+
+        filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(""));
+        /*
+         * Disabled the call to afterPropertiesSet as it requires
+         * applicationContext to be injected before it is invoked. We do not
+         * have this filter configured in IOC for this test hence no
+         * ApplicationContext
+         */
+        // filter.afterPropertiesSet();
+        try {
+            filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain(false,
+                    false, false, true));
+            fail("Should have thrown IOException");
+        }
+        catch (IOException e) {
+            assertNull("The IOException thrown should not have been wrapped", e.getCause());
+        }
+    }
+
+    public void testThrowServletException() throws Exception {
+        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+
+        filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(""));
+        /*
+         * Disabled the call to afterPropertiesSet as it requires
+         * applicationContext to be injected before it is invoked. We do not
+         * have this filter configured in IOC for this test hence no
+         * ApplicationContext
+         */
+        // filter.afterPropertiesSet();
+        try {
+            filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain(false,
+                    false, true, false));
+            fail("Should have thrown ServletException");
+        }
+        catch (ServletException e) {
+            assertNull("The ServletException thrown should not have been wrapped", e.getCause());
+        }
+    }
+
+    // ~ Inner Classes =================================================================================================
+
+    private class MockFilterChain implements FilterChain {
+        private boolean throwAccessDenied;
+
+        private boolean throwAuthenticationFailure;
+
+        private boolean throwIOException;
+
+        private boolean throwServletException;
+
+        public MockFilterChain(boolean throwAccessDenied, boolean throwAuthenticationFailure,
+                boolean throwServletException, boolean throwIOException) {
+            this.throwAccessDenied = throwAccessDenied;
+            this.throwAuthenticationFailure = throwAuthenticationFailure;
+            this.throwServletException = throwServletException;
+            this.throwIOException = throwIOException;
+        }
+
+        public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
+            if (throwAccessDenied) {
+                throw new AccessDeniedException("As requested");
+            }
+
+            if (throwAuthenticationFailure) {
+                throw new BadCredentialsException("As requested");
+            }
+
+            if (throwServletException) {
+                throw new ServletException("As requested");
+            }
+
+            if (throwIOException) {
+                throw new IOException("As requested");
+            }
+        }
+    }
 }

ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilterEntryPoint.java

@@ -25,8 +25,6 @@ import org.springframework.util.Assert;
 import java.io.IOException;
 
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -83,7 +81,7 @@ public class NtlmProcessingFilterEntryPoint implements AuthenticationEntryPoint
 	 * 						{@link NtlmType2MessageException}, or
 	 * 						{@link AuthenticationException}
 	 */
-	public void commence(final ServletRequest request, final ServletResponse response, final AuthenticationException authException) throws IOException, ServletException {
+	public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException, ServletException {
 		final HttpServletResponse resp = (HttpServletResponse) response;
 
 		if (authException instanceof NtlmBaseException) {