diff --git a/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java b/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
index f3915a671d..e89a7a1c40 100644
--- a/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
+++ b/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
@@ -311,83 +311,110 @@ public abstract class AbstractProcessingFilter implements Filter,
logger.debug("Request is to process authentication");
}
+ onPreAuthentication(httpRequest, httpResponse);
+
Authentication authResult;
try {
authResult = attemptAuthentication(httpRequest);
} catch (AuthenticationException failed) {
// Authentication failed
- String failureUrl = authenticationFailureUrl;
-
- if (failed instanceof AuthenticationServiceException
- && (authenticationServiceFailureUrl != null)) {
- failureUrl = authenticationServiceFailureUrl;
- }
-
- if (failed instanceof BadCredentialsException
- && (this.authenticationCredentialCheckFailureUrl != null)) {
- failureUrl = authenticationCredentialCheckFailureUrl;
- }
-
- if (failed instanceof DisabledException
- && (authenticationDisabledFailureUrl != null)) {
- failureUrl = authenticationDisabledFailureUrl;
- }
-
- if (failed instanceof LockedException
- && (authenticationLockedFailureUrl != null)) {
- failureUrl = authenticationLockedFailureUrl;
- }
-
- if (failed instanceof ProxyUntrustedException
- && (authenticationProxyUntrustedFailureUrl != null)) {
- failureUrl = authenticationProxyUntrustedFailureUrl;
- }
-
- if (logger.isDebugEnabled()) {
- logger.debug("Authentication request failed: "
- + failed.toString());
- }
-
- httpRequest.getSession().setAttribute(ACEGI_SECURITY_LAST_EXCEPTION_KEY,
- failed);
- httpRequest.getSession().removeAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY);
- httpResponse.sendRedirect(httpResponse.encodeRedirectURL(httpRequest
- .getContextPath() + failureUrl));
+ unsuccessfulAuthentication(httpRequest, httpResponse, failed);
return;
}
// Authentication success
- if (logger.isDebugEnabled()) {
- logger.debug("Authentication success: " + authResult.toString());
- }
+ successfulAuthentication(httpRequest, httpResponse, authResult);
- httpRequest.getSession().setAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY,
- authResult);
+ return;
+ }
- String targetUrl = (String) httpRequest.getSession().getAttribute(ACEGI_SECURITY_TARGET_URL_KEY);
- httpRequest.getSession().removeAttribute(ACEGI_SECURITY_TARGET_URL_KEY);
+ chain.doFilter(request, response);
+ }
- if (alwaysUseDefaultTargetUrl == true) {
- targetUrl = null;
- }
+ protected void onPreAuthentication(HttpServletRequest request,
+ HttpServletResponse response) throws IOException {}
- if (targetUrl == null) {
- targetUrl = httpRequest.getContextPath() + defaultTargetUrl;
- }
+ protected void onSuccessfulAuthentication(HttpServletRequest request,
+ HttpServletResponse response) throws IOException {}
- if (logger.isDebugEnabled()) {
- logger.debug(
- "Redirecting to target URL from HTTP Session (or default): "
- + targetUrl);
- }
+ protected void onUnsuccessfulAuthentication(HttpServletRequest request,
+ HttpServletResponse response) throws IOException {}
- httpResponse.sendRedirect(httpResponse.encodeRedirectURL(targetUrl));
+ protected void successfulAuthentication(HttpServletRequest request,
+ HttpServletResponse response, Authentication authResult)
+ throws IOException {
+ if (logger.isDebugEnabled()) {
+ logger.debug("Authentication success: " + authResult.toString());
+ }
- return;
+ request.getSession().setAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY,
+ authResult);
+
+ String targetUrl = (String) request.getSession().getAttribute(ACEGI_SECURITY_TARGET_URL_KEY);
+ request.getSession().removeAttribute(ACEGI_SECURITY_TARGET_URL_KEY);
+
+ if (alwaysUseDefaultTargetUrl == true) {
+ targetUrl = null;
}
- chain.doFilter(request, response);
+ if (targetUrl == null) {
+ targetUrl = request.getContextPath() + defaultTargetUrl;
+ }
+
+ if (logger.isDebugEnabled()) {
+ logger.debug(
+ "Redirecting to target URL from HTTP Session (or default): "
+ + targetUrl);
+ }
+
+ onSuccessfulAuthentication(request, response);
+
+ response.sendRedirect(response.encodeRedirectURL(targetUrl));
+ }
+
+ protected void unsuccessfulAuthentication(HttpServletRequest request,
+ HttpServletResponse response, AuthenticationException failed)
+ throws IOException {
+ String failureUrl = authenticationFailureUrl;
+
+ if (failed instanceof AuthenticationServiceException
+ && (authenticationServiceFailureUrl != null)) {
+ failureUrl = authenticationServiceFailureUrl;
+ }
+
+ if (failed instanceof BadCredentialsException
+ && (this.authenticationCredentialCheckFailureUrl != null)) {
+ failureUrl = authenticationCredentialCheckFailureUrl;
+ }
+
+ if (failed instanceof DisabledException
+ && (authenticationDisabledFailureUrl != null)) {
+ failureUrl = authenticationDisabledFailureUrl;
+ }
+
+ if (failed instanceof LockedException
+ && (authenticationLockedFailureUrl != null)) {
+ failureUrl = authenticationLockedFailureUrl;
+ }
+
+ if (failed instanceof ProxyUntrustedException
+ && (authenticationProxyUntrustedFailureUrl != null)) {
+ failureUrl = authenticationProxyUntrustedFailureUrl;
+ }
+
+ if (logger.isDebugEnabled()) {
+ logger.debug("Authentication request failed: " + failed.toString());
+ }
+
+ request.getSession().setAttribute(ACEGI_SECURITY_LAST_EXCEPTION_KEY,
+ failed);
+ request.getSession().removeAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY);
+
+ onUnsuccessfulAuthentication(request, response);
+
+ response.sendRedirect(response.encodeRedirectURL(request.getContextPath()
+ + failureUrl));
}
}
diff --git a/doc/xdocs/changes.xml b/doc/xdocs/changes.xml
index df927ffef8..e99d98824a 100644
--- a/doc/xdocs/changes.xml
+++ b/doc/xdocs/changes.xml
@@ -52,6 +52,7 @@
Made DaoAuthenticationProvider detect null in Authentication.principal
Improved JaasAuthenticationProvider startup error detection
Refactored EH-CACHE implementations to use Spring IoC defined caches instead
+ AbstractProcessingFilter now has various hook methods to assist subclasses
Fixed ambiguous column references in JdbcDaoImpl default query
Fixed AbstractProcessingFilter to use removeAttribute (JRun compatibility)
Fixed GrantedAuthorityEffectiveAclResolver support of UserDetails principals