public class

AccessDeniedHandlerImpl

extends Object
implements AccessDeniedHandler
java.lang.Object
   ↳ org.springframework.security.web.access.AccessDeniedHandlerImpl

Class Overview

Base implementation of AccessDeniedHandler.

This implementation sends a 403 (SC_FORBIDDEN) HTTP error code. In addition, if an #errorPage is defined, the implementation will perform a request dispatcher "forward" to the specified error page view. Being a "forward", the SecurityContextHolder will remain populated. This is of benefit if the view (or a tag library or macro) wishes to access the SecurityContextHolder. The request scope will also be populated with the exception itself, available from the key ACCESS_DENIED_403.

Summary

Fields
protected static final Log logger
Public Constructors
AccessDeniedHandlerImpl()
Public Methods
void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException)
Handles an access denied failure.
void setErrorPage(String errorPage)
The error page to use.
[Expand]
Inherited Methods
From class java.lang.Object
From interface org.springframework.security.web.access.AccessDeniedHandler

Fields

protected static final Log logger

Public Constructors

public AccessDeniedHandlerImpl ()

Public Methods

public void handle (HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException)

Handles an access denied failure.

Parameters
request that resulted in an AccessDeniedException
response so that the user agent can be advised of the failure
accessDeniedException that caused the invocation
Throws
IOException
ServletException

public void setErrorPage (String errorPage)

The error page to use. Must begin with a "/" and is interpreted relative to the current context root.

Parameters
errorPage the dispatcher path to display
Throws
IllegalArgumentException if the argument doesn't comply with the above limitations