Class DelegatingMissingAuthorityAccessDeniedHandler
java.lang.Object
org.springframework.security.web.access.DelegatingMissingAuthorityAccessDeniedHandler
- All Implemented Interfaces:
AccessDeniedHandler
public final class DelegatingMissingAuthorityAccessDeniedHandler
extends Object
implements AccessDeniedHandler
An
AccessDeniedHandler
that adapts AuthenticationEntryPoint
s based on
missing GrantedAuthority
s. These authorities are specified in an
AuthorityAuthorizationDecision
inside an AuthorizationDeniedException
.
This is helpful in adaptive authentication scenarios where an
AuthorizationManager
indicates
additional authorities needed to access a given resource.
For example, if an
AuthorizationManager
states that to
access the home page, the user needs the FACTOR_OTT
authority, then this
handler can be configured in the following way to redirect to the one-time-token login
page:
AccessDeniedHandler handler = DelegatingMissingAuthorityAccessDeniedHandler.builder()
.addEntryPointFor(new LoginUrlAuthenticationEntryPoint("/login"), GrantedAuthorities.FACTOR_OTT_AUTHORITY)
.addEntryPointFor(new MyCustomEntryPoint(), GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
.build();
- Since:
- 7.0
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic final class
A builder for configuring the set of authority/entry-point pairs -
Method Summary
Modifier and TypeMethodDescriptionbuilder()
void
handle
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, AccessDeniedException denied) Handles an access denied failure.void
setDefaultAccessDeniedHandler
(AccessDeniedHandler defaultAccessDeniedHandler) Use thisAccessDeniedHandler
forAccessDeniedException
s that this handler doesn't support.void
setRequestCache
(RequestCache requestCache) Use thisRequestCache
to remember the current request.
-
Method Details
-
handle
public void handle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, AccessDeniedException denied) throws IOException, jakarta.servlet.ServletException Description copied from interface:AccessDeniedHandler
Handles an access denied failure.- Specified by:
handle
in interfaceAccessDeniedHandler
- Parameters:
request
- that resulted in anAccessDeniedException
response
- so that the user agent can be advised of the failuredenied
- that caused the invocation- Throws:
IOException
- in the event of an IOExceptionjakarta.servlet.ServletException
- in the event of a ServletException
-
setDefaultAccessDeniedHandler
Use thisAccessDeniedHandler
forAccessDeniedException
s that this handler doesn't support. By default, this usesAccessDeniedHandlerImpl
.- Parameters:
defaultAccessDeniedHandler
- the defaultAccessDeniedHandler
to use
-
setRequestCache
Use thisRequestCache
to remember the current request.Uses
NullRequestCache
by default- Parameters:
requestCache
- theRequestCache
to use
-
builder
-