Overloading of doFilter in NegotiateSecurityFilter.java

Aug 23, 2011 at 3:43 PM

Hi! I'm overriding the doFilter()-method of NegotiateSecurityFilter.java (due to the fact that I need to set additional session attributes associated with the user).

For the case if a user cannot be authenticated I want some action to be occured (like appearing of a login-form for basic authorization or url redirection. This I would like to implement directly in the filter). 

But: I cannot override sendUnauthorized(HttpServletResponse, boolean close) becouse it's private. 

So, how can I query the response (HttpServletResponse response) to get header values and to check whether the "401 Unauthorized" appears? And are there some another solutions how to avoid the invocation of "sendUnauthorized" in NegotiateSecurityFilter?

Aug 24, 2011 at 1:50 AM

First, I don't think you'll be able to do a redirect or a login form. Remember that the authentication may fail on the client as well (actually more frequent), then it will just popup the dialog.

Why don't you just refactor sendUnauthorized to be potected/public. Build waffle yourself and submit a patch in case this is really something that is put to use.