Package org.springframework.security.web.access

Class AccessDeniedHandlerImpl

  • All Implemented Interfaces:
    AccessDeniedHandler
    public class AccessDeniedHandlerImpl
extends java.lang.Object
implements AccessDeniedHandler
    Base implementation of AccessDeniedHandler.

    This implementation sends a 403 (SC_FORBIDDEN) HTTP error code. In addition, if an errorPage is defined, the implementation will perform a request dispatcher "forward" to the specified error page view. Being a "forward", the SecurityContextHolder will remain populated. This is of benefit if the view (or a tag library or macro) wishes to access the SecurityContextHolder. The request scope will also be populated with the exception itself, available from the key WebAttributes.ACCESS_DENIED_403.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected static org.apache.commons.logging.Log logger  

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void handle​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AccessDeniedException accessDeniedException)
      Handles an access denied failure.
      void setErrorPage​(java.lang.String errorPage)
      The error page to use.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • logger

        protected static final org.apache.commons.logging.Log logger

    • Constructor Detail

      • AccessDeniedHandlerImpl

        public AccessDeniedHandlerImpl()

    • Method Detail

      • handle

        public void handle​(javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response,
                   AccessDeniedException accessDeniedException)
            throws java.io.IOException,
                   javax.servlet.ServletException
        Description copied from interface: AccessDeniedHandler
        Handles an access denied failure.
        Specified by:
        handle in interface AccessDeniedHandler
        Parameters:
        request - that resulted in an AccessDeniedException
        response - so that the user agent can be advised of the failure
        accessDeniedException - that caused the invocation
        Throws:
        java.io.IOException - in the event of an IOException
        javax.servlet.ServletException - in the event of a ServletException

      • setErrorPage

        public void setErrorPage​(java.lang.String errorPage)
        The error page to use. Must begin with a "/" and is interpreted relative to the current context root.
        Parameters:
        errorPage - the dispatcher path to display
        Throws:
        java.lang.IllegalArgumentException - if the argument doesn't comply with the above limitations