public class AccessDeniedHandlerImpl extends Object implements AccessDeniedHandler
AccessDeniedHandler
.
This implementation sends a 403 (SC_FORBIDDEN) HTTP error code. In addition, if an errorPage
is defined,
the implementation will perform a request dispatcher "forward" to the specified error page view.
Being a "forward", the SecurityContextHolder
will remain
populated. This is of benefit if the view (or a tag library or macro) wishes to access the
SecurityContextHolder
. The request scope will also be populated with the exception itself, available
from the key WebAttributes.ACCESS_DENIED_403
.
Modifier and Type | Field and Description |
---|---|
protected static org.apache.commons.logging.Log |
logger |
Constructor and Description |
---|
AccessDeniedHandlerImpl() |
Modifier and Type | Method and Description |
---|---|
void |
handle(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AccessDeniedException accessDeniedException)
Handles an access denied failure.
|
void |
setErrorPage(String errorPage)
The error page to use.
|
public void handle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, javax.servlet.ServletException
AccessDeniedHandler
handle
in interface AccessDeniedHandler
request
- that resulted in an AccessDeniedException
response
- so that the user agent can be advised of the failureaccessDeniedException
- that caused the invocationIOException
- in the event of an IOExceptionjavax.servlet.ServletException
- in the event of a ServletExceptionpublic void setErrorPage(String errorPage)
errorPage
- the dispatcher path to displayIllegalArgumentException
- if the argument doesn't comply with the above limitations