Class AccessDeniedHandlerImpl

All Implemented Interfaces:

public class AccessDeniedHandlerImpl extends Object implements AccessDeniedHandler
Base implementation of AccessDeniedHandler.

This implementation sends a 403 (SC_FORBIDDEN) HTTP error code. In addition, if an errorPage is defined, the implementation will perform a request dispatcher "forward" to the specified error page view. Being a "forward", the SecurityContextHolder will remain populated. This is of benefit if the view (or a tag library or macro) wishes to access the SecurityContextHolder. The request scope will also be populated with the exception itself, available from the key WebAttributes.ACCESS_DENIED_403.

  • Field Details

    • logger

      protected static final org.apache.commons.logging.Log logger
  • Constructor Details

    • AccessDeniedHandlerImpl

      public AccessDeniedHandlerImpl()
  • Method Details

    • handle

      public void handle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, jakarta.servlet.ServletException
      Description copied from interface: AccessDeniedHandler
      Handles an access denied failure.
      Specified by:
      handle in interface AccessDeniedHandler
      request - that resulted in an AccessDeniedException
      response - so that the user agent can be advised of the failure
      accessDeniedException - that caused the invocation
      IOException - in the event of an IOException
      jakarta.servlet.ServletException - in the event of a ServletException
    • setErrorPage

      public void setErrorPage(String errorPage)
      The error page to use. Must begin with a "/" and is interpreted relative to the current context root.
      errorPage - the dispatcher path to display
      IllegalArgumentException - if the argument doesn't comply with the above limitations