Class AccessDeniedHandlerImpl

  • All Implemented Interfaces:

    public class AccessDeniedHandlerImpl
    extends java.lang.Object
    implements AccessDeniedHandler
    Base implementation of AccessDeniedHandler.

    This implementation sends a 403 (SC_FORBIDDEN) HTTP error code. In addition, if an errorPage is defined, the implementation will perform a request dispatcher "forward" to the specified error page view. Being a "forward", the SecurityContextHolder will remain populated. This is of benefit if the view (or a tag library or macro) wishes to access the SecurityContextHolder. The request scope will also be populated with the exception itself, available from the key WebAttributes.ACCESS_DENIED_403.

    • Field Summary

      Modifier and Type Field Description
      protected static org.apache.commons.logging.Log logger  
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void handle​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AccessDeniedException accessDeniedException)
      Handles an access denied failure.
      void setErrorPage​(java.lang.String errorPage)
      The error page to use.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • logger

        protected static final org.apache.commons.logging.Log logger
    • Constructor Detail

      • AccessDeniedHandlerImpl

        public AccessDeniedHandlerImpl()
    • Method Detail

      • handle

        public void handle​(javax.servlet.http.HttpServletRequest request,
                           javax.servlet.http.HttpServletResponse response,
                           AccessDeniedException accessDeniedException)
        Description copied from interface: AccessDeniedHandler
        Handles an access denied failure.
        Specified by:
        handle in interface AccessDeniedHandler
        request - that resulted in an AccessDeniedException
        response - so that the user agent can be advised of the failure
        accessDeniedException - that caused the invocation
        Throws: - in the event of an IOException
        javax.servlet.ServletException - in the event of a ServletException
      • setErrorPage

        public void setErrorPage​(java.lang.String errorPage)
        The error page to use. Must begin with a "/" and is interpreted relative to the current context root.
        errorPage - the dispatcher path to display
        java.lang.IllegalArgumentException - if the argument doesn't comply with the above limitations