Class SecurityExceptionProcessor
- java.lang.Object
-
- org.craftercms.security.processors.impl.SecurityExceptionProcessor
-
- All Implemented Interfaces:
RequestSecurityProcessor
public class SecurityExceptionProcessor extends Object implements RequestSecurityProcessor
Handles certain security exceptions:- If it's an
AuthenticationRequiredException
, theAuthenticationRequiredHandler
is used. - If it's an
AccessDeniedException
, and the user is anonymous, theAuthenticationRequiredHandler
is used. If not, theAccessDeniedHandler
is used.
- Author:
- Alfonso Vásquez
-
-
Field Summary
Fields Modifier and Type Field Description protected AccessDeniedHandler
accessDeniedHandler
protected AuthenticationRequiredHandler
authenticationRequiredHandler
static org.slf4j.Logger
logger
-
Constructor Summary
Constructors Constructor Description SecurityExceptionProcessor()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description SecurityProviderException
findSecurityException(Exception topException)
protected void
handleAccessDeniedException(org.craftercms.commons.http.RequestContext context, AccessDeniedException e)
Handles the specifiedAccessDeniedException
, by calling theAccessDeniedHandler
.protected void
handleAuthenticationRequiredException(org.craftercms.commons.http.RequestContext context, AuthenticationRequiredException e)
protected void
handleSecurityProviderException(SecurityProviderException e, org.craftercms.commons.http.RequestContext context)
void
processRequest(org.craftercms.commons.http.RequestContext context, RequestSecurityProcessorChain processorChain)
Catches any exception thrown by the processor chain.void
setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler)
Sets theAccessDeniedHandler
, to handle anyAccessDeniedException
s thrown.void
setAuthenticationRequiredHandler(AuthenticationRequiredHandler authenticationRequiredHandler)
Sets theAuthenticationRequiredHandler
, to handle anyAuthenticationRequiredException
s thrown.
-
-
-
Field Detail
-
logger
public static final org.slf4j.Logger logger
-
authenticationRequiredHandler
protected AuthenticationRequiredHandler authenticationRequiredHandler
-
accessDeniedHandler
protected AccessDeniedHandler accessDeniedHandler
-
-
Method Detail
-
setAuthenticationRequiredHandler
public void setAuthenticationRequiredHandler(AuthenticationRequiredHandler authenticationRequiredHandler)
Sets theAuthenticationRequiredHandler
, to handle anyAuthenticationRequiredException
s thrown.
-
setAccessDeniedHandler
public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler)
Sets theAccessDeniedHandler
, to handle anyAccessDeniedException
s thrown.
-
processRequest
public void processRequest(org.craftercms.commons.http.RequestContext context, RequestSecurityProcessorChain processorChain) throws Exception
Catches any exception thrown by the processor chain. If the exception is an instance of aSecurityProviderException
, the exception is handled to see if authentication is required (AuthenticationRequiredException
), or if access to the resource is denied (AccessDeniedException
).- Specified by:
processRequest
in interfaceRequestSecurityProcessor
- Parameters:
context
- the context which holds the current request and responseprocessorChain
- the processor chain, used to call the next processor- Throws:
Exception
-
findSecurityException
public SecurityProviderException findSecurityException(Exception topException)
-
handleSecurityProviderException
protected void handleSecurityProviderException(SecurityProviderException e, org.craftercms.commons.http.RequestContext context) throws SecurityProviderException, IOException
- Throws:
SecurityProviderException
IOException
-
handleAuthenticationRequiredException
protected void handleAuthenticationRequiredException(org.craftercms.commons.http.RequestContext context, AuthenticationRequiredException e) throws SecurityProviderException, IOException
- Throws:
SecurityProviderException
IOException
-
handleAccessDeniedException
protected void handleAccessDeniedException(org.craftercms.commons.http.RequestContext context, AccessDeniedException e) throws SecurityProviderException, IOException
Handles the specifiedAccessDeniedException
, by calling theAccessDeniedHandler
.- Throws:
SecurityProviderException
IOException
-
-