May 25th, 2012, 03:51 PM
AbstractPreAuthenticatedProcessingFilter vs AbstractAuthenticationProcessingFilter
After reading the documentation i've some doubts about what to implement in one project. The project needs a certificate validation, because of that, I think that i've to use x509 filter. Reading about this filter I saw that is an AbstractPreAuthenticatedProcessingFilter. What's the difference between PreAuthenticatedFilter and AuthenticationFilter? In the 2 cases what you can do is "validate" an user, no?
My other question is that authenticationfilter has a handler for manage exception: authentication-failure-handler and i can handle the exceptions in a xml for example:
<bean id="exceptionManager" class="org.springframework.security.web.authentica tion.ExceptionMappingAuthenticationFailureHandler" >
Is there any similar for use in the preauthenticatedfilters?
Any help would be apreciated, thanks to all.
PD: sorry for my mistakes writing, english isn't my first language...