Package org.springframework.security.web.access

Class AccessDeniedHandlerImpl

java.lang.Object
org.springframework.security.web.access.AccessDeniedHandlerImpl
All Implemented Interfaces:
AccessDeniedHandler
public class AccessDeniedHandlerImpl extends Object implements AccessDeniedHandler
Base implementation of AccessDeniedHandler.

This implementation sends a 403 (SC_FORBIDDEN) HTTP error code. In addition, if an errorPage is defined, the implementation will perform a request dispatcher "forward" to the specified error page view. Being a "forward", the SecurityContextHolder will remain populated. This is of benefit if the view (or a tag library or macro) wishes to access the SecurityContextHolder. The request scope will also be populated with the exception itself, available from the key WebAttributes.ACCESS_DENIED_403.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected static final org.apache.commons.logging.Log
    logger
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    AccessDeniedHandlerImpl()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    handle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.access.AccessDeniedException accessDeniedException)
    Handles an access denied failure.
    void
    setErrorPage(String errorPage)
    The error page to use.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • logger

      protected static final org.apache.commons.logging.Log logger

  • Constructor Details

    • AccessDeniedHandlerImpl

      public AccessDeniedHandlerImpl()

  • Method Details

    • handle

      public void handle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.access.AccessDeniedException accessDeniedException) throws IOException, jakarta.servlet.ServletException
      Description copied from interface: AccessDeniedHandler
      Handles an access denied failure.
      Specified by:
      handle in interface AccessDeniedHandler
      Parameters:
      request - that resulted in an AccessDeniedException
      response - so that the user agent can be advised of the failure
      accessDeniedException - that caused the invocation
      Throws:
      IOException - in the event of an IOException
      jakarta.servlet.ServletException - in the event of a ServletException

    • setErrorPage

      public void setErrorPage(String errorPage)
      The error page to use. Must begin with a "/" and is interpreted relative to the current context root.
      Parameters:
      errorPage - the dispatcher path to display
      Throws:
      IllegalArgumentException - if the argument doesn't comply with the above limitations