From 97381fb448fe3e5eda67400ec70d64771e3be37f Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Wed, 1 Oct 2008 16:25:20 +0000
Subject: [PATCH] SEC-974: Made getExceptionMappings() protected.

---
 .../security/ui/AbstractProcessingFilter.java | 56 +++++++++----------
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java b/core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java
index 41e3fd23e7..e0884555e8 100644
--- a/core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java
@@ -228,7 +228,7 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
         Assert.notNull(targetUrlResolver, "targetUrlResolver cannot be null");
 
         if (rememberMeServices == null) {
-        	rememberMeServices = new NullRememberMeServices();
+            rememberMeServices = new NullRememberMeServices();
         }
     }
 
@@ -279,7 +279,7 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
     }
 
     public static String obtainFullSavedRequestUrl(HttpServletRequest request) {
-    	SavedRequest savedRequest = getSavedRequest(request);
+        SavedRequest savedRequest = getSavedRequest(request);
 
         return savedRequest == null ? null : savedRequest.getFullRequestUrl();
     }
@@ -293,8 +293,8 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
 
         SavedRequest savedRequest = (SavedRequest) session.getAttribute(SPRING_SECURITY_SAVED_REQUEST_KEY);
 
-		return savedRequest;
- 	}
+        return savedRequest;
+     }
 
     protected void onPreAuthentication(HttpServletRequest request, HttpServletResponse response)
             throws AuthenticationException, IOException {
@@ -388,8 +388,8 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
 
     protected String determineTargetUrl(HttpServletRequest request) {
         // Don't attempt to obtain the url from the saved request if alwaysUsedefaultTargetUrl is set
-    	String targetUrl = alwaysUseDefaultTargetUrl ? null :
-    		targetUrlResolver.determineTargetUrl(getSavedRequest(request), request, SecurityContextHolder.getContext().getAuthentication());
+        String targetUrl = alwaysUseDefaultTargetUrl ? null :
+            targetUrlResolver.determineTargetUrl(getSavedRequest(request), request, SecurityContextHolder.getContext().getAuthentication());
 
         if (targetUrl == null) {
             targetUrl = getDefaultTargetUrl();
@@ -427,11 +427,11 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
         rememberMeServices.loginFail(request, response);
 
         if (failureUrl == null) {
-        	response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication Failed:" + failed.getMessage());
+            response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication Failed:" + failed.getMessage());
         } else if (serverSideRedirect){
             request.getRequestDispatcher(failureUrl).forward(request, response);
         } else {
-        	sendRedirect(request, response, failureUrl);
+            sendRedirect(request, response, failureUrl);
         }
     }
 
@@ -482,7 +482,7 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
         this.defaultTargetUrl = defaultTargetUrl;
     }
 
-    Properties getExceptionMappings() {
+    protected Properties getExceptionMappings() {
         return new Properties(exceptionMappings);
     }
 
@@ -556,33 +556,33 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
         this.allowSessionCreation = allowSessionCreation;
     }
 
-	/**
-	 * @return the targetUrlResolver
-	 */
-	protected TargetUrlResolver getTargetUrlResolver() {
-		return targetUrlResolver;
-	}
+    /**
+     * @return the targetUrlResolver
+     */
+    protected TargetUrlResolver getTargetUrlResolver() {
+        return targetUrlResolver;
+    }
 
-	/**
-	 * @param targetUrlResolver the targetUrlResolver to set
-	 */
-	public void setTargetUrlResolver(TargetUrlResolver targetUrlResolver) {
-		this.targetUrlResolver = targetUrlResolver;
-	}
+    /**
+     * @param targetUrlResolver the targetUrlResolver to set
+     */
+    public void setTargetUrlResolver(TargetUrlResolver targetUrlResolver) {
+        this.targetUrlResolver = targetUrlResolver;
+    }
 
     /**
      * Tells if we are to do a server side include of the error URL instead of a 302 redirect.
      *
      * @param serverSideRedirect
      */
-	public void setServerSideRedirect(boolean serverSideRedirect) {
-		this.serverSideRedirect = serverSideRedirect;
-	}
+    public void setServerSideRedirect(boolean serverSideRedirect) {
+        this.serverSideRedirect = serverSideRedirect;
+    }
 
-	/**
-	 * The session registry needs to be set if session fixation attack protection is in use (and concurrent
-	 * session control is enabled).
-	 */
+    /**
+     * The session registry needs to be set if session fixation attack protection is in use (and concurrent
+     * session control is enabled).
+     */
     public void setSessionRegistry(SessionRegistry sessionRegistry) {
         this.sessionRegistry = sessionRegistry;
     }