SEC-1055: Converted interfaces and methods using ServletRequest/Response to HttpServletRequest/Response where appropriate.

2008-12-10 13:48:25 +00:00 · 2008-12-10 13:48:25 +00:00 · 3f40604b82
parent acfcac4594
commit 3f40604b82
21 changed files with 317 additions and 401 deletions
--- a/cas/src/main/java/org/springframework/security/ui/cas/CasProcessingFilterEntryPoint.java
+++ b/cas/src/main/java/org/springframework/security/ui/cas/CasProcessingFilterEntryPoint.java
@ -18,8 +18,7 @@ package org.springframework.security.ui.cas;
 import java.io.IOException;

 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 import org.jasig.cas.client.util.CommonUtils;
@ -66,7 +65,7 @@ public class CasProcessingFilterEntryPoint implements AuthenticationEntryPoint,
        Assert.notNull(this.serviceProperties, "serviceProperties must be specified");
    }

-    public void commence(final ServletRequest servletRequest, final ServletResponse servletResponse,
+    public void commence(final HttpServletRequest servletRequest, final HttpServletResponse servletResponse,
    		final AuthenticationException authenticationException) throws IOException, ServletException {

        final HttpServletResponse response = (HttpServletResponse) servletResponse;
--- a/core/src/main/java/org/springframework/security/intercept/web/FilterInvocation.java
+++ b/core/src/main/java/org/springframework/security/intercept/web/FilterInvocation.java
@ -27,9 +27,10 @@ import javax.servlet.http.HttpServletResponse;
 /**
 * Holds objects associated with a HTTP filter.<P>Guarantees the request and response are instances of
 * <code>HttpServletRequest</code> and <code>HttpServletResponse</code>, and that there are no <code>null</code>
- * objects.</p>
- *  <P>Required so that security system classes can obtain access to the filter environment, as well as the request
- * and response.</p>
+ * objects.
+ * <p>
+ * Required so that security system classes can obtain access to the filter environment, as well as the request
+ * and response.
 *
 * @author Ben Alex
 * @author colin sampaleanu
@ -39,8 +40,8 @@ public class FilterInvocation {
    //~ Instance fields ================================================================================================

    private FilterChain chain;
-    private ServletRequest request;
-    private ServletResponse response;
+    private HttpServletRequest request;
+    private HttpServletResponse response;

    //~ Constructors ===================================================================================================

@ -49,16 +50,8 @@ public class FilterInvocation {
            throw new IllegalArgumentException("Cannot pass null values to constructor");
        }

-        if (!(request instanceof HttpServletRequest)) {
-            throw new IllegalArgumentException("Can only process HttpServletRequest");
-        }
-
-        if (!(response instanceof HttpServletResponse)) {
-            throw new IllegalArgumentException("Can only process HttpServletResponse");
-        }
-
-        this.request = request;
-        this.response = response;
+        this.request = (HttpServletRequest) request;
+        this.response = (HttpServletResponse) response;
        this.chain = chain;
    }

@ -69,8 +62,10 @@ public class FilterInvocation {
    }

    /**
-     * Indicates the URL that the user agent used for this request.<P>The returned URL does <b>not</b> reflect
-     * the port number determined from a {@link org.springframework.security.util.PortResolver}.</p>
+     * Indicates the URL that the user agent used for this request.
+     * <p>
+     * The returned URL does <b>not</b> reflect the port number determined from a
+     * {@link org.springframework.security.util.PortResolver}.
     *
     * @return the full URL of this request
     */
@ -79,17 +74,13 @@ public class FilterInvocation {
    }

    public HttpServletRequest getHttpRequest() {
-        return (HttpServletRequest) request;
+        return request;
    }

    public HttpServletResponse getHttpResponse() {
        return (HttpServletResponse) response;
    }

-    public ServletRequest getRequest() {
-        return request;
-    }
-
    /**
     * Obtains the web application-specific fragment of the URL.
     *
@ -99,8 +90,12 @@ public class FilterInvocation {
        return UrlUtils.getRequestUrl(this);
    }

-    public ServletResponse getResponse() {
-        return response;
+    public HttpServletRequest getRequest() {
+        return getHttpRequest();
+    }
+
+    public HttpServletResponse getResponse() {
+        return getHttpResponse();
    }

    public String toString() {
--- a/core/src/main/java/org/springframework/security/intercept/web/FilterSecurityInterceptor.java
+++ b/core/src/main/java/org/springframework/security/intercept/web/FilterSecurityInterceptor.java
@ -32,10 +32,12 @@ import javax.servlet.ServletResponse;


 /**
- * Performs security handling of HTTP resources via a filter implementation.<p>The
- * <code>ObjectDefinitionSource</code> required by this security interceptor is of type {@link
- * FilterInvocationDefinitionSource}.</p>
- *  <p>Refer to {@link AbstractSecurityInterceptor} for details on the workflow.</p>
+ * Performs security handling of HTTP resources via a filter implementation.
+ * <p>
+ * The <code>ObjectDefinitionSource</code> required by this security interceptor is of type {@link
+ * FilterInvocationDefinitionSource}.
+ * <p>
+ * Refer to {@link AbstractSecurityInterceptor} for details on the workflow.</p>
 *
 * @author Ben Alex
 * @version $Id$
@ -78,7 +80,7 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple
     * @throws ServletException if the filter chain fails
     */
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
-        throws IOException, ServletException {
+            throws IOException, ServletException {
        FilterInvocation fi = new FilterInvocation(request, response, chain);
        invoke(fi);
    }
@ -93,7 +95,7 @@ public class FilterSecurityInterceptor extends AbstractSecurityInterceptor imple

    public void invoke(FilterInvocation fi) throws IOException, ServletException {
        if ((fi.getRequest() != null) && (fi.getRequest().getAttribute(FILTER_APPLIED) != null)
-            && observeOncePerRequest) {
+                && observeOncePerRequest) {
            // filter already applied to this request and user wants us to observce
            // once-per-request handling, so don't re-do security checking
            fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
--- a/core/src/main/java/org/springframework/security/securechannel/AbstractRetryEntryPoint.java
+++ b/core/src/main/java/org/springframework/security/securechannel/AbstractRetryEntryPoint.java
@ -9,8 +9,6 @@ import org.springframework.util.Assert;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;

