diff --git a/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java b/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java index 5028882db6..99be58443c 100644 --- a/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java +++ b/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java @@ -117,7 +117,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro /** * If true, causes the provider to throw a BadCredentialsException if the presented authentication * request is invalid (contains a null principal or credentials). Otherwise it will just return - * null. + * null. Defaults to false. */ public void setThrowExceptionWhenTokenRejected(boolean throwExceptionWhenTokenRejected) { this.throwExceptionWhenTokenRejected = throwExceptionWhenTokenRejected; diff --git a/portlet/src/main/java/org/springframework/security/ui/portlet/PortletProcessingFilterEntryPoint.java b/portlet/src/main/java/org/springframework/security/ui/portlet/PortletProcessingFilterEntryPoint.java deleted file mode 100644 index 01dd808ec5..0000000000 --- a/portlet/src/main/java/org/springframework/security/ui/portlet/PortletProcessingFilterEntryPoint.java +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright 2005-2007 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.ui.portlet; - -import org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint; - -/** - *

In the case of relying on Portlet authentication to access Servlet resources - * (such as embedded images or AJAX calls), the authentication should already - * be in place by the time the security enforcement takes place. - * So, if this class is ever called, then portlet-based authentication has - * already failed. Therefore the commence method in this case will - * always return HttpServletResponse.SC_FORBIDDEN (HTTP 403 error). - * - * @see org.springframework.security.ui.ExceptionTranslationFilter - * @author John A. Lewis - * @since 2.0 - * @version $Id$ - */ -public class PortletProcessingFilterEntryPoint extends PreAuthenticatedProcessingFilterEntryPoint { - -} diff --git a/portlet/src/main/java/org/springframework/security/ui/portlet/PortletProcessingInterceptor.java b/portlet/src/main/java/org/springframework/security/ui/portlet/PortletProcessingInterceptor.java index 2af5c568dd..06307c1009 100644 --- a/portlet/src/main/java/org/springframework/security/ui/portlet/PortletProcessingInterceptor.java +++ b/portlet/src/main/java/org/springframework/security/ui/portlet/PortletProcessingInterceptor.java @@ -95,7 +95,7 @@ public class PortletProcessingInterceptor implements HandlerInterceptor, Initial private AuthenticationDetailsSource authenticationDetailsSource; - private boolean useAuthTypeAsCredentials = true; + private boolean useAuthTypeAsCredentials = false; public PortletProcessingInterceptor() { authenticationDetailsSource = new AuthenticationDetailsSourceImpl(); @@ -311,7 +311,9 @@ public class PortletProcessingInterceptor implements HandlerInterceptor, Initial } /** - * + * It true, the "authType" proerty of the PortletRequest will be used as the credentials. + * Defaults to false. + * * @param useAuthTypeAsCredentials */ public void setUseAuthTypeAsCredentials(boolean useAuthTypeAsCredentials) {