27 Ekim 2020 Salı

SpringSecurity ExceptionTranslationFilter Sınıfı

Giriş
Açıklaması şöyle
This filter is used to handle exceptions thrown during the security process and convert them into HTTP responses.
constructor - AuthenticationEntryPoint
Açıklaması şöyle. Eğer doğrulama işlemi başarısız olursa bu filtreye verilen AuthenticationEntryPoint çalıştırılır
From the API documentation: “Handles any AccessDeniedException and AuthenticationException thrown within the filter chain.”

Especially the very first, unauthorized request of a user triggers an AccessDeniedException (somewhere out of the FilterSecurityInterceptor). This one is catched and handled by the ExceptionTranslationFilter. If the user is not yet authenticated, the filter forwards him/her to the configured AuthenticationEntryPoint.

In the default configuration, the original request is temporarily stored in a RequestCache to be replayed after a successful login (see previous section). 
Açıklaması şöyle
But what if our authentication fails? How Spring Security handles the negative scenario? Well, there’s this guy in Spring Security filters, called ExceptionTranslationFilter.java, handles this part. It tries to continue the chain of filters and if it catches any Exception, this filter has something called AuthenticationEntrypoint.java which we configure it in our security configuration. This entrypoint is the place for commencing our response.

Hiç yorum yok:

Yorum Gönder