Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update to use contextConfigLocation.

This commit is contained in:
Ben Alex 2004-04-09 05:41:42 +00:00
parent 6c26e79a0f
commit 7eefbd3bb2
4 changed files with 73 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java
View File

@ -76,7 +76,7 @@ import javax.servlet.http.HttpServletResponse;
* WebApplicationContextUtils#getWebApplicationContext(ServletContext sc)} * WebApplicationContextUtils#getWebApplicationContext(ServletContext sc)}
* method to obtain an ApplicationContext instance, inside which must be a * method to obtain an ApplicationContext instance, inside which must be a
* configured AuthenticationManager instance. In the case where it is * configured AuthenticationManager instance. In the case where it is
* desireable for this filter to instantiate its own ApplicationContext * desirable for this filter to instantiate its own ApplicationContext
* instance from which to obtain the AuthenticationManager, the location of * instance from which to obtain the AuthenticationManager, the location of
* the config for this context may be specified with the optional * the config for this context may be specified with the optional
* <code>appContextLocation</code> init param. * <code>appContextLocation</code> init param.
@ -105,7 +105,7 @@ import javax.servlet.http.HttpServletResponse;
* <code>/j_acegi_security_check</code>. * <code>/j_acegi_security_check</code>.
* </li> * </li>
* <li> * <li>
* <code>appContextLocation</code> (optional, normally not used), indicates the * <code>contextConfigLocation</code> (optional, normally not used), indicates the
* path to an application context that contains an {@link * path to an application context that contains an {@link
* AuthenticationManager} which should be used to process each authentication * AuthenticationManager} which should be used to process each authentication
* request. If not specified, {@link * request. If not specified, {@link
@ -116,7 +116,7 @@ import javax.servlet.http.HttpServletResponse;
* *
* *
* @author Ben Alex * @author Ben Alex
* @author colin sampaleanu * @author Colin Sampaleanu
* @version $Id$ * @version $Id$
*/ */
public class AuthenticationProcessingFilter implements Filter { public class AuthenticationProcessingFilter implements Filter {
@ -126,7 +126,7 @@ public class AuthenticationProcessingFilter implements Filter {
* Name of (optional) servlet filter parameter that can specify the config * Name of (optional) servlet filter parameter that can specify the config
* location for a new ApplicationContext used to config this filter. * location for a new ApplicationContext used to config this filter.
*/ */
public static final String CONFIG_LOCATION_PARAM = "appContextLocation"; public static final String CONFIG_LOCATION_PARAM = "contextConfigLocation";
public static final String ACEGI_SECURITY_TARGET_URL_KEY = "ACEGI_SECURITY_TARGET_URL"; public static final String ACEGI_SECURITY_TARGET_URL_KEY = "ACEGI_SECURITY_TARGET_URL";
public static final String ACEGI_SECURITY_FORM_USERNAME_KEY = "j_username"; public static final String ACEGI_SECURITY_FORM_USERNAME_KEY = "j_username";
public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY = "j_password"; public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY = "j_password";

14
core/src/test/java/org/acegisecurity/intercept/web/SecurityEnforcementFilterTests.java
View File

@ -132,11 +132,11 @@ public class SecurityEnforcementFilterTests extends TestCase {
request.getSession().getAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY)); request.getSession().getAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY));
} }
public void testStartupDetectsInvalidAppContextLocation() public void testStartupDetectsInvalidcontextConfigLocation()
throws Exception { throws Exception {
MockFilterConfig config = new MockFilterConfig(); MockFilterConfig config = new MockFilterConfig();
config.setInitParmeter("loginFormUrl", "/login.jsp"); config.setInitParmeter("loginFormUrl", "/login.jsp");
config.setInitParmeter("appContextLocation", config.setInitParmeter("contextConfigLocation",
"net/sf/acegisecurity/intercept/web/securityfiltertest-invalid.xml"); "net/sf/acegisecurity/intercept/web/securityfiltertest-invalid.xml");
SecurityEnforcementFilter filter = new SecurityEnforcementFilter(); SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
@ -163,7 +163,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
assertTrue(expected.getMessage().startsWith("Error obtaining/creating ApplicationContext for config.")); assertTrue(expected.getMessage().startsWith("Error obtaining/creating ApplicationContext for config."));
} }
