Class SecurityExceptionProcessor
java.lang.Object
org.craftercms.security.processors.impl.SecurityExceptionProcessor
- All Implemented Interfaces:
RequestSecurityProcessor
Handles certain security exceptions:
- If it's an
AuthenticationRequiredException, theAuthenticationRequiredHandleris used. - If it's an
AccessDeniedException, and the user is anonymous, theAuthenticationRequiredHandleris used. If not, theAccessDeniedHandleris used.
- Author:
- Alfonso Vásquez
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected AccessDeniedHandlerprotected AuthenticationRequiredHandlerstatic final org.slf4j.Logger -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionfindSecurityException(Exception topException) protected voidhandleAccessDeniedException(org.craftercms.commons.http.RequestContext context, AccessDeniedException e) Handles the specifiedAccessDeniedException, by calling theAccessDeniedHandler.protected voidhandleAuthenticationRequiredException(org.craftercms.commons.http.RequestContext context, AuthenticationRequiredException e) protected voidhandleSecurityProviderException(SecurityProviderException e, org.craftercms.commons.http.RequestContext context) voidprocessRequest(org.craftercms.commons.http.RequestContext context, RequestSecurityProcessorChain processorChain) Catches any exception thrown by the processor chain.voidsetAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) Sets theAccessDeniedHandler, to handle anyAccessDeniedExceptions thrown.voidsetAuthenticationRequiredHandler(AuthenticationRequiredHandler authenticationRequiredHandler) Sets theAuthenticationRequiredHandler, to handle anyAuthenticationRequiredExceptions thrown.
-
Field Details
-
logger
public static final org.slf4j.Logger logger -
authenticationRequiredHandler
-
accessDeniedHandler
-
-
Constructor Details
-
SecurityExceptionProcessor
public SecurityExceptionProcessor()
-
-
Method Details
-
setAuthenticationRequiredHandler
public void setAuthenticationRequiredHandler(AuthenticationRequiredHandler authenticationRequiredHandler) Sets theAuthenticationRequiredHandler, to handle anyAuthenticationRequiredExceptions thrown. -
setAccessDeniedHandler
Sets theAccessDeniedHandler, to handle anyAccessDeniedExceptions thrown. -
processRequest
public void processRequest(org.craftercms.commons.http.RequestContext context, RequestSecurityProcessorChain processorChain) throws Exception Catches any exception thrown by the processor chain. If the exception is an instance of aSecurityProviderException, the exception is handled to see if authentication is required (AuthenticationRequiredException), or if access to the resource is denied (AccessDeniedException).- Specified by:
processRequestin interfaceRequestSecurityProcessor- Parameters:
context- the context which holds the current request and responseprocessorChain- the processor chain, used to call the next processor- Throws:
Exception
-
findSecurityException
-
handleSecurityProviderException
protected void handleSecurityProviderException(SecurityProviderException e, org.craftercms.commons.http.RequestContext context) throws SecurityProviderException, IOException - Throws:
SecurityProviderExceptionIOException
-
handleAuthenticationRequiredException
protected void handleAuthenticationRequiredException(org.craftercms.commons.http.RequestContext context, AuthenticationRequiredException e) throws SecurityProviderException, IOException - Throws:
SecurityProviderExceptionIOException
-
handleAccessDeniedException
protected void handleAccessDeniedException(org.craftercms.commons.http.RequestContext context, AccessDeniedException e) throws SecurityProviderException, IOException Handles the specifiedAccessDeniedException, by calling theAccessDeniedHandler.- Throws:
SecurityProviderExceptionIOException
-