CODEWITHSUNDEEP
spring-security
tblank
tblank

Reputation: 257

What is the default setting for continueFilterChainOnUnsuccessfulAuthentication on Spring Security 4.x

What is the default setting for the setContinueFilterChainOnUnsuccessfulAuthentication() method on Spring Security's AbstractPreAuthenticatedProcessingFilter? The javadoc summary at http://docs.spring.io/spring-security/site/docs/4.0.2.RELEASE/apidocs/ says:

By default, the filter chain will proceed when an authentication attempt fails in order to allow other authentication mechanisms to process the request. To reject the credentials immediately, set the continueFilterChainOnUnsuccessfulAuthentication flag to false.

The documentation on the method http://docs.spring.io/spring-security/site/docs/4.0.2.RELEASE/apidocs/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.html#setContinueFilterChainOnUnsuccessfulAuthentication(boolean) says:

... If false (the default), authentication failure will result in an immediate exception.

Thanks in advance for any clarification.

Upvotes: 1

Views: 731

Answers (1)

Avis
Avis

Reputation: 2237

Not sure about the confusion but as these links saying its actually by default set to TRUE so to continue validating other included authentication filters. The implementation is :-

private boolean continueFilterChainOnUnsuccessfulAuthentication = true;

Upvotes: 1

Related Questions