One can configure exception mapping by explicitly configuring authenticationProcessingFilter as shown below:
1. disable http auto-config, ie auto-config="false". Exception would be thrown is auto-config is on.
<sec:http ref="authenticationProcessingFilterEntryPoint" config="false">
<sec:intercept-url pattern="/webflow/flows/**" access="ROLE_ALL" />
<sec:intercept-url pattern="/j_spring_security_check"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<sec:logout url="/j_spring_security_logout" session="true"></sec:logout>
</sec:http>
2. Register authenticationProcessingFilter, authenticationProcessingFilterEntryPoint
<bean id="authenticationProcessingFilter"3. Register authenticationManager using security namespace:
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
<sec:custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationFailureUrl" value="/login.jsp?login_error=1"/>
<property name="exceptionMappings">
<props>
<prop key="org.springframework.security.BadCredentialsException">
/error.jsp
</prop>
<prop key="org.springframework.security.CredentialsExpiredException">
/getnewpassword.jsp
</prop>
<prop key="org.springframework.security.LockedException">
/lockedoutpage.jsp
</prop>
<prop key="org.springframework.security.DisabledException">
/unauthorizeduser.jsp
</prop>
</props>
</property>
<property name="defaultTargetUrl" value="/home">
<property name="filterProcessesUrl" value="/j_spring_security_check" />
</bean>
<sec:authentication-manager alias="authenticationManager">4. Register authenticationProvider using security namespace:
<sec:authentication-provider>
<sec:user-service>
<sec:user name="rod" password="koala" authorities="ROLE_SUPERVISOR">
</sec:user>
</sec:user-service>
</sec:authentication-provider>
