Package org.springframework.security.web.access

Class DelegatingMissingAuthorityAccessDeniedHandler

java.lang.Object

org.springframework.security.web.access.DelegatingMissingAuthorityAccessDeniedHandler

All Implemented Interfaces:

AccessDeniedHandler

public final class DelegatingMissingAuthorityAccessDeniedHandler
extends Object
implements AccessDeniedHandler

An AccessDeniedHandler that adapts AuthenticationEntryPoints based on missing GrantedAuthoritys. These authorities are specified in an AuthorityAuthorizationDecision inside an AuthorizationDeniedException.

This is helpful in adaptive authentication scenarios where an AuthorizationManager indicates additional authorities needed to access a given resource.

For example, if an AuthorizationManager states that to access the home page, the user needs the FACTOR_OTT authority, then this handler can be configured in the following way to redirect to the one-time-token login page:

AccessDeniedHandler handler = DelegatingMissingAuthorityAccessDeniedHandler.builder() .addEntryPointFor(new LoginUrlAuthenticationEntryPoint("/login"), GrantedAuthorities.FACTOR_OTT_AUTHORITY) .addEntryPointFor(new MyCustomEntryPoint(), GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY) .build();

Since:

7.0

See Also:

• AuthorizationDeniedException
• AuthorityAuthorizationDecision
• org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	DelegatingMissingAuthorityAccessDeniedHandler.Builder	A builder for configuring the set of authority/entry-point pairs

Method Summary

Modifier and Type	Method	Description
static DelegatingMissingAuthorityAccessDeniedHandler.Builder	builder()
void	handle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.access.AccessDeniedException denied)	Handles an access denied failure.
void	setDefaultAccessDeniedHandler(AccessDeniedHandler defaultAccessDeniedHandler)	Use this AccessDeniedHandler for AccessDeniedExceptions that this handler doesn't support.
void	setRequestCache(RequestCache requestCache)	Use this RequestCache to remember the current request.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

handle

public void handle(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response,
 org.springframework.security.access.AccessDeniedException denied)
            throws IOException,
jakarta.servlet.ServletException

Description copied from interface: AccessDeniedHandler

Handles an access denied failure.

Specified by:

handle in interface AccessDeniedHandler

Parameters:

request - that resulted in an AccessDeniedException

response - so that the user agent can be advised of the failure

denied - that caused the invocation

Throws:

IOException - in the event of an IOException

jakarta.servlet.ServletException - in the event of a ServletException

setDefaultAccessDeniedHandler

public void setDefaultAccessDeniedHandler(AccessDeniedHandler defaultAccessDeniedHandler)

Use this AccessDeniedHandler for AccessDeniedExceptions that this handler doesn't support. By default, this uses AccessDeniedHandlerImpl.

Parameters:

defaultAccessDeniedHandler - the default AccessDeniedHandler to use

setRequestCache

public void setRequestCache(RequestCache requestCache)

Use this RequestCache to remember the current request.

Uses NullRequestCache by default

Parameters:

requestCache - the RequestCache to use

builder

public static DelegatingMissingAuthorityAccessDeniedHandler.Builder builder()