-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@ -42,7 +40,7 @@ public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {

    //~ Methods ========================================================================================================

-    public void commence(ServletRequest req, ServletResponse res) throws IOException, ServletException {
+    public void commence(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;

        String pathInfo = request.getPathInfo();
--- a/core/src/main/java/org/springframework/security/securechannel/ChannelEntryPoint.java
+++ b/core/src/main/java/org/springframework/security/securechannel/ChannelEntryPoint.java
@ -18,19 +18,17 @@ package org.springframework.security.securechannel;
 import java.io.IOException;

 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;


 /**
 * May be used by a {@link ChannelProcessor} to launch a web channel.
 *
- * <P>
- * <code>ChannelProcessor</code>s can elect to launch a new web channel
- * directly, or they can delegate to another class. The
- * <code>ChannelEntryPoint</code> is a pluggable interface to assist
- * <code>ChannelProcessor</code>s in performing this delegation.
- * </p>
+ * <p>
+ * <code>ChannelProcessor</code>s can elect to launch a new web channel directly, or they can delegate to another class.
+ * The <code>ChannelEntryPoint</code> is a pluggable interface to assist <code>ChannelProcessor</code>s in performing
+ * this delegation.
 *
 * @author Ben Alex
 * @version $Id$
@ -39,16 +37,14 @@ public interface ChannelEntryPoint {
    //~ Methods ========================================================================================================

    /**
-     * Commences a secure channel.<P>Implementations should modify the headers on the
-     * <code>ServletResponse</code> as necessary to commence the user agent using the implementation's supported
-     * channel type.</p>
+     * Commences a secure channel.
+     * <p>
+     * Implementations should modify the headers on the <code>ServletResponse</code> as necessary to commence the user
+     * agent using the implementation's supported channel type.
     *
     * @param request that a <code>ChannelProcessor</code> has rejected
     * @param response so that the user agent can begin using a new channel
     *
-     * @throws IOException DOCUMENT ME!
-     * @throws ServletException DOCUMENT ME!
     */
-    void commence(ServletRequest request, ServletResponse response)
-        throws IOException, ServletException;
+    void commence(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException;
 }
--- a/core/src/main/java/org/springframework/security/ui/AccessDeniedHandler.java
+++ b/core/src/main/java/org/springframework/security/ui/AccessDeniedHandler.java
@ -20,8 +20,8 @@ import org.springframework.security.AccessDeniedException;
 import java.io.IOException;

 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;


 /**
@ -44,6 +44,6 @@ public interface AccessDeniedHandler {
     * @throws IOException in the event of an IOException
     * @throws ServletException in the event of a ServletException
     */
-    void handle(ServletRequest request, ServletResponse response, AccessDeniedException accessDeniedException)
+    void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException)
        throws IOException, ServletException;
 }
--- a/core/src/main/java/org/springframework/security/ui/AccessDeniedHandlerImpl.java
+++ b/core/src/main/java/org/springframework/security/ui/AccessDeniedHandlerImpl.java
@ -15,28 +15,27 @@

 package org.springframework.security.ui;

-import org.springframework.security.AccessDeniedException;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import java.io.IOException;

 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.security.AccessDeniedException;
+

 /**
- * Base implementation of {@link AccessDeniedHandler}.<p>This implementation sends a 403 (SC_FORBIDDEN) HTTP error
- * code. In addition, if a {@link #errorPage} is defined, the implementation will perform a request dispatcher
- * "forward" to the specified error page view. Being a "forward", the <code>SecurityContextHolder</code> will remain
+ * Base implementation of {@link AccessDeniedHandler}.
+ * <p>
+ * This implementation sends a 403 (SC_FORBIDDEN) HTTP error code. In addition, if an {@link #errorPage} is defined,
+ * the implementation will perform a request dispatcher "forward" to the specified error page view.
+ * Being a "forward", the <code>SecurityContextHolder</code> will remain
 * populated. This is of benefit if the view (or a tag library or macro) wishes to access the
 * <code>SecurityContextHolder</code>. The request scope will also be populated with the exception itself, available
- * from the key {@link #SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY}.</p>
+ * from the key {@link #SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY}.
 *
 * @author Ben Alex
 * @version $Id$
@ -53,7 +52,7 @@ public class AccessDeniedHandlerImpl implements AccessDeniedHandler {

    //~ Methods ========================================================================================================

-    public void handle(ServletRequest request, ServletResponse response, AccessDeniedException accessDeniedException)
+    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException)
            throws IOException, ServletException {
        if (!response.isCommitted()) {
            if (errorPage != null) {
@ -61,15 +60,13 @@ public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
                request.setAttribute(SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY, accessDeniedException);

                // Set the 403 status code.
-                HttpServletResponse resp = (HttpServletResponse) response;
-                resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
+                response.setStatus(HttpServletResponse.SC_FORBIDDEN);

                // forward to error page.
                RequestDispatcher dispatcher = request.getRequestDispatcher(errorPage);
                dispatcher.forward(request, response);
            } else {
-                HttpServletResponse resp = (HttpServletResponse) response;
-                resp.sendError(HttpServletResponse.SC_FORBIDDEN, accessDeniedException.getMessage());
+                response.sendError(HttpServletResponse.SC_FORBIDDEN, accessDeniedException.getMessage());
            }
        }
    }
--- a/core/src/main/java/org/springframework/security/ui/AuthenticationEntryPoint.java
+++ b/core/src/main/java/org/springframework/security/ui/AuthenticationEntryPoint.java
@ -20,13 +20,12 @@ import org.springframework.security.AuthenticationException;
 import java.io.IOException;

 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;


 /**
- * Used by {@link ExceptionTranslationFilter} to commence an authentication
- * scheme.
+ * Used by {@link ExceptionTranslationFilter} to commence an authentication scheme.
 *
 * @author Ben Alex
 * @version $Id$
@ -39,16 +38,16 @@ public interface AuthenticationEntryPoint {
     * <p>
     * <code>ExceptionTranslationFilter</code> will populate the <code>HttpSession</code> attribute named
     * <code>AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY</code> with the requested target URL before
-     * calling this method.</p>
-     *
-     * <p>Implementations should modify the headers on the <code>ServletResponse</code> as necessary to
-     * commence the authentication process.</p>
+     * calling this method.
+     * <p>
+     * Implementations should modify the headers on the <code>ServletResponse</code> as necessary to
+     * commence the authentication process.
     *
     * @param request that resulted in an <code>AuthenticationException</code>
     * @param response so that the user agent can begin authentication
     * @param authException that caused the invocation
     *
     */
-    void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
+    void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
        throws IOException, ServletException;
 }
--- a/core/src/main/java/org/springframework/security/ui/ExceptionTranslationFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/ExceptionTranslationFilter.java
@ -35,8 +35,6 @@ import java.io.IOException;

 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

@ -139,7 +137,7 @@ public class ExceptionTranslationFilter extends SpringSecurityFilter implements
        return portResolver;
    }

-    private void handleException(ServletRequest request, ServletResponse response, FilterChain chain,
+    private void handleException(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
            SpringSecurityException exception) throws IOException, ServletException {
        if (exception instanceof AuthenticationException) {
            if (logger.isDebugEnabled()) {
@ -188,7 +186,7 @@ public class ExceptionTranslationFilter extends SpringSecurityFilter implements
        return createSessionAllowed;
    }

-    protected void sendStartAuthentication(ServletRequest request, ServletResponse response, FilterChain chain,
+    protected void sendStartAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
            AuthenticationException reason) throws ServletException, IOException {
        HttpServletRequest httpRequest = (HttpServletRequest) request;

--- a/core/src/main/java/org/springframework/security/ui/FilterChainOrder.java
+++ b/core/src/main/java/org/springframework/security/ui/FilterChainOrder.java
@ -31,6 +31,7 @@ public abstract class FilterChainOrder {
    public static final int AUTHENTICATION_PROCESSING_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
    public static final int OPENID_PROCESSING_FILTER    = FILTER_CHAIN_FIRST + INTERVAL * i++;
    public static final int LOGIN_PAGE_FILTER           = FILTER_CHAIN_FIRST + INTERVAL * i++;
+    public static final int DIGEST_PROCESSING_FILTER     = FILTER_CHAIN_FIRST + INTERVAL * i++;
    public static final int BASIC_PROCESSING_FILTER     = FILTER_CHAIN_FIRST + INTERVAL * i++;
    public static final int SERVLET_API_SUPPORT_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
    public static final int REMEMBER_ME_FILTER          = FILTER_CHAIN_FIRST + INTERVAL * i++;
--- a/core/src/main/java/org/springframework/security/ui/SpringSecurityFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/SpringSecurityFilter.java
@ -24,7 +24,7 @@ import java.io.IOException;
 */
 public abstract class SpringSecurityFilter implements Filter, Ordered {
    protected final Log logger = LogFactory.getLog(this.getClass());
-    
+
    /**
     * Does nothing. We use IoC container lifecycle services instead.
     *
@ -41,15 +41,6 @@ public abstract class SpringSecurityFilter implements Filter, Ordered {
    }

    public final void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
-        // Do we really need the checks on the types in practice ?
-        if (!(request instanceof HttpServletRequest)) {
-            throw new ServletException("Can only process HttpServletRequest");
-        }
-
-        if (!(response instanceof HttpServletResponse)) {
-            throw new ServletException("Can only process HttpServletResponse");
-        }
-
        doFilterHttp((HttpServletRequest)request, (HttpServletResponse)response, chain);
    }

@ -58,4 +49,4 @@ public abstract class SpringSecurityFilter implements Filter, Ordered {
    public String toString() {
        return getClass().getName() + "[ order=" + getOrder() + "; ]";
    }
-}
+}
--- a/core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilterEntryPoint.java
+++ b/core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilterEntryPoint.java
@ -18,8 +18,7 @@ package org.springframework.security.ui.basicauth;
 import java.io.IOException;

 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 import org.springframework.security.AuthenticationException;
@ -32,7 +31,7 @@ import org.springframework.util.Assert;
 * Used by the <code>SecurityEnforcementFilter</code> to commence authentication via the {@link
 * BasicProcessingFilter}.<P>Once a user agent is authenticated using BASIC authentication, logout requires that
 * the browser be closed or an unauthorized (401) header be sent. The simplest way of achieving the latter is to call
- * the {@link #commence(ServletRequest, ServletResponse, AuthenticationException)} method below. This will indicate to
+ * the {@link #commence(HttpServletRequest, HttpServletResponse, AuthenticationException)} method below. This will indicate to
 * the browser its credentials are no longer authorized, causing it to prompt the user to login again.</p>
 *
 * @author Ben Alex
@ -49,7 +48,7 @@ public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint
 		Assert.hasText(realmName, "realmName must be specified");
    }

-    public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
        throws IOException, ServletException {
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        httpResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\"");
--- a/core/src/main/java/org/springframework/security/ui/digestauth/DigestProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/digestauth/DigestProcessingFilter.java
@ -20,11 +20,9 @@ import java.util.Map;

 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;

 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.codec.digest.DigestUtils;
@ -43,6 +41,8 @@ import org.springframework.security.providers.UsernamePasswordAuthenticationToke
 import org.springframework.security.providers.dao.UserCache;
 import org.springframework.security.providers.dao.cache.NullUserCache;
 import org.springframework.security.ui.AuthenticationDetailsSource;
+import org.springframework.security.ui.FilterChainOrder;
+import org.springframework.security.ui.SpringSecurityFilter;
 import org.springframework.security.ui.WebAuthenticationDetailsSource;
 import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.UserDetailsService;
@ -78,7 +78,7 @@ import org.springframework.util.StringUtils;
 * than Basic authentication. Please see RFC 2617 section 4 for a full discussion on the advantages of Digest
 * authentication over Basic authentication, including commentary on the limitations that it still imposes.
 */
-public class DigestProcessingFilter implements Filter, InitializingBean, MessageSourceAware {
+public class DigestProcessingFilter extends SpringSecurityFilter implements Filter, InitializingBean, MessageSourceAware {
    //~ Static fields/initializers =====================================================================================

    private static final Log logger = LogFactory.getLog(DigestProcessingFilter.class);
@ -99,15 +99,9 @@ public class DigestProcessingFilter implements Filter, InitializingBean, Message
        Assert.notNull(authenticationEntryPoint, "A DigestProcessingFilterEntryPoint is required");
    }

-    public void destroy() {
-    }
-
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+    public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
            throws IOException, ServletException {
-
-        HttpServletRequest httpRequest = (HttpServletRequest) request;
-
-        String header = httpRequest.getHeader("Authorization");
+        String header = request.getHeader("Authorization");

        if (logger.isDebugEnabled()) {
            logger.debug("Authorization header received from user agent: " + header);
@ -322,7 +316,7 @@ public class DigestProcessingFilter implements Filter, InitializingBean, Message
        return a1Md5;
    }

-    private void fail(ServletRequest request, ServletResponse response, AuthenticationException failed)
+    private void fail(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed)
            throws IOException, ServletException {
        SecurityContextHolder.getContext().setAuthentication(null);

@ -394,9 +388,6 @@ public class DigestProcessingFilter implements Filter, InitializingBean, Message
        return userDetailsService;
    }

-    public void init(FilterConfig ignored) throws ServletException {
-    }
-
    public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
        Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
        this.authenticationDetailsSource = authenticationDetailsSource;
@ -421,4 +412,8 @@ public class DigestProcessingFilter implements Filter, InitializingBean, Message
    public void setUserDetailsService(UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }
+
+    public int getOrder() {
+        return FilterChainOrder.DIGEST_PROCESSING_FILTER;
+    }
 }
--- a/core/src/main/java/org/springframework/security/ui/digestauth/DigestProcessingFilterEntryPoint.java
+++ b/core/src/main/java/org/springframework/security/ui/digestauth/DigestProcessingFilterEntryPoint.java
@ -18,8 +18,7 @@ package org.springframework.security.ui.digestauth;
 import java.io.IOException;

 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 import org.springframework.security.AuthenticationException;
@ -75,7 +74,7 @@ public class DigestProcessingFilterEntryPoint implements AuthenticationEntryPoin
        }
    }

-    public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
        throws IOException, ServletException {
        HttpServletResponse httpResponse = (HttpServletResponse) response;

--- a/core/src/main/java/org/springframework/security/ui/preauth/PreAuthenticatedProcessingFilterEntryPoint.java
+++ b/core/src/main/java/org/springframework/security/ui/preauth/PreAuthenticatedProcessingFilterEntryPoint.java
@ -6,8 +6,7 @@ import org.springframework.security.ui.AuthenticationEntryPoint;
 import java.io.IOException;

 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 import org.apache.commons.logging.Log;
@ -46,7 +45,7 @@ public class PreAuthenticatedProcessingFilterEntryPoint implements Authenticatio
 	/**
 	 * Always returns a 403 error code to the client.
 	 */
-	public void commence(ServletRequest request, ServletResponse response, AuthenticationException arg2) throws IOException,
+	public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException arg2) throws IOException,
 			ServletException {
 		if (logger.isDebugEnabled()) {
 			logger.debug("Pre-authenticated entry point called. Rejecting access");
--- a/core/src/main/java/org/springframework/security/ui/webapp/AuthenticationProcessingFilterEntryPoint.java
+++ b/core/src/main/java/org/springframework/security/ui/webapp/AuthenticationProcessingFilterEntryPoint.java
@ -36,8 +36,6 @@ import java.io.IOException;

 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

@ -103,7 +101,7 @@ public class AuthenticationProcessingFilterEntryPoint implements AuthenticationE
    /**
     * Performs the redirect (or forward) to the login form URL.
     */
-    public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
            throws IOException, ServletException {

        HttpServletRequest httpRequest = (HttpServletRequest) request;
--- a/core/src/main/java/org/springframework/security/util/FilterToBeanProxy.java
+++ b/core/src/main/java/org/springframework/security/util/FilterToBeanProxy.java
@ -92,7 +92,7 @@ public class FilterToBeanProxy implements Filter {
    }

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
-        throws IOException, ServletException {
+            throws IOException, ServletException {
        if (!initialized) {
            doInit();
        }
--- a/core/src/test/java/org/springframework/security/MockAuthenticationEntryPoint.java
+++ b/core/src/test/java/org/springframework/security/MockAuthenticationEntryPoint.java
@ -18,8 +18,6 @@ package org.springframework.security;
 import java.io.IOException;

 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

@ -39,15 +37,14 @@ public class MockAuthenticationEntryPoint implements AuthenticationEntryPoint {

    //~ Constructors ===================================================================================================

-	public MockAuthenticationEntryPoint(String url) {
+    public MockAuthenticationEntryPoint(String url) {
        this.url = url;
    }

    //~ Methods ========================================================================================================

-    public void commence(ServletRequest request, ServletResponse response,
-        AuthenticationException authenticationException)
-        throws IOException, ServletException {
-        ((HttpServletResponse) response).sendRedirect(((HttpServletRequest) request).getContextPath() + url);
+    public void commence(HttpServletRequest request, HttpServletResponse response,
+            AuthenticationException authenticationException) throws IOException, ServletException {
+        response.sendRedirect(request.getContextPath() + url);
    }
 }
--- a/core/src/test/java/org/springframework/security/securechannel/ChannelProcessingFilterTests.java
+++ b/core/src/test/java/org/springframework/security/securechannel/ChannelProcessingFilterTests.java
@ -157,26 +157,6 @@ public class ChannelProcessingFilterTests extends TestCase {
        assertTrue(true);
    }

-    public void testDoFilterWithNonHttpServletRequestDetected() throws Exception {
-        ChannelProcessingFilter filter = new ChannelProcessingFilter();
-
-        try {
-            filter.doFilter(null, new MockHttpServletResponse(), new MockFilterChain());
-            fail("Should have thrown ServletException");
-        } catch (ServletException expected) {
-        }
-    }
-
-    public void testDoFilterWithNonHttpServletResponseDetected() throws Exception {
-        ChannelProcessingFilter filter = new ChannelProcessingFilter();
-
-        try {
-            filter.doFilter(new MockHttpServletRequest(null, null), null, new MockFilterChain());
-            fail("Should have thrown ServletException");
-        } catch (ServletException expected) {
-        }
-    }
-
    public void testGetterSetters() throws Exception {
        ChannelProcessingFilter filter = new ChannelProcessingFilter();
        filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "MOCK"));
--- a/core/src/test/java/org/springframework/security/ui/ExceptionTranslationFilterTests.java
+++ b/core/src/test/java/org/springframework/security/ui/ExceptionTranslationFilterTests.java
@ -27,6 +27,7 @@ import org.springframework.security.MockPortResolver;
 import org.springframework.security.context.SecurityContextHolder;

 import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
+import org.springframework.security.util.AuthorityUtils;

 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
@ -46,296 +47,270 @@ import javax.servlet.ServletResponse;
 * benalex $
 */
 public class ExceptionTranslationFilterTests extends TestCase {
-	//~ Methods ========================================================================================================
+    //~ Methods ========================================================================================================

-	protected void tearDown() throws Exception {
-		super.tearDown();
-		SecurityContextHolder.clearContext();
-	}
+    protected void tearDown() throws Exception {
+        super.tearDown();
+        SecurityContextHolder.clearContext();
+    }

-	public void testAccessDeniedWhenAnonymous() throws Exception {
-		// Setup our HTTP request
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.setServletPath("/secure/page.html");
-		request.setServerPort(80);
-		request.setScheme("http");
-		request.setServerName("www.example.com");
-		request.setContextPath("/mycontext");
-		request.setRequestURI("/mycontext/secure/page.html");
+    public void testAccessDeniedWhenAnonymous() throws Exception {
+        // Setup our HTTP request
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setServletPath("/secure/page.html");
+        request.setServerPort(80);
+        request.setScheme("http");
+        request.setServerName("www.example.com");
+        request.setContextPath("/mycontext");
+        request.setRequestURI("/mycontext/secure/page.html");

-		// Setup the FilterChain to thrown an access denied exception
-		MockFilterChain chain = new MockFilterChain(true, false, false, false);
+        // Setup the FilterChain to thrown an access denied exception
+        MockFilterChain chain = new MockFilterChain(true, false, false, false);

-		// Setup SecurityContextHolder, as filter needs to check if user is
-		// anonymous
-		SecurityContextHolder.getContext().setAuthentication(
-				new AnonymousAuthenticationToken("ignored", "ignored",
-						new GrantedAuthority[] { new GrantedAuthorityImpl("IGNORED") }));
+        // Setup SecurityContextHolder, as filter needs to check if user is
+        // anonymous
+        SecurityContextHolder.getContext().setAuthentication(
+                new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED")));

