SEC-745: Created AuthenticationFailureHandler and AuthenticationSuccessHandler strategy interfaces.

core/src/main/java/org/springframework/security/ui/AuthenticationFailureHandler.java

@@ -0,0 +1,30 @@
+package org.springframework.security.ui;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.AuthenticationException;
+import org.springframework.security.CredentialsExpiredException;
+
+/**
+ * Strategy used to handle a failed authentication attempt.
+ * <p>
+ * Typical behaviour might be to redirect the user to the authentication page (in the case of a form login) to
+ * allow them to try again. More sophisticated logic might be implemented depending on the type of the exception.
+ * For example, a {@link CredentialsExpiredException} might cause a redirect to a web controller which allowed the
+ * user to change their password.
+ *
+ * @author Luke Taylor
+ * @version $Id$
+ * @since 2.5
+ */
+public interface AuthenticationFailureHandler {
+
+    /**
+     * Called when an authentication attempt fails.
+     * @param request the request during which the authentication attempt occurred.
+     * @param response the response.
+     * @param exception the exception which was thrown to reject the authentication request.
+     */
+    void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception);
+}

core/src/main/java/org/springframework/security/ui/AuthenticationSuccessHandler.java

@@ -0,0 +1,32 @@
+package org.springframework.security.ui;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.Authentication;
+
+/**
+ * Strategy used to handle a successful user authentication.
+ * <p>
+ * Implementations can do whatever they want but typical behaviour would be to control the navigation to the
+ * subsequent destination (using a redirect or a forward). For example, after a user has logged in by submitting a
+ * login form, the application needs to decide where they should be redirected to afterwards
+ * (see {@link AbstractProcessingFilter} and subclasses). Other logic may also be included if required.
+ *
+ * @author Luke Taylor
+ * @version $Id$
+ * @since 2.5
+ * @see
+ */
+public interface AuthenticationSuccessHandler {
+
+    /**
+     * Called when a user has been successfully authenticated.
+     *
+     * @param request the request which caused the successful authentication
+     * @param response the response
+     * @param authentication the <tt>Authentication</tt> object which was created during the authentication process.
+     */
+    void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication);
+
+}