org.springframework.security.web.access
Class AccessDeniedHandlerImpl

java.lang.Object
  extended by org.springframework.security.web.access.AccessDeniedHandlerImpl
All Implemented Interfaces:
AccessDeniedHandler

public class AccessDeniedHandlerImpl
extends Object
implements AccessDeniedHandler

Base implementation of AccessDeniedHandler.

This implementation sends a 403 (SC_FORBIDDEN) HTTP error code. In addition, if an errorPage is defined, the implementation will perform a request dispatcher "forward" to the specified error page view. Being a "forward", the SecurityContextHolder will remain populated. This is of benefit if the view (or a tag library or macro) wishes to access the SecurityContextHolder. The request scope will also be populated with the exception itself, available from the key SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY.

Version:
$Id: AccessDeniedHandlerImpl.java 3640 2009-05-04 14:24:54Z ltaylor $
Author:
Ben Alex

Field Summary
protected static org.apache.commons.logging.Log logger
           
static String SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY
           
 
Constructor Summary
AccessDeniedHandlerImpl()
           
 
Method Summary
 void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException)
          Handles an access denied failure.
 void setErrorPage(String errorPage)
          The error page to use.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY

public static final String SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY
See Also:
Constant Field Values

logger

protected static final org.apache.commons.logging.Log logger
Constructor Detail

AccessDeniedHandlerImpl

public AccessDeniedHandlerImpl()
Method Detail

handle

public void handle(HttpServletRequest request,
                   HttpServletResponse response,
                   AccessDeniedException accessDeniedException)
            throws IOException,
                   ServletException
Description copied from interface: AccessDeniedHandler
Handles an access denied failure.

Specified by:
handle in interface AccessDeniedHandler
Parameters:
request - that resulted in an AccessDeniedException
response - so that the user agent can be advised of the failure
accessDeniedException - that caused the invocation
Throws:
IOException - in the event of an IOException
ServletException - in the event of a ServletException

setErrorPage

public void setErrorPage(String errorPage)
The error page to use. Must begin with a "/" and is interpreted relative to the current context root.

Parameters:
errorPage - the dispatcher path to display
Throws:
IllegalArgumentException - if the argument doesn't comply with the above limitations


Copyright © 2004-2009 SpringSource, Inc. All Rights Reserved.