-		// Test
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
-		filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
+        // Test
+        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+        filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));

-		MockHttpServletResponse response = new MockHttpServletResponse();
-		filter.doFilter(request, response, chain);
-		assertEquals("/mycontext/login.jsp", response.getRedirectedUrl());
-		assertEquals("http://www.example.com/mycontext/secure/page.html", AbstractProcessingFilter
-				.obtainFullSavedRequestUrl(request));
-	}
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        filter.doFilter(request, response, chain);
+        assertEquals("/mycontext/login.jsp", response.getRedirectedUrl());
+        assertEquals("http://www.example.com/mycontext/secure/page.html", AbstractProcessingFilter
+                .obtainFullSavedRequestUrl(request));
+    }

-	public void testAccessDeniedWhenNonAnonymous() throws Exception {
-		// Setup our HTTP request
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.setServletPath("/secure/page.html");
+    public void testAccessDeniedWhenNonAnonymous() throws Exception {
+        // Setup our HTTP request
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setServletPath("/secure/page.html");

-		// Setup the FilterChain to thrown an access denied exception
-		MockFilterChain chain = new MockFilterChain(true, false, false, false);
+        // Setup the FilterChain to thrown an access denied exception
+        MockFilterChain chain = new MockFilterChain(true, false, false, false);

-		// Setup SecurityContextHolder, as filter needs to check if user is
-		// anonymous
-		SecurityContextHolder.getContext().setAuthentication(null);
+        // Setup SecurityContextHolder, as filter needs to check if user is
+        // anonymous
+        SecurityContextHolder.getContext().setAuthentication(null);

-		// Setup a new AccessDeniedHandlerImpl that will do a "forward"
-		AccessDeniedHandlerImpl adh = new AccessDeniedHandlerImpl();
-		adh.setErrorPage("/error.jsp");
+        // Setup a new AccessDeniedHandlerImpl that will do a "forward"
+        AccessDeniedHandlerImpl adh = new AccessDeniedHandlerImpl();
+        adh.setErrorPage("/error.jsp");

-		// Test
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
-		filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
-		filter.setAccessDeniedHandler(adh);
+        // Test
+        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+        filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
+        filter.setAccessDeniedHandler(adh);

-		MockHttpServletResponse response = new MockHttpServletResponse();
-		filter.doFilter(request, response, chain);
-		assertEquals(403, response.getStatus());
-		assertEquals(AccessDeniedException.class, request.getAttribute(
-				AccessDeniedHandlerImpl.SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY).getClass());
-	}
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        filter.doFilter(request, response, chain);
+        assertEquals(403, response.getStatus());
+        assertEquals(AccessDeniedException.class, request.getAttribute(
+                AccessDeniedHandlerImpl.SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY).getClass());
+    }

-	public void testDoFilterWithNonHttpServletRequestDetected() throws Exception {
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+    public void testGettersSetters() {
+        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();

-		try {
-			filter.doFilter(null, new MockHttpServletResponse(), new MockFilterChain(false, false, false, false));
-			fail("Should have thrown ServletException");
-		}
-		catch (ServletException expected) {
-			assertEquals("Can only process HttpServletRequest", expected.getMessage());
-		}
-	}
+        filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
+        assertTrue(filter.getAuthenticationEntryPoint() != null);

-	public void testDoFilterWithNonHttpServletResponseDetected() throws Exception {
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+        filter.setPortResolver(new MockPortResolver(80, 443));
+        assertTrue(filter.getPortResolver() != null);
+    }

-		try {
-			filter.doFilter(new MockHttpServletRequest(null, null), null, new MockFilterChain(false, false, false,
-					false));
-			fail("Should have thrown ServletException");
-		}
-		catch (ServletException expected) {
-			assertEquals("Can only process HttpServletResponse", expected.getMessage());
-		}
-	}
+    public void testRedirectedToLoginFormAndSessionShowsOriginalTargetWhenAuthenticationException() throws Exception {
+        // Setup our HTTP request
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setServletPath("/secure/page.html");
+        request.setServerPort(80);
+        request.setScheme("http");
+        request.setServerName("www.example.com");
+        request.setContextPath("/mycontext");
+        request.setRequestURI("/mycontext/secure/page.html");

-	public void testGettersSetters() {
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+        // Setup the FilterChain to thrown an authentication failure exception
+        MockFilterChain chain = new MockFilterChain(false, true, false, false);

-		filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
-		assertTrue(filter.getAuthenticationEntryPoint() != null);
+        // Test
+        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+        filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
+        filter.setPortResolver(new MockPortResolver(80, 443));
+        /*
+         * Disabled the call to afterPropertiesSet as it requires
+         * applicationContext to be injected before it is invoked. We do not
+         * have this filter configured in IOC for this test hence no
+         * ApplicationContext
+         */
+        // filter.afterPropertiesSet();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        filter.doFilter(request, response, chain);
+        assertEquals("/mycontext/login.jsp", response.getRedirectedUrl());
+        assertEquals("http://www.example.com/mycontext/secure/page.html", AbstractProcessingFilter
+                .obtainFullSavedRequestUrl(request));
+    }

-		filter.setPortResolver(new MockPortResolver(80, 443));
-		assertTrue(filter.getPortResolver() != null);
-	}
+    public void testRedirectedToLoginFormAndSessionShowsOriginalTargetWithExoticPortWhenAuthenticationException()
+            throws Exception {
+        // Setup our HTTP request
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setServletPath("/secure/page.html");
+        request.setServerPort(8080);
+        request.setScheme("http");
+        request.setServerName("www.example.com");
+        request.setContextPath("/mycontext");
+        request.setRequestURI("/mycontext/secure/page.html");

