public class AccessDeniedHandlerImpl extends Object implements AccessDeniedHandler
AccessDeniedHandler
.
This implementation sends a 403 (SC_FORBIDDEN) HTTP error code. In addition, if an
errorPage
is defined, the implementation will perform a request dispatcher
"forward" to the specified error page view. Being a "forward", the
SecurityContextHolder
will remain populated. This is of benefit if the
view (or a tag library or macro) wishes to access the
SecurityContextHolder
. The request scope will also be populated with the
exception itself, available from the key WebAttributes.ACCESS_DENIED_403
.
Modifier and Type | Field and Description |
---|---|
protected static org.apache.commons.logging.Log |
logger |
Constructor and Description |
---|
AccessDeniedHandlerImpl() |
Modifier and Type | Method and Description |
---|---|
void |
handle(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AccessDeniedException accessDeniedException)
Handles an access denied failure.
|
void |
setErrorPage(String errorPage)
The error page to use.
|
public void handle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, javax.servlet.ServletException
AccessDeniedHandler
handle
in interface AccessDeniedHandler
request
- that resulted in an AccessDeniedException
response
- so that the user agent can be advised of the failureaccessDeniedException
- that caused the invocationIOException
- in the event of an IOExceptionjavax.servlet.ServletException
- in the event of a ServletExceptionpublic void setErrorPage(String errorPage)
errorPage
- the dispatcher path to displayIllegalArgumentException
- if the argument doesn't comply with the above
limitations