config.setInitParmeter("appContextLocation", ""); config.setInitParmeter("contextConfigLocation", "");
try { try {
filter.init(config); filter.init(config);
@ -173,11 +173,11 @@ public class SecurityEnforcementFilterTests extends TestCase {
} }
} }
public void testStartupDetectsMissingInvalidAppContextLocation() public void testStartupDetectsMissingInvalidcontextConfigLocation()
throws Exception { throws Exception {
MockFilterConfig config = new MockFilterConfig(); MockFilterConfig config = new MockFilterConfig();
config.setInitParmeter("loginFormUrl", "/login.jsp"); config.setInitParmeter("loginFormUrl", "/login.jsp");
config.setInitParmeter("appContextLocation", "DOES_NOT_EXIST"); config.setInitParmeter("contextConfigLocation", "DOES_NOT_EXIST");
SecurityEnforcementFilter filter = new SecurityEnforcementFilter(); SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
@ -192,7 +192,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
public void testStartupDetectsMissingLoginFormUrl() public void testStartupDetectsMissingLoginFormUrl()
throws Exception { throws Exception {
MockFilterConfig config = new MockFilterConfig(); MockFilterConfig config = new MockFilterConfig();
config.setInitParmeter("appContextLocation", config.setInitParmeter("contextConfigLocation",
"net/sf/acegisecurity/intercept/web/securityfiltertest-valid.xml"); "net/sf/acegisecurity/intercept/web/securityfiltertest-valid.xml");
SecurityEnforcementFilter filter = new SecurityEnforcementFilter(); SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
@ -237,7 +237,7 @@ public class SecurityEnforcementFilterTests extends TestCase {
public void testSuccessfulStartupAndShutdownDown() public void testSuccessfulStartupAndShutdownDown()
throws Exception { throws Exception {
MockFilterConfig config = new MockFilterConfig(); MockFilterConfig config = new MockFilterConfig();
config.setInitParmeter("appContextLocation", config.setInitParmeter("contextConfigLocation",
"net/sf/acegisecurity/intercept/web/securityfiltertest-valid.xml"); "net/sf/acegisecurity/intercept/web/securityfiltertest-valid.xml");
config.setInitParmeter("loginFormUrl", "/login.jsp"); config.setInitParmeter("loginFormUrl", "/login.jsp");

30
core/src/test/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterTests.java
View File

@ -102,7 +102,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
// Setup our filter configuration // Setup our filter configuration
MockFilterConfig config = new MockFilterConfig(); MockFilterConfig config = new MockFilterConfig();
config.setInitParmeter("appContextLocation", config.setInitParmeter("contextConfigLocation",
"net/sf/acegisecurity/ui/webapp/filtertest-valid.xml"); "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
config.setInitParmeter("defaultTargetUrl", "/"); config.setInitParmeter("defaultTargetUrl", "/");
config.setInitParmeter("authenticationFailureUrl", "/failed.jsp"); config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");
@ -133,7 +133,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
// Setup our filter configuration // Setup our filter configuration
MockFilterConfig config = new MockFilterConfig(); MockFilterConfig config = new MockFilterConfig();
config.setInitParmeter("appContextLocation", config.setInitParmeter("contextConfigLocation",
"net/sf/acegisecurity/ui/webapp/filtertest-valid.xml"); "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
config.setInitParmeter("defaultTargetUrl", "/"); config.setInitParmeter("defaultTargetUrl", "/");
config.setInitParmeter("authenticationFailureUrl", "/failed.jsp"); config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");
@ -163,7 +163,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
// Setup our filter configuration // Setup our filter configuration
MockFilterConfig config = new MockFilterConfig(); MockFilterConfig config = new MockFilterConfig();
config.setInitParmeter("appContextLocation", config.setInitParmeter("contextConfigLocation",
"net/sf/acegisecurity/ui/webapp/filtertest-valid.xml"); "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
config.setInitParmeter("defaultTargetUrl", "/"); config.setInitParmeter("defaultTargetUrl", "/");
config.setInitParmeter("authenticationFailureUrl", "/failed.jsp"); config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");
@ -190,7 +190,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
// Setup our filter configuration // Setup our filter configuration
MockFilterConfig config = new MockFilterConfig(); MockFilterConfig config = new MockFilterConfig();
config.setInitParmeter("appContextLocation", config.setInitParmeter("contextConfigLocation",
"net/sf/acegisecurity/ui/webapp/filtertest-valid.xml"); "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
