Package org.springframework.security.web.access

Class AccessDeniedHandlerImpl

java.lang.Object

org.springframework.security.web.access.AccessDeniedHandlerImpl

All Implemented Interfaces:

AccessDeniedHandler

public class AccessDeniedHandlerImpl
extends Object
implements AccessDeniedHandler

Base implementation of AccessDeniedHandler.

This implementation sends a 403 (SC_FORBIDDEN) HTTP error code. In addition, if an errorPage is defined, the implementation will perform a request dispatcher "forward" to the specified error page view. Being a "forward", the SecurityContextHolder will remain populated. This is of benefit if the view (or a tag library or macro) wishes to access the SecurityContextHolder. The request scope will also be populated with the exception itself, available from the key WebAttributes.ACCESS_DENIED_403.

Field Summary

Fields

Modifier and Type	Field	Description
protected static final org.apache.commons.logging.Log	logger

Constructor Summary

Constructors

Constructor	Description
AccessDeniedHandlerImpl()

Method Summary

Modifier and Type	Method	Description
void	handle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, AccessDeniedException accessDeniedException)	Handles an access denied failure.
void	setErrorPage(String errorPage)	The error page to use.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

logger

protected static final org.apache.commons.logging.Log logger

Constructor Details

AccessDeniedHandlerImpl

public AccessDeniedHandlerImpl()

Method Details

handle

public void handle(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response,
 AccessDeniedException accessDeniedException)
            throws IOException,
jakarta.servlet.ServletException

Description copied from interface: AccessDeniedHandler

Handles an access denied failure.

Specified by:

handle in interface AccessDeniedHandler

Parameters:

request - that resulted in an AccessDeniedException

response - so that the user agent can be advised of the failure

accessDeniedException - that caused the invocation

Throws:

IOException - in the event of an IOException

jakarta.servlet.ServletException - in the event of a ServletException

setErrorPage

public void setErrorPage(String errorPage)

The error page to use. Must begin with a "/" and is interpreted relative to the current context root.

Parameters:

errorPage - the dispatcher path to display

Throws:

IllegalArgumentException - if the argument doesn't comply with the above limitations