Spring Security uses a simple dispatcher pattern to translate exceptions thrown by the framework into concrete actions that affect the processing of a user's request to a secured resource. The
o.s.s.web.access.ExceptionTranslationFilter, one of the last servlet filters in the standard Spring Security filter chain, is responsible for examining exceptions thrown during the authentication and authorization processes (in
FilterSecurityInterceptor, the culmination of the filter chain), and reacting appropriately to them.
ExceptionTranslationFilter provides dispatching for three general classes of failure, as illustrated in the following diagram:
We can see that