Hi all,

After reading the documentation i've some doubts about what to implement in one project. The project needs a certificate validation, because of that, I think that i've to use x509 filter. Reading about this filter I saw that is an AbstractPreAuthenticatedProcessingFilter. What's the difference between PreAuthenticatedFilter and AuthenticationFilter? In the 2 cases what you can do is "validate" an user, no?


My other question is that authenticationfilter has a handler for manage exception: authentication-failure-handler and i can handle the exceptions in a xml for example:

<bean id="exceptionManager" class="org.springframework.security.web.authentica tion.ExceptionMappingAuthenticationFailureHandler" >
<property name="exceptionMappings">
<props>
<prop key="BadCredentialsException">/error/badcredentials</prop>
</props>
</property>
</bean>

Is there any similar for use in the preauthenticatedfilters?

Any help would be apreciated, thanks to all.


PD: sorry for my mistakes writing, english isn't my first language...