org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>

org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<ExceptionHandlingConfigurer<H>,H>

org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer<H>

All Implemented Interfaces:: SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H>

public final class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractHttpConfigurer<ExceptionHandlingConfigurer<H>,H>

Adds exception handling for Spring Security related exceptions to an application. All properties have reasonable defaults, so no additional configuration is required other than applying this SecurityConfigurer.

Security Filters

The following Filters are populated

ExceptionTranslationFilter

Shared Objects Created

No shared objects are created.

Shared Objects Used

The following shared objects are used:

If no explicit RequestCache, is provided a RequestCache shared object is used to replay the request after authentication is successful
AuthenticationEntryPoint - see authenticationEntryPoint(AuthenticationEntryPoint)

Since:: 3.2

Constructor Summary

Constructors

Constructor

Description

ExceptionHandlingConfigurer()

Creates a new instance
Method Summary

Modifier and Type

Method

Description

ExceptionHandlingConfigurer<H>

accessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler accessDeniedHandler)

Specifies the AccessDeniedHandler to be used

ExceptionHandlingConfigurer<H>

accessDeniedPage(String accessDeniedUrl)

Shortcut to specify the AccessDeniedHandler to be used is a specific error page

ExceptionHandlingConfigurer<H>

authenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)

Sets the AuthenticationEntryPoint to be used.

void

configure(H http)

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

ExceptionHandlingConfigurer<H>

defaultAccessDeniedHandlerFor(org.springframework.security.web.access.AccessDeniedHandler deniedHandler, org.springframework.security.web.util.matcher.RequestMatcher preferredMatcher)

Sets a default AccessDeniedHandler to be used which prefers being invoked for the provided RequestMatcher.

ExceptionHandlingConfigurer<H>

defaultAuthenticationEntryPointFor(org.springframework.security.web.AuthenticationEntryPoint entryPoint, org.springframework.security.web.util.matcher.RequestMatcher preferredMatcher)

Sets a default AuthenticationEntryPoint to be used which prefers being invoked for the provided RequestMatcher.

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, getSecurityContextHolderStrategy, withObjectPostProcessor

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, init, postProcess, setBuilder

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- ExceptionHandlingConfigurer
  
  public ExceptionHandlingConfigurer()
  
  Creates a new instance
  See Also:
  
  HttpSecurity.exceptionHandling()
Method Details
- accessDeniedPage
  
  public ExceptionHandlingConfigurer<H> accessDeniedPage(String accessDeniedUrl)
  
  Shortcut to specify the AccessDeniedHandler to be used is a specific error page
  Parameters:
  
  accessDeniedUrl - the URL to the access denied page (i.e. /errors/401)
  
  Returns:
  
  the ExceptionHandlingConfigurer for further customization
  
  See Also:
  
  AccessDeniedHandlerImpl
  
  accessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler)
- accessDeniedHandler
  
  public ExceptionHandlingConfigurer<H> accessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler accessDeniedHandler)
  
  Specifies the AccessDeniedHandler to be used
  
  Parameters:
  
  accessDeniedHandler - the AccessDeniedHandler to be used
  
  Returns:
  
  the ExceptionHandlingConfigurer for further customization
- defaultAccessDeniedHandlerFor
  
  public ExceptionHandlingConfigurer<H> defaultAccessDeniedHandlerFor(org.springframework.security.web.access.AccessDeniedHandler deniedHandler, org.springframework.security.web.util.matcher.RequestMatcher preferredMatcher)
  
  Sets a default AccessDeniedHandler to be used which prefers being invoked for the provided RequestMatcher. If only a single default AccessDeniedHandler is specified, it will be what is used for the default AccessDeniedHandler. If multiple default AccessDeniedHandler instances are configured, then a RequestMatcherDelegatingAccessDeniedHandler will be used.
  
  Parameters:
  
  deniedHandler - the AccessDeniedHandler to use
  
  preferredMatcher - the RequestMatcher for this default AccessDeniedHandler
  
  Returns:
  
  the ExceptionHandlingConfigurer for further customizations
  
  Since:
  
  5.1
- authenticationEntryPoint
  
  public ExceptionHandlingConfigurer<H> authenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)
  
  Sets the AuthenticationEntryPoint to be used.
  If no authenticationEntryPoint(AuthenticationEntryPoint) is specified, then defaultAuthenticationEntryPointFor(AuthenticationEntryPoint, RequestMatcher) will be used. The first AuthenticationEntryPoint will be used as the default if no matches were found.
  
  If that is not provided defaults to Http403ForbiddenEntryPoint.
  
  Parameters:
  
  authenticationEntryPoint - the AuthenticationEntryPoint to use
  
  Returns:
  
  the ExceptionHandlingConfigurer for further customizations
- defaultAuthenticationEntryPointFor
  
  public ExceptionHandlingConfigurer<H> defaultAuthenticationEntryPointFor(org.springframework.security.web.AuthenticationEntryPoint entryPoint, org.springframework.security.web.util.matcher.RequestMatcher preferredMatcher)
  
  Sets a default AuthenticationEntryPoint to be used which prefers being invoked for the provided RequestMatcher. If only a single default AuthenticationEntryPoint is specified, it will be what is used for the default AuthenticationEntryPoint. If multiple default AuthenticationEntryPoint instances are configured, then a DelegatingAuthenticationEntryPoint will be used.
  
  Parameters:
  
  entryPoint - the AuthenticationEntryPoint to use
  
  preferredMatcher - the RequestMatcher for this default AuthenticationEntryPoint
  
  Returns:
  
  the ExceptionHandlingConfigurer for further customizations
- configure
  
  public void configure(H http)
  
  Description copied from interface: SecurityConfigurer
  
  Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
  
  Specified by:
  
  configure in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
  
  Overrides:
  
  configure in class SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>>

Security Filters

Shared Objects Created

Shared Objects Used

Constructor Summary

Method Summary

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter

Methods inherited from class java.lang.Object

Constructor Details

ExceptionHandlingConfigurer

Method Details

accessDeniedPage

accessDeniedHandler

defaultAccessDeniedHandlerFor

authenticationEntryPoint

defaultAuthenticationEntryPointFor

configure