Custom AuthenticationEntryPoint

A custom AuthenticationEntryPoint can be used to set necessary response headers, content-type, and so on before sending the response back to the client.

The class is a built-in AuthenticationEntryPoint implementation, which will get invoked for basic authentication to commence. A custom entry point can be created by implementing the interface. The following is an example implementation:

public final class CustomAuthenticationEntryPoint implements
AuthenticationEntryPoint {
public void commence(final HttpServletRequest request, final
HttpServletResponse response, final AuthenticationException
authException) throws IOException {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");

When a client accesses resources without authentication, this entry point kicks in and throws a 401 status code (Unauthorized).

In the Spring Security Java configuration file, make sure that the configure method has this custom AuthenticationEntryPoint defined, as shown in the following code snippet:

protected void configure(HttpSecurity http) throws Exception {
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.