Neil Anderson (Migrated from SEC-778) said:
Would it be possible to update the namespace based configuration to allow exception mappings to be created for the default authentication processing filter created via the form-login. This would be useful when cutting down the XML required to configure spring security.
Luke Taylor said:
To be reviewed for 2.1
Neil Anderson said:
I hit this issue again and was wondering if there is something that can be done in the short term. Not being able to set exceptionMappings on the AuthenticationProcessingFilter via the namespace based configuration is a pain. The result is verbose XML has to be produced to do the mapping.
An update that would resolve the problem would be to allow something like the following XML by updating the security schema. The FormLoginBeanDefinitionParser could then be updated to produce the exceptionMappings list.
The attachment contains a proposed solution to the issue where you can not configure the ‘exceptionMappings’ on the AuthenticationProcessingFilter class via the namespace based configuration. The change does not effect any existing namespace configuration and is backwards compatible. The update will allow the following configuration within the http security element:
The update is based on the current 2.0.4 snapshot from svn and is valid as of the 24th of July 2008.
I would appreciate it if you would take a look at this and check the code in for the 2.0.4 release if you are happy with the code.
This thread is also related to this issue:
My comment from there explains why we don’t want define exception mappings explicitly for form-login:
“Exception mappings may be something that we should look at but we intend to revisit the whole subject of redirection/forwarding within the framework for the next major version and it should be considered as part of that. For example, a strategy might be introduced to encapsulate the navigation behaviour when an exception occurs – similar to TargetUrlResolver (which will also probably be changed). This would be more flexible than the existing exception-mapping approach. So I agree that this kind of functionality would be useful within the namspace but it may not be right to implement it in the way you’ve suggested. The concept of an authentication failure isn’t specific to form-based logins, so it may be that the strategy should be set within the block itself and be applied to other authentication mechanisms.”
This concept also applies to other filters such as OpenID and will be considered as part of our overall strategy for handling destination URLs.
Making SEC-745 the parent issue URL-navigation behaviour.
Superseded by SEC-745 (and subtasks).
This issue duplicates #1005