public CsrfAwareEntryPointAndDeniedHandler(String login, String redirectCsrf, String redirectNotLoggedIn) { if (redirectCsrf == null || !redirectCsrf.startsWith("/")) { throw new NullPointerException("Invalid CSRF redirect URL, must start with '/'"); } if (login == null || !login.startsWith("/")) { throw new NullPointerException("Invalid CSRF redirect URL, must start with '/'"); } if (redirectNotLoggedIn == null || !redirectNotLoggedIn.startsWith("/")) { throw new NullPointerException("Invalid login redirect URL, must start with '/'"); } loginEntryPoint = new LoginUrlAuthenticationEntryPoint(login); notloggedInCsrfEntryPoint = new LoginUrlAuthenticationEntryPoint(redirectNotLoggedIn); loggedInCsrfEntryPoint = new LoginUrlAuthenticationEntryPoint(redirectCsrf) { @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { response.setStatus(HttpServletResponse.SC_FORBIDDEN); super.commence(request, response, authException); } }; loggedInCsrfEntryPoint.setUseForward(true); } public CsrfAwareEntryPointAndDeniedHandler(String redirectCsrf, String redirectNotLoggedIn) {