On 08/15/2011 10:41 AM, Les Hazlewood wrote:
> I'm confused as to why this wouldn't work in afterCompletion.
> afterCompletion is guaranteed to be called at the end of the request
> (in all cases) and is meant to perform subclass-specific final/cleanup
> type of work that you describe.
>
> The cleanup method is primarily infrastructural - its only job is to
> ensure that 1) afterCompletion is always called and 2) if any
> exception is thrown, either originally or as a result of
> afterCompletion, that it is wrapped in a ServletException if it is not
> already an IOException or ServletException.
>
> Based on this, it makes sense to me to have AuthenticatingFilter
> override afterCompletion (it doesn't currently) to do the following:
>
> if (existing instanceof UnauthenticatedException || (existing
> instanceof ServletException && existing.getCause() instanceof
> UnauthenticatedException)) {
> onAccessDenied(request,response);
> }
>
> Thoughts?
>
> Cheers,
>
> Les
But, because of that 2nd guarantee of cleanup, there's no way for me to
actually catch the exception - without rethrowing it. The code you
propose would set return values appropriately, but the exception would
still be propagated up the filter chain - even when it's already been
acknowledged and handled.
Thanks,
Jared
