org.springframework.security.web.access
Class AccessDeniedHandlerImpl

java.lang.Object
  extended by org.springframework.security.web.access.AccessDeniedHandlerImpl
All Implemented Interfaces:
AccessDeniedHandler

public class AccessDeniedHandlerImpl
extends java.lang.Object
implements AccessDeniedHandler

Base implementation of AccessDeniedHandler.

This implementation sends a 403 (SC_FORBIDDEN) HTTP error code. In addition, if an errorPage is defined, the implementation will perform a request dispatcher "forward" to the specified error page view. Being a "forward", the SecurityContextHolder will remain populated. This is of benefit if the view (or a tag library or macro) wishes to access the SecurityContextHolder. The request scope will also be populated with the exception itself, available from the key WebAttributes.ACCESS_DENIED_403.


Field Summary
protected static org.apache.commons.logging.Log logger
           
static java.lang.String SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY
          Deprecated. Use the value in WebAttributes directly.
 
Constructor Summary
AccessDeniedHandlerImpl()
           
 
Method Summary
 void handle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AccessDeniedException accessDeniedException)
          Handles an access denied failure.
 void setErrorPage(java.lang.String errorPage)
          The error page to use.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY

@Deprecated
public static final java.lang.String SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY
Deprecated. Use the value in WebAttributes directly.
See Also:
Constant Field Values

logger

protected static final org.apache.commons.logging.Log logger
Constructor Detail

AccessDeniedHandlerImpl

public AccessDeniedHandlerImpl()
Method Detail

handle

public void handle(javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response,
                   AccessDeniedException accessDeniedException)
            throws java.io.IOException,
                   javax.servlet.ServletException
Description copied from interface: AccessDeniedHandler
Handles an access denied failure.

Specified by:
handle in interface AccessDeniedHandler
Parameters:
request - that resulted in an AccessDeniedException
response - so that the user agent can be advised of the failure
accessDeniedException - that caused the invocation
Throws:
java.io.IOException - in the event of an IOException
javax.servlet.ServletException - in the event of a ServletException

setErrorPage

public void setErrorPage(java.lang.String errorPage)
The error page to use. Must begin with a "/" and is interpreted relative to the current context root.

Parameters:
errorPage - the dispatcher path to display
Throws:
java.lang.IllegalArgumentException - if the argument doesn't comply with the above limitations