|
|
@@ -6,6 +6,8 @@ import javax.servlet.ServletException;
|
|
|
import javax.servlet.http.HttpServletRequest;
|
|
|
import javax.servlet.http.HttpServletResponse;
|
|
|
|
|
|
+import org.apache.commons.logging.Log;
|
|
|
+import org.apache.commons.logging.LogFactory;
|
|
|
import org.springframework.security.core.AuthenticationException;
|
|
|
import org.springframework.security.web.DefaultRedirectStrategy;
|
|
|
import org.springframework.security.web.RedirectStrategy;
|
|
|
@@ -26,6 +28,8 @@ import org.springframework.util.Assert;
|
|
|
* @since 3.0
|
|
|
*/
|
|
|
public class SimpleUrlAuthenticationFailureHandler implements AuthenticationFailureHandler {
|
|
|
+ protected final Log logger = LogFactory.getLog(getClass());
|
|
|
+
|
|
|
private String defaultFailureUrl;
|
|
|
private boolean forwardToDestination = false;
|
|
|
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
|
|
|
@@ -39,12 +43,18 @@ public class SimpleUrlAuthenticationFailureHandler implements AuthenticationFail
|
|
|
|
|
|
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
|
|
|
AuthenticationException exception) throws IOException, ServletException {
|
|
|
+
|
|
|
if (defaultFailureUrl == null) {
|
|
|
+ logger.debug("No failure URL set, sending 401 Unauthorized error");
|
|
|
+
|
|
|
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication Failed: " + exception.getMessage());
|
|
|
} else {
|
|
|
if (forwardToDestination) {
|
|
|
+ logger.debug("Forwarding to " + defaultFailureUrl);
|
|
|
+
|
|
|
request.getRequestDispatcher(defaultFailureUrl).forward(request, response);
|
|
|
} else {
|
|
|
+ logger.debug("Redirecting to " + defaultFailureUrl);
|
|
|
redirectStrategy.sendRedirect(request, response, defaultFailureUrl);
|
|
|
}
|
|
|
}
|
Luke Taylor