config.setInitParmeter("defaultTargetUrl", "/"); config.setInitParmeter("defaultTargetUrl", "/");
config.setInitParmeter("authenticationFailureUrl", "/failed.jsp"); config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");
@ -222,7 +222,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
// Setup our filter configuration // Setup our filter configuration
MockFilterConfig config = new MockFilterConfig(); MockFilterConfig config = new MockFilterConfig();
config.setInitParmeter("appContextLocation", config.setInitParmeter("contextConfigLocation",
"net/sf/acegisecurity/ui/webapp/filtertest-valid.xml"); "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
config.setInitParmeter("defaultTargetUrl", "/"); config.setInitParmeter("defaultTargetUrl", "/");
config.setInitParmeter("authenticationFailureUrl", "/failed.jsp"); config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");
@ -251,7 +251,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
// Setup our filter configuration // Setup our filter configuration
MockFilterConfig config = new MockFilterConfig(); MockFilterConfig config = new MockFilterConfig();
config.setInitParmeter("appContextLocation", config.setInitParmeter("contextConfigLocation",
"net/sf/acegisecurity/ui/webapp/filtertest-valid.xml"); "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
config.setInitParmeter("defaultTargetUrl", "/"); config.setInitParmeter("defaultTargetUrl", "/");
config.setInitParmeter("authenticationFailureUrl", "/failed.jsp"); config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");
@ -268,12 +268,12 @@ public class AuthenticationProcessingFilterTests extends TestCase {
assertTrue(request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) == null); assertTrue(request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) == null);
} }
public void testStartupDetectsInvalidAppContextLocation() public void testStartupDetectsInvalidcontextConfigLocation()
throws Exception { throws Exception {
MockFilterConfig config = new MockFilterConfig(); MockFilterConfig config = new MockFilterConfig();
config.setInitParmeter("defaultTargetUrl", "/"); config.setInitParmeter("defaultTargetUrl", "/");
config.setInitParmeter("authenticationFailureUrl", "/failed.jsp"); config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");
config.setInitParmeter("appContextLocation", config.setInitParmeter("contextConfigLocation",
"net/sf/acegisecurity/ui/webapp/filtertest-invalid.xml"); "net/sf/acegisecurity/ui/webapp/filtertest-invalid.xml");
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter(); AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
@ -301,7 +301,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
assertTrue(expected.getMessage().startsWith("Error obtaining/creating ApplicationContext for config.")); assertTrue(expected.getMessage().startsWith("Error obtaining/creating ApplicationContext for config."));
} }
config.setInitParmeter("appContextLocation", ""); config.setInitParmeter("contextConfigLocation", "");
try { try {
filter.init(config); filter.init(config);
@ -314,7 +314,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
public void testStartupDetectsMissingAuthenticationFailureUrl() public void testStartupDetectsMissingAuthenticationFailureUrl()
throws Exception { throws Exception {
MockFilterConfig config = new MockFilterConfig(); MockFilterConfig config = new MockFilterConfig();
config.setInitParmeter("appContextLocation", config.setInitParmeter("contextConfigLocation",
"net/sf/acegisecurity/ui/webapp/filtertest-valid.xml"); "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
config.setInitParmeter("defaultTargetUrl", "/"); config.setInitParmeter("defaultTargetUrl", "/");
@ -343,7 +343,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
throws Exception { throws Exception {
MockFilterConfig config = new MockFilterConfig(); MockFilterConfig config = new MockFilterConfig();
config.setInitParmeter("authenticationFailureUrl", "/failed.jsp"); config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");
config.setInitParmeter("appContextLocation", config.setInitParmeter("contextConfigLocation",
"net/sf/acegisecurity/ui/webapp/filtertest-valid.xml"); "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter(); AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
@ -367,12 +367,12 @@ public class AuthenticationProcessingFilterTests extends TestCase {
} }
} }
public void testStartupDetectsMissingInvalidAppContextLocation() public void testStartupDetectsMissingInvalidcontextConfigLocation()
throws Exception { throws Exception {
MockFilterConfig config = new MockFilterConfig(); MockFilterConfig config = new MockFilterConfig();
config.setInitParmeter("defaultTargetUrl", "/"); config.setInitParmeter("defaultTargetUrl", "/");
