Class DelegatingMissingAuthorityAccessDeniedHandler
java.lang.Object
org.springframework.security.web.access.DelegatingMissingAuthorityAccessDeniedHandler
- All Implemented Interfaces:
AccessDeniedHandler
public final class DelegatingMissingAuthorityAccessDeniedHandler
extends Object
implements AccessDeniedHandler
An
AccessDeniedHandler that adapts AuthenticationEntryPoints based on
missing GrantedAuthoritys. These authorities are specified in an
AuthorityAuthorizationDecision inside an AuthorizationDeniedException.
This is helpful in adaptive authentication scenarios where an
AuthorizationManager indicates
additional authorities needed to access a given resource.
For example, if an
AuthorizationManager states that to
access the home page, the user needs the FACTOR_OTT authority, then this
handler can be configured in the following way to redirect to the one-time-token login
page:
AccessDeniedHandler handler = DelegatingMissingAuthorityAccessDeniedHandler.builder()
.addEntryPointFor(new LoginUrlAuthenticationEntryPoint("/login"), GrantedAuthorities.FACTOR_OTT_AUTHORITY)
.addEntryPointFor(new MyCustomEntryPoint(), GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
.build();
- Since:
- 7.0
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic final classA builder for configuring the set of authority/entry-point pairs -
Method Summary
Modifier and TypeMethodDescriptionbuilder()voidhandle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, AccessDeniedException denied) Handles an access denied failure.voidsetDefaultAccessDeniedHandler(AccessDeniedHandler defaultAccessDeniedHandler) Use thisAccessDeniedHandlerforAccessDeniedExceptions that this handler doesn't support.voidsetRequestCache(RequestCache requestCache) Use thisRequestCacheto remember the current request.
-
Method Details
-
handle
public void handle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, AccessDeniedException denied) throws IOException, jakarta.servlet.ServletException Description copied from interface:AccessDeniedHandlerHandles an access denied failure.- Specified by:
handlein interfaceAccessDeniedHandler- Parameters:
request- that resulted in anAccessDeniedExceptionresponse- so that the user agent can be advised of the failuredenied- that caused the invocation- Throws:
IOException- in the event of an IOExceptionjakarta.servlet.ServletException- in the event of a ServletException
-
setDefaultAccessDeniedHandler
Use thisAccessDeniedHandlerforAccessDeniedExceptions that this handler doesn't support. By default, this usesAccessDeniedHandlerImpl.- Parameters:
defaultAccessDeniedHandler- the defaultAccessDeniedHandlerto use
-
setRequestCache
Use thisRequestCacheto remember the current request.Uses
NullRequestCacheby default- Parameters:
requestCache- theRequestCacheto use
-
builder
-