Contribution by Wesley Hall to improve exception handling.

core/src/main/java/org/acegisecurity/AuthenticationException.java

@@ -24,6 +24,14 @@ package net.sf.acegisecurity;
  * @version $Id$
  */
 public abstract class AuthenticationException extends AcegiSecurityException {
+    //~ Instance fields ========================================================
+
+    /**
+     * The authentication that related to this exception (may be
+     * <code>null</code>)
+     */
+    private Authentication authentication;
+
     //~ Constructors ===========================================================
 
     /**
@@ -46,4 +54,14 @@ public abstract class AuthenticationException extends AcegiSecurityException {
     public AuthenticationException(String msg) {
         super(msg);
     }
+
+    //~ Methods ================================================================
+
+    public void setAuthentication(Authentication authentication) {
+        this.authentication = authentication;
+    }
+
+    public Authentication getAuthentication() {
+        return authentication;
+    }
 }

core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java

@@ -18,6 +18,11 @@ package net.sf.acegisecurity.ui;
 import net.sf.acegisecurity.Authentication;
 import net.sf.acegisecurity.AuthenticationException;
 import net.sf.acegisecurity.AuthenticationManager;
+import net.sf.acegisecurity.AuthenticationServiceException;
+import net.sf.acegisecurity.BadCredentialsException;
+import net.sf.acegisecurity.DisabledException;
+import net.sf.acegisecurity.LockedException;
+import net.sf.acegisecurity.providers.cas.ProxyUntrustedException;
 import net.sf.acegisecurity.ui.webapp.HttpSessionIntegrationFilter;
 
 import org.apache.commons.logging.Log;
@@ -95,9 +100,39 @@ public abstract class AbstractProcessingFilter implements Filter,
 
     private AuthenticationManager authenticationManager;
 
+    /**
+     * Where to redirect the browser if authentication fails due to incorrect
+     * credentials
+     */
+    private String authenticationCredentialCheckFailureUrl;
+
+    /**
+     * Where to redirect the browser if authentication fails due to the users
+     * account being disabled
+     */
+    private String authenticationDisabledFailureUrl;
+
     /** Where to redirect the browser to if authentication fails */
     private String authenticationFailureUrl;
 
+    /**
+     * Where to redirect the browser if authentication fails due to the users
+     * account being locked
+     */
+    private String authenticationLockedFailureUrl;
+
+    /**
+     * Where to redirect the browser if authentication fails due to the user's
+     * proxy being considered untrusted
+     */
+    private String authenticationProxyUntrustedFailureUrl;
+
+    /**
+     * Where to redirect the browser if authentication fails due to failure of
+     * the authentication service
+     */
+    private String authenticationServiceFailureUrl;
+
     /**
      * Where to redirect the browser to if authentication is successful but
      * ACEGI_SECURITY_TARGET_URL_KEY is <code>null</code>
@@ -133,6 +168,24 @@ public abstract class AbstractProcessingFilter implements Filter,
     public abstract Authentication attemptAuthentication(
         HttpServletRequest request) throws AuthenticationException;
 
+    public void setAuthenticationCredentialCheckFailureUrl(
+        String authenticationCredentialCheckFailureUrl) {
+        this.authenticationCredentialCheckFailureUrl = authenticationCredentialCheckFailureUrl;
+    }
+
+    public String getAuthenticationCredentialCheckFailureUrl() {
+        return authenticationCredentialCheckFailureUrl;
+    }
+
+    public void setAuthenticationDisabledFailureUrl(
+        String authenticationDisabledFailureUrl) {
+        this.authenticationDisabledFailureUrl = authenticationDisabledFailureUrl;
+    }
+
+    public String getAuthenticationDisabledFailureUrl() {
+        return authenticationDisabledFailureUrl;
+    }
+
     public void setAuthenticationFailureUrl(String authenticationFailureUrl) {
         this.authenticationFailureUrl = authenticationFailureUrl;
     }
@@ -141,6 +194,15 @@ public abstract class AbstractProcessingFilter implements Filter,
         return authenticationFailureUrl;
     }
 
+    public void setAuthenticationLockedFailureUrl(
+        String authenticationLockedFailureUrl) {
+        this.authenticationLockedFailureUrl = authenticationLockedFailureUrl;
+    }
+
+    public String getAuthenticationLockedFailureUrl() {
+        return authenticationLockedFailureUrl;
+    }
+
     public void setAuthenticationManager(
         AuthenticationManager authenticationManager) {
         this.authenticationManager = authenticationManager;
@@ -150,6 +212,24 @@ public abstract class AbstractProcessingFilter implements Filter,
         return authenticationManager;
     }
 
+    public void setAuthenticationProxyUntrustedFailureUrl(
+        String authenticationProxyUntrustedFailureUrl) {
+        this.authenticationProxyUntrustedFailureUrl = authenticationProxyUntrustedFailureUrl;
+    }
+
+    public String getAuthenticationProxyUntrustedFailureUrl() {
+        return authenticationProxyUntrustedFailureUrl;
+    }
+
+    public void setAuthenticationServiceFailureUrl(
+        String authenticationServiceFailureUrl) {
+        this.authenticationServiceFailureUrl = authenticationServiceFailureUrl;
+    }
+
+    public String getAuthenticationServiceFailureUrl() {
+        return authenticationServiceFailureUrl;
+    }
+
     public void setDefaultTargetUrl(String defaultTargetUrl) {
         this.defaultTargetUrl = defaultTargetUrl;
     }
@@ -216,6 +296,33 @@ public abstract class AbstractProcessingFilter implements Filter,
                 authResult = attemptAuthentication(httpRequest);
             } catch (AuthenticationException failed) {
                 // Authentication failed
+                String failureUrl = authenticationFailureUrl;
+
+                if (failed instanceof AuthenticationServiceException
+                    && (authenticationServiceFailureUrl != null)) {
+                    failureUrl = authenticationServiceFailureUrl;
+                }
+
+                if (failed instanceof BadCredentialsException
+                    && (this.authenticationCredentialCheckFailureUrl != null)) {
+                    failureUrl = authenticationCredentialCheckFailureUrl;
+                }
+
+                if (failed instanceof DisabledException
+                    && (authenticationDisabledFailureUrl != null)) {
+                    failureUrl = authenticationDisabledFailureUrl;
+                }
+
+                if (failed instanceof LockedException
+                    && (authenticationLockedFailureUrl != null)) {
+                    failureUrl = authenticationLockedFailureUrl;
+                }
+
+                if (failed instanceof ProxyUntrustedException
+                    && (authenticationProxyUntrustedFailureUrl != null)) {
+                    failureUrl = authenticationProxyUntrustedFailureUrl;
+                }
+
                 if (logger.isDebugEnabled()) {
                     logger.debug("Authentication request failed: "
                         + failed.toString());
@@ -226,7 +333,7 @@ public abstract class AbstractProcessingFilter implements Filter,
                 httpRequest.getSession().setAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY,
                     null);
                 httpResponse.sendRedirect(httpResponse.encodeRedirectURL(httpRequest
-                        .getContextPath() + authenticationFailureUrl));
+                        .getContextPath() + failureUrl));
 
                 return;
             }