Class SecurityExceptionProcessor
java.lang.Object
org.craftercms.security.processors.impl.SecurityExceptionProcessor
- All Implemented Interfaces:
RequestSecurityProcessor
Handles certain security exceptions:
- If it's an
AuthenticationRequiredException
, theAuthenticationRequiredHandler
is used. - If it's an
AccessDeniedException
, and the user is anonymous, theAuthenticationRequiredHandler
is used. If not, theAccessDeniedHandler
is used.
- Author:
- Alfonso Vásquez
-
Field Summary
Modifier and TypeFieldDescriptionprotected AccessDeniedHandler
protected AuthenticationRequiredHandler
static final org.slf4j.Logger
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionfindSecurityException
(Exception topException) protected void
handleAccessDeniedException
(org.craftercms.commons.http.RequestContext context, AccessDeniedException e) Handles the specifiedAccessDeniedException
, by calling theAccessDeniedHandler
.protected void
handleAuthenticationRequiredException
(org.craftercms.commons.http.RequestContext context, AuthenticationRequiredException e) protected void
handleSecurityProviderException
(SecurityProviderException e, org.craftercms.commons.http.RequestContext context) void
processRequest
(org.craftercms.commons.http.RequestContext context, RequestSecurityProcessorChain processorChain) Catches any exception thrown by the processor chain.void
setAccessDeniedHandler
(AccessDeniedHandler accessDeniedHandler) Sets theAccessDeniedHandler
, to handle anyAccessDeniedException
s thrown.void
setAuthenticationRequiredHandler
(AuthenticationRequiredHandler authenticationRequiredHandler) Sets theAuthenticationRequiredHandler
, to handle anyAuthenticationRequiredException
s thrown.
-
Field Details
-
logger
public static final org.slf4j.Logger logger -
authenticationRequiredHandler
-
accessDeniedHandler
-
-
Constructor Details
-
SecurityExceptionProcessor
public SecurityExceptionProcessor()
-
-
Method Details
-
setAuthenticationRequiredHandler
public void setAuthenticationRequiredHandler(AuthenticationRequiredHandler authenticationRequiredHandler) Sets theAuthenticationRequiredHandler
, to handle anyAuthenticationRequiredException
s thrown. -
setAccessDeniedHandler
Sets theAccessDeniedHandler
, to handle anyAccessDeniedException
s thrown. -
processRequest
public void processRequest(org.craftercms.commons.http.RequestContext context, RequestSecurityProcessorChain processorChain) throws Exception Catches any exception thrown by the processor chain. If the exception is an instance of aSecurityProviderException
, the exception is handled to see if authentication is required (AuthenticationRequiredException
), or if access to the resource is denied (AccessDeniedException
).- Specified by:
processRequest
in interfaceRequestSecurityProcessor
- Parameters:
context
- the context which holds the current request and responseprocessorChain
- the processor chain, used to call the next processor- Throws:
Exception
-
findSecurityException
-
handleSecurityProviderException
protected void handleSecurityProviderException(SecurityProviderException e, org.craftercms.commons.http.RequestContext context) throws SecurityProviderException, IOException - Throws:
SecurityProviderException
IOException
-
handleAuthenticationRequiredException
protected void handleAuthenticationRequiredException(org.craftercms.commons.http.RequestContext context, AuthenticationRequiredException e) throws SecurityProviderException, IOException - Throws:
SecurityProviderException
IOException
-
handleAccessDeniedException
protected void handleAccessDeniedException(org.craftercms.commons.http.RequestContext context, AccessDeniedException e) throws SecurityProviderException, IOException Handles the specifiedAccessDeniedException
, by calling theAccessDeniedHandler
.- Throws:
SecurityProviderException
IOException
-