Class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>>

java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<ExceptionHandlingConfigurer<H>,H>
org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer<H>
All Implemented Interfaces:
SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H>

public final class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractHttpConfigurer<ExceptionHandlingConfigurer<H>,H>
Adds exception handling for Spring Security related exceptions to an application. All properties have reasonable defaults, so no additional configuration is required other than applying this SecurityConfigurer.

Security Filters

The following Filters are populated
  • ExceptionTranslationFilter

Shared Objects Created

No shared objects are created.

Shared Objects Used

The following shared objects are used:
Since:
3.2
  • Constructor Details

  • Method Details

    • accessDeniedPage

      public ExceptionHandlingConfigurer<H> accessDeniedPage(String accessDeniedUrl)
      Shortcut to specify the AccessDeniedHandler to be used is a specific error page
      Parameters:
      accessDeniedUrl - the URL to the access denied page (i.e. /errors/401)
      Returns:
      the ExceptionHandlingConfigurer for further customization
      See Also:
    • accessDeniedHandler

      public ExceptionHandlingConfigurer<H> accessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler accessDeniedHandler)
      Specifies the AccessDeniedHandler to be used
      Parameters:
      accessDeniedHandler - the AccessDeniedHandler to be used
      Returns:
      the ExceptionHandlingConfigurer for further customization
    • defaultAccessDeniedHandlerFor

      public ExceptionHandlingConfigurer<H> defaultAccessDeniedHandlerFor(org.springframework.security.web.access.AccessDeniedHandler deniedHandler, org.springframework.security.web.util.matcher.RequestMatcher preferredMatcher)
      Sets a default AccessDeniedHandler to be used which prefers being invoked for the provided RequestMatcher. If only a single default AccessDeniedHandler is specified, it will be what is used for the default AccessDeniedHandler. If multiple default AccessDeniedHandler instances are configured, then a RequestMatcherDelegatingAccessDeniedHandler will be used.
      Parameters:
      deniedHandler - the AccessDeniedHandler to use
      preferredMatcher - the RequestMatcher for this default AccessDeniedHandler
      Returns:
      the ExceptionHandlingConfigurer for further customizations
      Since:
      5.1
    • authenticationEntryPoint

      public ExceptionHandlingConfigurer<H> authenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)
      Sets the AuthenticationEntryPoint to be used.

      If no authenticationEntryPoint(AuthenticationEntryPoint) is specified, then defaultAuthenticationEntryPointFor(AuthenticationEntryPoint, RequestMatcher) will be used. The first AuthenticationEntryPoint will be used as the default if no matches were found.

      If that is not provided defaults to Http403ForbiddenEntryPoint.

      Parameters:
      authenticationEntryPoint - the AuthenticationEntryPoint to use
      Returns:
      the ExceptionHandlingConfigurer for further customizations
    • defaultAuthenticationEntryPointFor

      public ExceptionHandlingConfigurer<H> defaultAuthenticationEntryPointFor(org.springframework.security.web.AuthenticationEntryPoint entryPoint, org.springframework.security.web.util.matcher.RequestMatcher preferredMatcher)
      Sets a default AuthenticationEntryPoint to be used which prefers being invoked for the provided RequestMatcher. If only a single default AuthenticationEntryPoint is specified, it will be what is used for the default AuthenticationEntryPoint. If multiple default AuthenticationEntryPoint instances are configured, then a DelegatingAuthenticationEntryPoint will be used.
      Parameters:
      entryPoint - the AuthenticationEntryPoint to use
      preferredMatcher - the RequestMatcher for this default AuthenticationEntryPoint
      Returns:
      the ExceptionHandlingConfigurer for further customizations
    • configure

      public void configure(H http)
      Description copied from interface: SecurityConfigurer
      Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
      Specified by:
      configure in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
      Overrides:
      configure in class SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>