diff --git a/core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java b/core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java
index edc34f06f2..797e4b1791 100644
--- a/core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java
@@ -77,10 +77,12 @@ import javax.servlet.http.HttpSession;
  * <code>defaultTargetUrl</code> will be treated as relative to the web-app's
  * context path, and should include the leading <code>/</code>.
  * Alternatively, inclusion of a scheme name (eg http:// or https://) as the
- * prefix will denote a fully-qualified URL and this is also supported.</li>
- * <li><code>authenticationFailureUrl</code> indicates the URL that should be
+ * prefix will denote a fully-qualified URL and this is also supported. More
+ * complex behaviour can be implemented by using a customised {@link TargetUrlResolver}.</li>
+ * <li><code>authenticationFailureUrl</code> (optional) indicates the URL that should be
  * used for redirection if the authentication request fails. eg:
- * <code>/login.jsp?login_error=1</code>.</li>
+ * <code>/login.jsp?login_error=1</code>. If not configured, <tt>sendError</tt> will be
+ * called on the response, with the error code SC_UNAUTHORIZED.</li>
  * <li><code>filterProcessesUrl</code> indicates the URL that this filter
  * will respond to. This parameter varies by subclass.</li>
  * <li><code>alwaysUseDefaultTargetUrl</code> causes successful