config.setInitParmeter("authenticationFailureUrl", "/failed.jsp"); config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");
config.setInitParmeter("appContextLocation", "DOES_NOT_EXIST"); config.setInitParmeter("contextConfigLocation", "DOES_NOT_EXIST");
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter(); AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
@ -397,7 +397,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
// Setup our filter configuration // Setup our filter configuration
MockFilterConfig config = new MockFilterConfig(); MockFilterConfig config = new MockFilterConfig();
config.setInitParmeter("appContextLocation", config.setInitParmeter("contextConfigLocation",
"net/sf/acegisecurity/ui/webapp/filtertest-valid.xml"); "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
config.setInitParmeter("defaultTargetUrl", "/"); config.setInitParmeter("defaultTargetUrl", "/");
config.setInitParmeter("authenticationFailureUrl", "/failed.jsp"); config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");
@ -442,7 +442,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
// Setup our filter configuration // Setup our filter configuration
MockFilterConfig config = new MockFilterConfig(); MockFilterConfig config = new MockFilterConfig();
config.setInitParmeter("appContextLocation", config.setInitParmeter("contextConfigLocation",
"net/sf/acegisecurity/ui/webapp/filtertest-valid.xml"); "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
config.setInitParmeter("defaultTargetUrl", "/"); config.setInitParmeter("defaultTargetUrl", "/");
config.setInitParmeter("authenticationFailureUrl", "/failed.jsp"); config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");

81
docs/reference/src/index.xml
View File

@ -7,7 +7,7 @@
<subtitle>Reference Documentation</subtitle> <subtitle>Reference Documentation</subtitle>
<releaseinfo>0.4</releaseinfo> <releaseinfo>0.5</releaseinfo>
<authorgroup> <authorgroup>
<author> <author>
@ -517,10 +517,6 @@
provided below: <programlisting>&lt;filter&gt; provided below: <programlisting>&lt;filter&gt;
&lt;filter-name&gt;Acegi HTTP Request Security Filter&lt;/filter-name&gt; &lt;filter-name&gt;Acegi HTTP Request Security Filter&lt;/filter-name&gt;
&lt;filter-class&gt;net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter&lt;/filter-class&gt; &lt;filter-class&gt;net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter&lt;/filter-class&gt;
&lt;init-param&gt;
&lt;param-name&gt;appContextLocation&lt;/param-name&gt;
&lt;param-value&gt;web-filters-acegisecurity.xml&lt;/param-value&gt;
&lt;/init-param&gt;
&lt;init-param&gt; &lt;init-param&gt;
&lt;param-name&gt;loginFormUrl&lt;/param-name&gt; &lt;param-name&gt;loginFormUrl&lt;/param-name&gt;
&lt;param-value&gt;/acegilogin.jsp&lt;/param-value&gt; &lt;param-value&gt;/acegilogin.jsp&lt;/param-value&gt;
@ -532,22 +528,31 @@
&lt;url-pattern&gt;/*&lt;/url-pattern&gt; &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
&lt;/filter-mapping&gt;</programlisting></para> &lt;/filter-mapping&gt;</programlisting></para>
<para>As shown above, an <literal>appContextLocation</literal> <para>The <literal>loginFormUrl</literal> is where the filter will
indicates the location of a Spring XML application context. In the redirect the user's browser if they request a secure HTTP resource but
example above, this file should be placed at the root of the web they are not authenticated. If the user is authenticated, a "403
application's classpath (in the <literal>WEB-INF/classes</literal> Forbidden" response will be returned to the browser. All paths are
directory). The <literal>loginFormUrl</literal> is where the filter relative to the web application root.</para>
will redirect the user's browser if they request a secure HTTP
resource but they are not authenticated. If the user is authenticated,
a "403 Forbidden" response will be returned to the browser. All paths
are relative to the web application root.</para>
<para>The <literal>SecurityEnforcementFilter</literal> will load the <para>To perform its function, the
Spring XML application context expressed in the <literal>SecurityEnforcementFilter</literal> will need to delegate to
<literal>appContextLocation</literal>. It will expect to find in this a properly configured <literal>FilterSecurityInterceptor</literal>. To
application context a properly configured do this it requires access to a Spring application context, which is
<literal>FilterSecurityInterceptor</literal>. The configuration of the usually obtained from
<literal>FilterSecurityInterceptor</literal> is very similar to the <literal>WebApplicationContextUtils.getWebApplicationContext(ServletContext)</literal>.
