+ * Typical behaviour might be to redirect the user to the authentication page (in the case of a form login) to + * allow them to try again. More sophisticated logic might be implemented depending on the type of the exception. + * For example, a {@link CredentialsExpiredException} might cause a redirect to a web controller which allowed the + * user to change their password. + * + * @author Luke Taylor + * @version $Id$ + * @since 2.5 + */ +public interface AuthenticationFailureHandler { + + /** + * Called when an authentication attempt fails. + * @param request the request during which the authentication attempt occurred. + * @param response the response. + * @param exception the exception which was thrown to reject the authentication request. + */ + void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception); +} diff --git a/core/src/main/java/org/springframework/security/ui/AuthenticationSuccessHandler.java b/core/src/main/java/org/springframework/security/ui/AuthenticationSuccessHandler.java new file mode 100644 index 0000000000..2ccb04f0fe --- /dev/null +++ b/core/src/main/java/org/springframework/security/ui/AuthenticationSuccessHandler.java @@ -0,0 +1,32 @@ +package org.springframework.security.ui; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.security.Authentication; + +/** + * Strategy used to handle a successful user authentication. + *
+ * Implementations can do whatever they want but typical behaviour would be to control the navigation to the + * subsequent destination (using a redirect or a forward). For example, after a user has logged in by submitting a + * login form, the application needs to decide where they should be redirected to afterwards + * (see {@link AbstractProcessingFilter} and subclasses). Other logic may also be included if required. + * + * @author Luke Taylor + * @version $Id$ + * @since 2.5 + * @see + */ +public interface AuthenticationSuccessHandler { + + /** + * Called when a user has been successfully authenticated. + * + * @param request the request which caused the successful authentication + * @param response the response + * @param authentication the Authentication object which was created during the authentication process. + */ + void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication); + +}