/** * Shortcut to specify the {@link AccessDeniedHandler} to be used is a specific error * page * * @param accessDeniedUrl the URL to the access denied page (i.e. /errors/401) * @return the {@link ExceptionHandlingConfigurer} for further customization * @see AccessDeniedHandlerImpl * @see #accessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler) */ public ExceptionHandlingConfigurer<H> accessDeniedPage(String accessDeniedUrl) { AccessDeniedHandlerImpl accessDeniedHandler = new AccessDeniedHandlerImpl(); accessDeniedHandler.setErrorPage(accessDeniedUrl); return accessDeniedHandler(accessDeniedHandler); }
public class MyAccessDeniedHandler implements AccessDeniedHandler { private AccessDeniedHandlerImpl accessDeniedHandlerImpl = new AccessDeniedHandlerImpl(); public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException { //Some CSRF related code // Then call accessDeniedHandlerImpl.handle to handle request accessDeniedHandlerImpl.handle(request, response, accessDeniedException); } /** * The error page to use. Must begin with a "/" and is interpreted relative to the current context root. * * @param errorPage the dispatcher path to display * * @throws IllegalArgumentException if the argument doesn't comply with the above limitations * @see AccessDeniedHandlerImpl#setErrorPage(String) */ public void setErrorPage(String errorPage) { // You can set custom error page here accessDeniedHandlerImpl.setErrorPage(errorPage); } }
private AccessDeniedHandler createDefaultDeniedHandler(H http) { if (this.defaultDeniedHandlerMappings.isEmpty()) { return new AccessDeniedHandlerImpl(); } if (this.defaultDeniedHandlerMappings.size() == 1) { return this.defaultDeniedHandlerMappings.values().iterator().next(); } return new RequestMatcherDelegatingAccessDeniedHandler( this.defaultDeniedHandlerMappings, new AccessDeniedHandlerImpl()); }
@Override public void handle(final HttpServletRequest request, final HttpServletResponse response, final AccessDeniedException accessDeniedException) throws IOException, ServletException { response.addHeader(RESTHeaders.ERROR_INFO, accessDeniedException.getMessage()); super.handle(request, response, accessDeniedException); } }
= new AccessDeniedHandlerImpl(); request.setAttribute(REQUIRED_PROVIDERS_REQUEST_ATTRIBUTE_NAME, requiredProviderIds); providerSpecificAccessDeniedHandler.setErrorPage(connectWithProviderUrlPrefix + "/" + requiredProviderIds.iterator().next()); providerSpecificAccessDeniedHandler.handle(request, response, accessDeniedException); = new AccessDeniedHandlerImpl(); defaultAccessDeniedHandler.setErrorPage(defaultAccessDeniedUrl); defaultAccessDeniedHandler.handle(request, response, accessDeniedException); super.handle(request, response, accessDeniedException);
/** * Gets the default {@link AccessDeniedHandler} from the * {@link ExceptionHandlingConfigurer#getAccessDeniedHandler()} or create a * {@link AccessDeniedHandlerImpl} if not available. * * @param http the {@link HttpSecurityBuilder} * @return the {@link AccessDeniedHandler} */ @SuppressWarnings("unchecked") private AccessDeniedHandler getDefaultAccessDeniedHandler(H http) { ExceptionHandlingConfigurer<H> exceptionConfig = http .getConfigurer(ExceptionHandlingConfigurer.class); AccessDeniedHandler handler = null; if (exceptionConfig != null) { handler = exceptionConfig.getAccessDeniedHandler(); } if (handler == null) { handler = new AccessDeniedHandlerImpl(); } return handler; }
@Override public void handle(final HttpServletRequest request, final HttpServletResponse response, final AccessDeniedException accessDeniedException) throws IOException, ServletException { response.addHeader(RESTHeaders.ERROR_INFO, accessDeniedException.getMessage()); super.handle(request, response, accessDeniedException); }
String failurePage = element.getAttribute("oauth-failure-page"); if (StringUtils.hasText(failurePage)) { AccessDeniedHandlerImpl failureHandler = new AccessDeniedHandlerImpl(); failureHandler.setErrorPage(failurePage); consumerContextFilterBean.addPropertyValue("OAuthFailureHandler", failureHandler);
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .authorizeRequests() .anyRequest().denyAll() .and() .exceptionHandling() .defaultAccessDeniedHandlerFor( this.teapotDeniedHandler, new AntPathRequestMatcher("/hello/**")) .defaultAccessDeniedHandlerFor( new AccessDeniedHandlerImpl(), AnyRequestMatcher.INSTANCE); // @formatter:on } }
@Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException { logger.warn("Access denied to IP {}: {}", SessionStorage.IP.get(), accessDeniedException.getMessage()); attemptService.accessFailed(SessionStorage.IP.get()); super.handle(request, response, accessDeniedException); }
ExceptionTranslationFilter filter = new ExceptionTranslationFilter(ep, cache); AccessDeniedHandlerImpl accessDeniedHandler = new AccessDeniedHandlerImpl(); accessDeniedHandler.setErrorPage(authConfig.getAccessDeniedErrorPage()); else LOGGER.warning("Cannot find: " + authConfig.getAccessDeniedErrorPage());
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .authorizeRequests() .anyRequest().denyAll() .and() .exceptionHandling() .defaultAccessDeniedHandlerFor(new AccessDeniedHandlerImpl(), request -> false) .and() .httpBasic() .and() .oauth2ResourceServer() .jwt(); // @formatter:on }
@Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException { if (isRestRequest(request)) { RestUtils.returnStatusResponse(response, HttpServletResponse.SC_FORBIDDEN, accessDeniedException.getMessage()); } else { super.handle(request, response, accessDeniedException); } }
/** * Shortcut to specify the {@link AccessDeniedHandler} to be used is a specific error * page * * @param accessDeniedUrl the URL to the access denied page (i.e. /errors/401) * @return the {@link ExceptionHandlingConfigurer} for further customization * @see AccessDeniedHandlerImpl * @see #accessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler) */ public ExceptionHandlingConfigurer<H> accessDeniedPage(String accessDeniedUrl) { AccessDeniedHandlerImpl accessDeniedHandler = new AccessDeniedHandlerImpl(); accessDeniedHandler.setErrorPage(accessDeniedUrl); return accessDeniedHandler(accessDeniedHandler); }
private AccessDeniedHandler createDefaultDeniedHandler(H http) { if (this.defaultDeniedHandlerMappings.isEmpty()) { return new AccessDeniedHandlerImpl(); } if (this.defaultDeniedHandlerMappings.size() == 1) { return this.defaultDeniedHandlerMappings.values().iterator().next(); } return new RequestMatcherDelegatingAccessDeniedHandler( this.defaultDeniedHandlerMappings, new AccessDeniedHandlerImpl()); }
@Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException { if (isRestRequest(request)) { RestUtils.returnStatusResponse(response, HttpServletResponse.SC_FORBIDDEN, accessDeniedException.getMessage()); } else { super.handle(request, response, accessDeniedException); } }
/** * Shortcut to specify the {@link AccessDeniedHandler} to be used is a specific error page * * @param accessDeniedUrl the URL to the access denied page (i.e. /errors/401) * @return the {@link ExceptionHandlingConfigurer} for further customization * @see AccessDeniedHandlerImpl * @see {@link #accessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler)} */ public ExceptionHandlingConfigurer<H> accessDeniedPage(String accessDeniedUrl) { AccessDeniedHandlerImpl accessDeniedHandler = new AccessDeniedHandlerImpl(); accessDeniedHandler.setErrorPage(accessDeniedUrl); return accessDeniedHandler(accessDeniedHandler); }
/** * Gets the default {@link AccessDeniedHandler} from the * {@link ExceptionHandlingConfigurer#getAccessDeniedHandler()} or create a * {@link AccessDeniedHandlerImpl} if not available. * * @param http the {@link HttpSecurityBuilder} * @return the {@link AccessDeniedHandler} */ @SuppressWarnings("unchecked") private AccessDeniedHandler getDefaultAccessDeniedHandler(H http) { ExceptionHandlingConfigurer<H> exceptionConfig = http .getConfigurer(ExceptionHandlingConfigurer.class); AccessDeniedHandler handler = null; if (exceptionConfig != null) { handler = exceptionConfig.getAccessDeniedHandler(); } if (handler == null) { handler = new AccessDeniedHandlerImpl(); } return handler; }
@Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException { if (isRestRequest(request)) { RestUtils.returnStatusResponse(response, HttpServletResponse.SC_FORBIDDEN, accessDeniedException.getMessage()); } else { super.handle(request, response, accessDeniedException); } }
/** * Shortcut to specify the {@link AccessDeniedHandler} to be used is a specific error * page * * @param accessDeniedUrl the URL to the access denied page (i.e. /errors/401) * @return the {@link ExceptionHandlingConfigurer} for further customization * @see AccessDeniedHandlerImpl * @see #accessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler) */ public ExceptionHandlingConfigurer<H> accessDeniedPage(String accessDeniedUrl) { AccessDeniedHandlerImpl accessDeniedHandler = new AccessDeniedHandlerImpl(); accessDeniedHandler.setErrorPage(accessDeniedUrl); return accessDeniedHandler(accessDeniedHandler); }