-	public void testRedirectedToLoginFormAndSessionShowsOriginalTargetWhenAuthenticationException() throws Exception {
-		// Setup our HTTP request
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.setServletPath("/secure/page.html");
-		request.setServerPort(80);
-		request.setScheme("http");
-		request.setServerName("www.example.com");
-		request.setContextPath("/mycontext");
-		request.setRequestURI("/mycontext/secure/page.html");
+        // Setup the FilterChain to thrown an authentication failure exception
+        MockFilterChain chain = new MockFilterChain(false, true, false, false);

-		// Setup the FilterChain to thrown an authentication failure exception
-		MockFilterChain chain = new MockFilterChain(false, true, false, false);
+        // Test
+        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+        filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
+        filter.setPortResolver(new MockPortResolver(8080, 8443));
+        /*
+         * Disabled the call to afterPropertiesSet as it requires
+         * applicationContext to be injected before it is invoked. We do not
+         * have this filter configured in IOC for this test hence no
+         * ApplicationContext
+         */
+        // filter.afterPropertiesSet();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        filter.doFilter(request, response, chain);
+        assertEquals("/mycontext/login.jsp", response.getRedirectedUrl());
+        assertEquals("http://www.example.com:8080/mycontext/secure/page.html", AbstractProcessingFilter
+                .obtainFullSavedRequestUrl(request));
+    }

-		// Test
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
-		filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
-		filter.setPortResolver(new MockPortResolver(80, 443));
-		/*
-		 * Disabled the call to afterPropertiesSet as it requires
-		 * applicationContext to be injected before it is invoked. We do not
-		 * have this filter configured in IOC for this test hence no
-		 * ApplicationContext
-		 */
-		// filter.afterPropertiesSet();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		filter.doFilter(request, response, chain);
-		assertEquals("/mycontext/login.jsp", response.getRedirectedUrl());
-		assertEquals("http://www.example.com/mycontext/secure/page.html", AbstractProcessingFilter
-				.obtainFullSavedRequestUrl(request));
-	}
+    public void testStartupDetectsMissingAuthenticationEntryPoint() throws Exception {
+        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();

-	public void testRedirectedToLoginFormAndSessionShowsOriginalTargetWithExoticPortWhenAuthenticationException()
-			throws Exception {
-		// Setup our HTTP request
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.setServletPath("/secure/page.html");
-		request.setServerPort(8080);
-		request.setScheme("http");
-		request.setServerName("www.example.com");
-		request.setContextPath("/mycontext");
-		request.setRequestURI("/mycontext/secure/page.html");
+        try {
+            filter.afterPropertiesSet();
+            fail("Should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            assertEquals("authenticationEntryPoint must be specified", expected.getMessage());
+        }
+    }

-		// Setup the FilterChain to thrown an authentication failure exception
-		MockFilterChain chain = new MockFilterChain(false, true, false, false);
+    public void testStartupDetectsMissingPortResolver() throws Exception {
+        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+        filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
+        filter.setPortResolver(null);

-		// Test
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
-		filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
-		filter.setPortResolver(new MockPortResolver(8080, 8443));
-		/*
-		 * Disabled the call to afterPropertiesSet as it requires
-		 * applicationContext to be injected before it is invoked. We do not
-		 * have this filter configured in IOC for this test hence no
-		 * ApplicationContext
-		 */
-		// filter.afterPropertiesSet();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		filter.doFilter(request, response, chain);
-		assertEquals("/mycontext/login.jsp", response.getRedirectedUrl());
-		assertEquals("http://www.example.com:8080/mycontext/secure/page.html", AbstractProcessingFilter
-				.obtainFullSavedRequestUrl(request));
-	}
+        try {
+            filter.afterPropertiesSet();
+            fail("Should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            assertEquals("portResolver must be specified", expected.getMessage());
+        }
+    }

-	public void testStartupDetectsMissingAuthenticationEntryPoint() throws Exception {
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+    public void testSuccessfulAccessGrant() throws Exception {
+        // Setup our HTTP request
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setServletPath("/secure/page.html");

-		try {
-			filter.afterPropertiesSet();
-			fail("Should have thrown IllegalArgumentException");
-		}
-		catch (IllegalArgumentException expected) {
-			assertEquals("authenticationEntryPoint must be specified", expected.getMessage());
-		}
-	}
+        // Setup the FilterChain to thrown no exceptions
+        MockFilterChain chain = new MockFilterChain(false, false, false, false);

-	public void testStartupDetectsMissingPortResolver() throws Exception {
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
-		filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
-		filter.setPortResolver(null);
+        // Test
+        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+        filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));

-		try {
-			filter.afterPropertiesSet();
-			fail("Should have thrown IllegalArgumentException");
-		}
-		catch (IllegalArgumentException expected) {
-			assertEquals("portResolver must be specified", expected.getMessage());
-		}
-	}
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        filter.doFilter(request, response, chain);
+    }

-	public void testSuccessfulAccessGrant() throws Exception {
-		// Setup our HTTP request
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.setServletPath("/secure/page.html");
+    public void testSuccessfulStartupAndShutdownDown() throws Exception {
+        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();

-		// Setup the FilterChain to thrown no exceptions
-		MockFilterChain chain = new MockFilterChain(false, false, false, false);
+        filter.init(null);
+        filter.destroy();
+        assertTrue(true);
+    }

