From 67e5afbb797449a09c800fa5e4913294a6802a9d Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Thu, 31 Jul 2008 15:56:37 +0000
Subject: [PATCH] OPEN - issue SEC-881: PreAuthenticatedFilter continues filter
 chain after unsuccessfulAuthentication(...)
 http://jira.springframework.org/browse/SEC-881. Updated Javadoc.

---
 .../preauth/AbstractPreAuthenticatedProcessingFilter.java  | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/core/src/main/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilter.java b/core/src/main/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilter.java
index 1bc922f6bc..03517f1f76 100755
--- a/core/src/main/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilter.java
@@ -25,6 +25,13 @@ import org.springframework.util.Assert;
 /**
  * Base class for processing filters that handle pre-authenticated authentication requests. Subclasses must implement
  * the getPreAuthenticatedPrincipal() and getPreAuthenticatedCredentials() methods.
+ * <p>
+ * By default, the filter chain will proceed when an authentication attempt fails in order to allow other 
+ * authentication mechanisms to process the request. To reject the credentials immediately, set the
+ * <tt>continueFilterChainOnUnsuccessfulAuthentication</tt> flag to false. The exception raised by the
+ * <tt>AuthenticationManager</tt> will the be re-thrown. Note that this will not affect cases where the principal
+ * returned by {@link #getPreAuthenticatedPrincipal} is null, when the chain will still proceed as normal.
+ * 
  *
  * @author Luke Taylor
  * @author Ruud Senden