Class DelegatingMissingAuthorityAccessDeniedHandler

java.lang.Object
org.springframework.security.web.access.DelegatingMissingAuthorityAccessDeniedHandler
All Implemented Interfaces:
AccessDeniedHandler

public final class DelegatingMissingAuthorityAccessDeniedHandler extends Object implements AccessDeniedHandler
An AccessDeniedHandler that adapts AuthenticationEntryPoints based on missing GrantedAuthoritys. These authorities are specified in an AuthorityAuthorizationDecision inside an AuthorizationDeniedException.

This is helpful in adaptive authentication scenarios where an AuthorizationManager indicates additional authorities needed to access a given resource.

For example, if an AuthorizationManager states that to access the home page, the user needs the FACTOR_OTT authority, then this handler can be configured in the following way to redirect to the one-time-token login page:

AccessDeniedHandler handler = DelegatingMissingAuthorityAccessDeniedHandler.builder() .addEntryPointFor(new LoginUrlAuthenticationEntryPoint("/login"), GrantedAuthorities.FACTOR_OTT_AUTHORITY) .addEntryPointFor(new MyCustomEntryPoint(), GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY) .build();
Since:
7.0
See Also: