[SEC-472] Overriding AuthenticationProcessingFilterEntryPoint Concern

**julian** · May 29th, 2007, 12:10 PM

Hi,

Perhaps I'm confused, but it seems the issue (which was closed as part of Spring 1.0.4) isn't fully flushed out. Although the patch allows one to add multiple URLs as entry points by overriding the determineUrlToUseForThisRequest method. There is no such equivalent for the various exception handling pages. For example, the AuthenticationProcessingFilter.authenticationFailu reUrl method is a static mapping. Perhaps the design was that an Acegi user would set the authenticationFailureUrl everytime the onUnsuccessfulAuthentication method is called? Also, is there a workaround for the ConcurrentSessionFilter's expiredUrl? Otherwise, the user may be presented with a login page that is not appropriate for their role, etc...this can be confusing.
Thanks,
Julian

**karldmoore** · May 29th, 2007, 12:58 PM

I would have thought the JIRA issue might be a good place to raise these concerns.

**julian** · May 29th, 2007, 01:28 PM

ok, well I wanted to make sure that this was not a known problem or a stupid question first. I'll add a comment in JIRA. thx

**karldmoore** · May 29th, 2007, 01:51 PM

Originally Posted by julian

ok, well I wanted to make sure that this was not a known problem or a stupid question first. I'll add a comment in JIRA. thx

If the points you've raised weren't explicity part of the defect, these might need raising separately.

**julian** · May 29th, 2007, 02:08 PM

It appears the above mentioned issue doesn't explicitly raise these concerns. I have filed a new JIRA issue:
http://opensource.atlassian.com/proj...browse/SEC-486

Thread: [SEC-472] Overriding AuthenticationProcessingFilterEntryPoint Concern

Thread Tools

Display

[SEC-472] Overriding AuthenticationProcessingFilterEntryPoint Concern

Posting Permissions