org.springframework.security.config.annotation.web.configurers

Class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>>

java.lang.Object

org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>

org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<ExceptionHandlingConfigurer<H>,H>

org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer<H>

All Implemented Interfaces:

SecurityConfigurer<DefaultSecurityFilterChain,H>

public final class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractHttpConfigurer<ExceptionHandlingConfigurer<H>,H>

Adds exception handling for Spring Security related exceptions to an application. All properties have reasonable defaults, so no additional configuration is required other than applying this SecurityConfigurer.

Security Filters

The following Filters are populated

• ExceptionTranslationFilter

Shared Objects Created

No shared objects are created.

Shared Objects Used

The following shared objects are used:

• If no explicit RequestCache, is provided a RequestCache shared object is used to replay the request after authentication is successful
• AuthenticationEntryPoint - see authenticationEntryPoint(AuthenticationEntryPoint)

Since:

3.2

Constructor Summary

Constructors

Constructor and Description
ExceptionHandlingConfigurer() Creates a new instance

Method Summary

Modifier and Type	Method and Description
ExceptionHandlingConfigurer<H>	accessDeniedHandler(AccessDeniedHandler accessDeniedHandler) Specifies the AccessDeniedHandler to be used
ExceptionHandlingConfigurer<H>	accessDeniedPage(String accessDeniedUrl) Shortcut to specify the AccessDeniedHandler to be used is a specific error page
ExceptionHandlingConfigurer<H>	authenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) Sets the AuthenticationEntryPoint to be used.
void	configure(H http) Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
ExceptionHandlingConfigurer<H>	defaultAuthenticationEntryPointFor(AuthenticationEntryPoint entryPoint, RequestMatcher preferredMatcher) Sets a default AuthenticationEntryPoint to be used which prefers being invoked for the provided RequestMatcher.

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer

disable, withObjectPostProcessor

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter

addObjectPostProcessor, and, getBuilder, init, postProcess, setBuilder

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ExceptionHandlingConfigurer

public ExceptionHandlingConfigurer()

Creates a new instance

See Also:

HttpSecurity.exceptionHandling()

Method Detail

accessDeniedPage

public ExceptionHandlingConfigurer<H> accessDeniedPage(String accessDeniedUrl)

Shortcut to specify the AccessDeniedHandler to be used is a specific error page

Parameters:

accessDeniedUrl - the URL to the access denied page (i.e. /errors/401)

Returns:

the ExceptionHandlingConfigurer for further customization

See Also:

AccessDeniedHandlerImpl, accessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler)

accessDeniedHandler

public ExceptionHandlingConfigurer<H> accessDeniedHandler(AccessDeniedHandler accessDeniedHandler)

Specifies the AccessDeniedHandler to be used

Parameters:

accessDeniedHandler - the AccessDeniedHandler to be used

Returns:

the ExceptionHandlingConfigurer for further customization

authenticationEntryPoint

public ExceptionHandlingConfigurer<H> authenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)

Sets the AuthenticationEntryPoint to be used.

If no authenticationEntryPoint(AuthenticationEntryPoint) is specified, then defaultAuthenticationEntryPointFor(AuthenticationEntryPoint, RequestMatcher) will be used. The first AuthenticationEntryPoint will be used as the default is no matches were found.

If that is not provided defaults to Http403ForbiddenEntryPoint.

Parameters:

authenticationEntryPoint - the AuthenticationEntryPoint to use

Returns:

the ExceptionHandlingConfigurer for further customizations

defaultAuthenticationEntryPointFor

public ExceptionHandlingConfigurer<H> defaultAuthenticationEntryPointFor(AuthenticationEntryPoint entryPoint,
                                                                         RequestMatcher preferredMatcher)

Sets a default AuthenticationEntryPoint to be used which prefers being invoked for the provided RequestMatcher. If only a single default AuthenticationEntryPoint is specified, it will be what is used for the default AuthenticationEntryPoint. If multiple default AuthenticationEntryPoint instances are configured, then a DelegatingAuthenticationEntryPoint will be used.

Parameters:

entryPoint - the AuthenticationEntryPoint to use

preferredMatcher - the RequestMatcher for this default AuthenticationEntryPoint

Returns:

the ExceptionHandlingConfigurer for further customizations

configure

public void configure(H http)
               throws Exception

Description copied from interface: SecurityConfigurer

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

Specified by:

configure in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Overrides:

configure in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Throws:

Exception