Class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>>
- java.lang.Object
-
- org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
-
- org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<ExceptionHandlingConfigurer<H>,H>
-
- org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer<H>
-
- All Implemented Interfaces:
SecurityConfigurer<DefaultSecurityFilterChain,H>
public final class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractHttpConfigurer<ExceptionHandlingConfigurer<H>,H>
Adds exception handling for Spring Security related exceptions to an application. All properties have reasonable defaults, so no additional configuration is required other than applying thisSecurityConfigurer
.Security Filters
The following Filters are populatedShared Objects Created
No shared objects are created.Shared Objects Used
The following shared objects are used:- If no explicit
RequestCache
, is provided aRequestCache
shared object is used to replay the request after authentication is successful AuthenticationEntryPoint
- seeauthenticationEntryPoint(AuthenticationEntryPoint)
- Since:
- 3.2
-
-
Constructor Summary
Constructors Constructor Description ExceptionHandlingConfigurer()
Creates a new instance
-
Method Summary
-
Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, withObjectPostProcessor
-
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, init, postProcess, setBuilder
-
-
-
-
Constructor Detail
-
ExceptionHandlingConfigurer
public ExceptionHandlingConfigurer()
Creates a new instance- See Also:
HttpSecurity.exceptionHandling()
-
-
Method Detail
-
accessDeniedPage
public ExceptionHandlingConfigurer<H> accessDeniedPage(java.lang.String accessDeniedUrl)
Shortcut to specify theAccessDeniedHandler
to be used is a specific error page- Parameters:
accessDeniedUrl
- the URL to the access denied page (i.e. /errors/401)- Returns:
- the
ExceptionHandlingConfigurer
for further customization - See Also:
AccessDeniedHandlerImpl
,accessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler)
-
accessDeniedHandler
public ExceptionHandlingConfigurer<H> accessDeniedHandler(AccessDeniedHandler accessDeniedHandler)
Specifies theAccessDeniedHandler
to be used- Parameters:
accessDeniedHandler
- theAccessDeniedHandler
to be used- Returns:
- the
ExceptionHandlingConfigurer
for further customization
-
defaultAccessDeniedHandlerFor
public ExceptionHandlingConfigurer<H> defaultAccessDeniedHandlerFor(AccessDeniedHandler deniedHandler, RequestMatcher preferredMatcher)
Sets a defaultAccessDeniedHandler
to be used which prefers being invoked for the providedRequestMatcher
. If only a single defaultAccessDeniedHandler
is specified, it will be what is used for the defaultAccessDeniedHandler
. If multiple defaultAccessDeniedHandler
instances are configured, then aRequestMatcherDelegatingAccessDeniedHandler
will be used.- Parameters:
deniedHandler
- theAccessDeniedHandler
to usepreferredMatcher
- theRequestMatcher
for this defaultAccessDeniedHandler
- Returns:
- the
ExceptionHandlingConfigurer
for further customizations - Since:
- 5.1
-
authenticationEntryPoint
public ExceptionHandlingConfigurer<H> authenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
Sets theAuthenticationEntryPoint
to be used.If no
authenticationEntryPoint(AuthenticationEntryPoint)
is specified, thendefaultAuthenticationEntryPointFor(AuthenticationEntryPoint, RequestMatcher)
will be used. The firstAuthenticationEntryPoint
will be used as the default if no matches were found.If that is not provided defaults to
Http403ForbiddenEntryPoint
.- Parameters:
authenticationEntryPoint
- theAuthenticationEntryPoint
to use- Returns:
- the
ExceptionHandlingConfigurer
for further customizations
-
defaultAuthenticationEntryPointFor
public ExceptionHandlingConfigurer<H> defaultAuthenticationEntryPointFor(AuthenticationEntryPoint entryPoint, RequestMatcher preferredMatcher)
Sets a defaultAuthenticationEntryPoint
to be used which prefers being invoked for the providedRequestMatcher
. If only a single defaultAuthenticationEntryPoint
is specified, it will be what is used for the defaultAuthenticationEntryPoint
. If multiple defaultAuthenticationEntryPoint
instances are configured, then aDelegatingAuthenticationEntryPoint
will be used.- Parameters:
entryPoint
- theAuthenticationEntryPoint
to usepreferredMatcher
- theRequestMatcher
for this defaultAuthenticationEntryPoint
- Returns:
- the
ExceptionHandlingConfigurer
for further customizations
-
configure
public void configure(H http)
Description copied from interface:SecurityConfigurer
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.- Specified by:
configure
in interfaceSecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
- Overrides:
configure
in classSecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
-
-