diff --git a/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java b/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java index 53de3d9a80..773fe01c36 100644 --- a/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java +++ b/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java @@ -5,6 +5,9 @@ import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + /** * Simple implementation of RedirectStrategy which is the default used throughout the framework. * @@ -13,6 +16,8 @@ import javax.servlet.http.HttpServletResponse; * @since 3.0 */ public class DefaultRedirectStrategy implements RedirectStrategy { + protected final Log logger = LogFactory.getLog(getClass()); + private boolean contextRelative; /** @@ -46,6 +51,10 @@ public class DefaultRedirectStrategy implements RedirectStrategy { finalUrl = url; } + if (logger.isDebugEnabled()) { + logger.debug("Redirecting to '" + finalUrl + "'"); + } + response.sendRedirect(response.encodeRedirectURL(finalUrl)); } diff --git a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java index f7425731c4..cc1824a169 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java +++ b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java @@ -6,6 +6,8 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.DefaultRedirectStrategy; import org.springframework.security.web.RedirectStrategy; @@ -26,6 +28,8 @@ import org.springframework.util.Assert; * @since 3.0 */ public class SimpleUrlAuthenticationFailureHandler implements AuthenticationFailureHandler { + protected final Log logger = LogFactory.getLog(getClass()); + private String defaultFailureUrl; private boolean forwardToDestination = false; private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); @@ -39,12 +43,18 @@ public class SimpleUrlAuthenticationFailureHandler implements AuthenticationFail public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { + if (defaultFailureUrl == null) { + logger.debug("No failure URL set, sending 401 Unauthorized error"); + response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication Failed: " + exception.getMessage()); } else { if (forwardToDestination) { + logger.debug("Forwarding to " + defaultFailureUrl); + request.getRequestDispatcher(defaultFailureUrl).forward(request, response); } else { + logger.debug("Redirecting to " + defaultFailureUrl); redirectStrategy.sendRedirect(request, response, defaultFailureUrl); } }