org.springframework.security.web.access
Class AccessDeniedHandlerImpl

java.lang.Object
  extended by org.springframework.security.web.access.AccessDeniedHandlerImpl
All Implemented Interfaces:
AccessDeniedHandler

public class AccessDeniedHandlerImpl
extends Object
implements AccessDeniedHandler

Base implementation of AccessDeniedHandler.

This implementation sends a 403 (SC_FORBIDDEN) HTTP error code. In addition, if an errorPage is defined, the implementation will perform a request dispatcher "forward" to the specified error page view. Being a "forward", the SecurityContextHolder will remain populated. This is of benefit if the view (or a tag library or macro) wishes to access the SecurityContextHolder. The request scope will also be populated with the exception itself, available from the key WebAttributes.ACCESS_DENIED_403.


Field Summary
protected static org.apache.commons.logging.Log logger
           
 
Constructor Summary
AccessDeniedHandlerImpl()
           
 
Method Summary
 void handle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AccessDeniedException accessDeniedException)
          Handles an access denied failure.
 void setErrorPage(String errorPage)
          The error page to use.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

logger

protected static final org.apache.commons.logging.Log logger
Constructor Detail

AccessDeniedHandlerImpl

public AccessDeniedHandlerImpl()
Method Detail

handle

public void handle(javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response,
                   AccessDeniedException accessDeniedException)
            throws IOException,
                   javax.servlet.ServletException
Description copied from interface: AccessDeniedHandler
Handles an access denied failure.

Specified by:
handle in interface AccessDeniedHandler
Parameters:
request - that resulted in an AccessDeniedException
response - so that the user agent can be advised of the failure
accessDeniedException - that caused the invocation
Throws:
IOException - in the event of an IOException
javax.servlet.ServletException - in the event of a ServletException

setErrorPage

public void setErrorPage(String errorPage)
The error page to use. Must begin with a "/" and is interpreted relative to the current context root.

Parameters:
errorPage - the dispatcher path to display
Throws:
IllegalArgumentException - if the argument doesn't comply with the above limitations