This is usually made available by using Spring's
<literal>ContextLoaderListener</literal> in
<literal>web.xml</literal>. Alternatively, the
<literal>web.xml</literal> can be used to define a filter
<literal>&lt;init-param&gt;</literal> named
<literal>contextConfigLocation</literal>. This initialization
parameter will represent a path to a Spring XML application context
that the <literal>SecurityEnforcementFilter</literal> will load during
startup.</para>
<para>The configuration of the
<literal>FilterSecurityInterceptor</literal> in the Spring application
context is very similar to the
<literal>MethodSecurityInterceptor</literal>:</para> <literal>MethodSecurityInterceptor</literal>:</para>
<para><programlisting>&lt;bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor"&gt; <para><programlisting>&lt;bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor"&gt;
@ -1470,10 +1475,6 @@ public boolean supports(Class clazz);</programlisting></para>
<para><programlisting>&lt;filter&gt; <para><programlisting>&lt;filter&gt;
&lt;filter-name&gt;Acegi Authentication Processing Filter&lt;/filter-name&gt; &lt;filter-name&gt;Acegi Authentication Processing Filter&lt;/filter-name&gt;
&lt;filter-class&gt;net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter&lt;/filter-class&gt; &lt;filter-class&gt;net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter&lt;/filter-class&gt;
&lt;init-param&gt;
&lt;param-name&gt;appContextLocation&lt;/param-name&gt;
&lt;param-value&gt;web-filters-acegisecurity.xml&lt;/param-value&gt;
&lt;/init-param&gt;
&lt;init-param&gt; &lt;init-param&gt;
&lt;param-name&gt;authenticationFailureUrl&lt;/param-name&gt; &lt;param-name&gt;authenticationFailureUrl&lt;/param-name&gt;
&lt;param-value&gt;/acegilogin.jsp?login_error=1&lt;/param-value&gt; &lt;param-value&gt;/acegilogin.jsp?login_error=1&lt;/param-value&gt;
@ -1493,14 +1494,23 @@ public boolean supports(Class clazz);</programlisting></para>
&lt;url-pattern&gt;/*&lt;/url-pattern&gt; &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
&lt;/filter-mapping&gt;</programlisting></para> &lt;/filter-mapping&gt;</programlisting></para>
<para>The <literal>appContextLocation</literal> specifies the location <para>To perform its function, the
of a Spring XML application context. In the example above the root of <literal>AuthenticationProcessingFilter</literal> will need to
the classpath is used, so the XML file should be placed in delegate to a properly configured
<literal>WEB-INF/classes</literal>. The <literal>AuthenticationManager</literal>. To do this it requires
<literal>AuthenticationProcessingFilter</literal> will load this access to a Spring application context, which is usually obtained from
application context, expecting to find a properly configured <literal>WebApplicationContextUtils.getWebApplicationContext(ServletContext)</literal>.
<literal>AuthenticationManager</literal>. It will use this This is usually made available by using Spring's
<literal>AuthenticationManager</literal> to process each <literal>ContextLoaderListener</literal> in
<literal>web.xml</literal>. Alternatively, the
<literal>web.xml</literal> can be used to define a filter
<literal>&lt;init-param&gt;</literal> named
<literal>contextConfigLocation</literal>. This initialization
parameter will represent a path to a Spring XML application context
that the <literal>AuthenticationProcessingFilter</literal> will load
during startup.</para>
<para>The <literal>AuthenticationManager</literal> processes each
authentication request. If authentication fails, the browser will be authentication request. If authentication fails, the browser will be
redirected to the <literal>authenticationFailureUrl</literal>. The redirected to the <literal>authenticationFailureUrl</literal>. The
<literal>AuthenticationException</literal> will be placed into the <literal>AuthenticationException</literal> will be placed into the
@ -1515,9 +1525,10 @@ public boolean supports(Class clazz);</programlisting></para>
This becomes the "well-known location" from which the This becomes the "well-known location" from which the
<literal>Authentication</literal> object is later extracted.</para> <literal>Authentication</literal> object is later extracted.</para>
<para>Once the HttpSession has been updated, the browser will need to <para>Once the <literal>HttpSession</literal> has been updated, the
be redirected to the target URL. The target URL is usually indicated browser will need to be redirected to the target URL. The target URL
by the <literal>HttpSession</literal> attribute specified by is usually indicated by the <literal>HttpSession</literal> attribute
specified by
<literal>AuthenticationProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY</literal>. <literal>AuthenticationProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY</literal>.
This attribute is automatically set by the This attribute is automatically set by the
<literal>SecurityEnforcementFilter</literal> when an <literal>SecurityEnforcementFilter</literal> when an