From d88b0b2eb842437f86224d05ae1af14b7f29429c Mon Sep 17 00:00:00 2001
From: Andrey Litvitski <andrey1010102008@gmail.com>
Date: Tue, 9 Jun 2026 18:31:11 +0300
Subject: [PATCH] Accept Map in DelegatingAuthenticationFailureHandler
 constructor

This will help us avoid forcing users to depend on a specific Map
implementation when only the Map contract is required.

Closes: gh-19305

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
---
 ...elegatingAuthenticationFailureHandler.java | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java
index 16ab7835682..c40863fe3d6 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/DelegatingAuthenticationFailureHandler.java
@@ -35,6 +35,7 @@
  * .
  *
  * @author Kazuki Shimizu
+ * @author Andrey Litvitski
  * @since 4.0
  */
 public class DelegatingAuthenticationFailureHandler implements AuthenticationFailureHandler {
@@ -52,7 +53,11 @@ public class DelegatingAuthenticationFailureHandler implements AuthenticationFai
 	 * @param defaultHandler the default {@link AuthenticationFailureHandler} that should
 	 * be used if none of the handlers matches. This parameter cannot specify null.
 	 * @throws IllegalArgumentException if invalid argument is specified
+	 * @deprecated Use
+	 * {@link #DelegatingAuthenticationFailureHandler(Map, AuthenticationFailureHandler)}
+	 * instead.
 	 */
+	@Deprecated(since = "7.0.6")
 	public DelegatingAuthenticationFailureHandler(
 			LinkedHashMap<Class<? extends AuthenticationException>, AuthenticationFailureHandler> handlers,
 			AuthenticationFailureHandler defaultHandler) {
@@ -62,6 +67,25 @@ public DelegatingAuthenticationFailureHandler(
 		this.defaultHandler = defaultHandler;
 	}
 
+	/**
+	 * Creates a new instance
+	 * @param handlers a map of the {@link AuthenticationException} class to the
+	 * {@link AuthenticationFailureHandler} that should be used. Each is considered in the
+	 * order they are specified and only the first {@link AuthenticationFailureHandler} is
+	 * ued. This parameter cannot specify null or empty.
+	 * @param defaultHandler the default {@link AuthenticationFailureHandler} that should
+	 * be used if none of the handlers matches. This parameter cannot specify null.
+	 * @throws IllegalArgumentException if invalid argument is specified
+	 */
+	public DelegatingAuthenticationFailureHandler(
+			Map<Class<? extends AuthenticationException>, AuthenticationFailureHandler> handlers,
+			AuthenticationFailureHandler defaultHandler) {
+		Assert.notEmpty(handlers, "handlers cannot be null or empty");
+		Assert.notNull(defaultHandler, "defaultHandler cannot be null");
+		this.handlers = new LinkedHashMap<>(handlers);
+		this.defaultHandler = defaultHandler;
+	}
+
 	@Override
 	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException exception) throws IOException, ServletException {