Spring Security SEC-1704: add flag ExceptionMappingAuthenticationFailureHandler to decide if we want to save exception.

chun ping wang (Migrated from SEC-1704) said:

currently the ExceptionMappingAuthenticationFailureHandler does not save the exception populated by SimpleUrlAuthenticationFailureHandler.

Their should be flag that overrides it, to allow saving of exception.

onAuthenticationFailure(....) { if (saveException) { super.saveException(..); } ..... super.onAuthenticationFailure(..) }

This way user don't need to extend a class just so that they can get the authentication exception.

Comment From: spring-projects-issues

Marcus Better said:

It should maybe just save the exception, no need for a flag.

This lack of symmetry between redirects due to exception mapping and the defaultFailureUrl is a bit counter-intuitive.

Comment From: rwinch

To achieve this you can leverage DelegatingAuthenticationFailureHandler which allows mapping the Exception to an arbitrary AuthenticationFailureHandler including SimpleUrlAuthenticationFailureHandler which will persist the Exception.