'BasicAuthenticationFilter onUnsuccessfulAuthentication call twice
in beans:
<http auto-config="false" disable-url-rewriting="false">
<intercept-url pattern="/server/**" access="permitAll"/>
<intercept-url pattern="/includes/**" access="permitAll"/>
<intercept-url pattern="/favicon.ico" access="permitAll"/>
<intercept-url pattern="/" access="permitAll"/>
<intercept-url pattern="/index.html" access="permitAll"/>
<intercept-url pattern="/help/**/*" access="permitAll"/>
<intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
<custom-filter ref="unsuccessfulBasicAuthenticationFilter" position="BASIC_AUTH_FILTER"/>
</http>
Call twice:
public class UnsuccessfulBasicAuthenticationFilter extends BasicAuthenticationFilter {
@Override
protected void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException {
if (failed instanceof BadCredentialsException) {
failedLogonAttemptsHandler.onFailedLogonAttempt();
}
super.onUnsuccessfulAuthentication(request, response, failed);
}
}
But method onUnsuccessfulAuthentication call twice.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|