-		// Test
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
-		filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("/login.jsp"));
+    public void testThrowIOException() throws Exception {
+        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();

-		MockHttpServletResponse response = new MockHttpServletResponse();
-		filter.doFilter(request, response, chain);
-	}
+        filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(""));
+        /*
+         * Disabled the call to afterPropertiesSet as it requires
+         * applicationContext to be injected before it is invoked. We do not
+         * have this filter configured in IOC for this test hence no
+         * ApplicationContext
+         */
+        // filter.afterPropertiesSet();
+        try {
+            filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain(false,
+                    false, false, true));
+            fail("Should have thrown IOException");
+        }
+        catch (IOException e) {
+            assertNull("The IOException thrown should not have been wrapped", e.getCause());
+        }
+    }

-	public void testSuccessfulStartupAndShutdownDown() throws Exception {
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+    public void testThrowServletException() throws Exception {
+        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();

-		filter.init(null);
-		filter.destroy();
-		assertTrue(true);
-	}
+        filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(""));
+        /*
+         * Disabled the call to afterPropertiesSet as it requires
+         * applicationContext to be injected before it is invoked. We do not
+         * have this filter configured in IOC for this test hence no
+         * ApplicationContext
+         */
+        // filter.afterPropertiesSet();
+        try {
+            filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain(false,
+                    false, true, false));
+            fail("Should have thrown ServletException");
+        }
+        catch (ServletException e) {
+            assertNull("The ServletException thrown should not have been wrapped", e.getCause());
+        }
+    }

-	public void testThrowIOException() throws Exception {
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+    // ~ Inner Classes =================================================================================================

-		filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(""));
-		/*
-		 * Disabled the call to afterPropertiesSet as it requires
-		 * applicationContext to be injected before it is invoked. We do not
-		 * have this filter configured in IOC for this test hence no
-		 * ApplicationContext
-		 */
-		// filter.afterPropertiesSet();
-		try {
-			filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain(false,
-					false, false, true));
-			fail("Should have thrown IOException");
-		}
-		catch (IOException e) {
-			assertNull("The IOException thrown should not have been wrapped", e.getCause());
-		}
-	}
+    private class MockFilterChain implements FilterChain {
+        private boolean throwAccessDenied;

-	public void testThrowServletException() throws Exception {
-		ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
+        private boolean throwAuthenticationFailure;

-		filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint(""));
-		/*
-		 * Disabled the call to afterPropertiesSet as it requires
-		 * applicationContext to be injected before it is invoked. We do not
-		 * have this filter configured in IOC for this test hence no
-		 * ApplicationContext
-		 */
-		// filter.afterPropertiesSet();
-		try {
-			filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain(false,
-					false, true, false));
-			fail("Should have thrown ServletException");
-		}
-		catch (ServletException e) {
-			assertNull("The ServletException thrown should not have been wrapped", e.getCause());
-		}
-	}
+        private boolean throwIOException;

-	// ~ Inner Classes =================================================================================================
+        private boolean throwServletException;

-	private class MockFilterChain implements FilterChain {
-		private boolean throwAccessDenied;
+        public MockFilterChain(boolean throwAccessDenied, boolean throwAuthenticationFailure,
+                boolean throwServletException, boolean throwIOException) {
+            this.throwAccessDenied = throwAccessDenied;
+            this.throwAuthenticationFailure = throwAuthenticationFailure;
+            this.throwServletException = throwServletException;
+            this.throwIOException = throwIOException;
+        }

-		private boolean throwAuthenticationFailure;
+        public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
+            if (throwAccessDenied) {
+                throw new AccessDeniedException("As requested");
+            }

-		private boolean throwIOException;
+            if (throwAuthenticationFailure) {
+                throw new BadCredentialsException("As requested");
+            }

-		private boolean throwServletException;
+            if (throwServletException) {
+                throw new ServletException("As requested");
+            }

-		public MockFilterChain(boolean throwAccessDenied, boolean throwAuthenticationFailure,
-				boolean throwServletException, boolean throwIOException) {
-			this.throwAccessDenied = throwAccessDenied;
-			this.throwAuthenticationFailure = throwAuthenticationFailure;
-			this.throwServletException = throwServletException;
-			this.throwIOException = throwIOException;
-		}
-
-		public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
-			if (throwAccessDenied) {
-				throw new AccessDeniedException("As requested");
-			}
-
-			if (throwAuthenticationFailure) {
-				throw new BadCredentialsException("As requested");
-			}
-
-			if (throwServletException) {
-				throw new ServletException("As requested");
-			}
-
-			if (throwIOException) {
-				throw new IOException("As requested");
-			}
-		}
-	}
+            if (throwIOException) {
+                throw new IOException("As requested");
+            }
+        }
+    }
 }
--- a/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilterEntryPoint.java
+++ b/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilterEntryPoint.java
@ -25,8 +25,6 @@ import org.springframework.util.Assert;
 import java.io.IOException;

 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

@ -83,7 +81,7 @@ public class NtlmProcessingFilterEntryPoint implements AuthenticationEntryPoint
 	 * 						{@link NtlmType2MessageException}, or
 	 * 						{@link AuthenticationException}
 	 */
-	public void commence(final ServletRequest request, final ServletResponse response, final AuthenticationException authException) throws IOException, ServletException {
+	public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException, ServletException {
 		final HttpServletResponse resp = (HttpServletResponse) response;

 		if (authException instanceof NtlmBaseException) {