org.acegisecurity.ui
Class AccessDeniedHandlerImpl

java.lang.Object
  extended by org.acegisecurity.ui.AccessDeniedHandlerImpl
All Implemented Interfaces:
AccessDeniedHandler

public class AccessDeniedHandlerImpl
extends Object
implements AccessDeniedHandler

Base implementation of AccessDeniedHandler.

This implementation sends a 403 (SC_FORBIDDEN) HTTP error code. In addition, if a errorPage is defined, the implementation will perform a request dispatcher "forward" to the specified error page view. Being a "forward", the SecurityContextHolder will remain populated. This is of benefit if the view (or a tag library or macro) wishes to access the SecurityContextHolder. The request scope will also be populated with the exception itself, available from the key ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY.

Version:
$Id: AccessDeniedHandlerImpl.java 1784 2007-02-24 21:00:24Z luke_t $
Author:
Ben Alex

Field Summary
static String ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY
           
protected static org.apache.commons.logging.Log logger
           
 
Constructor Summary
AccessDeniedHandlerImpl()
           
 
Method Summary
 void handle(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, AccessDeniedException accessDeniedException)
          Handles an access denied failure.
 void setErrorPage(String errorPage)
          The error page to use.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY

public static final String ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY
See Also:
Constant Field Values

logger

protected static final org.apache.commons.logging.Log logger
Constructor Detail

AccessDeniedHandlerImpl

public AccessDeniedHandlerImpl()
Method Detail

handle

public void handle(javax.servlet.ServletRequest request,
                   javax.servlet.ServletResponse response,
                   AccessDeniedException accessDeniedException)
            throws IOException,
                   javax.servlet.ServletException
Description copied from interface: AccessDeniedHandler
Handles an access denied failure.

Specified by:
handle in interface AccessDeniedHandler
Parameters:
request - that resulted in an AccessDeniedException
response - so that the user agent can be advised of the failure
accessDeniedException - that caused the invocation
Throws:
IOException - in the event of an IOException
javax.servlet.ServletException - in the event of a ServletException

setErrorPage

public void setErrorPage(String errorPage)
The error page to use. Must begin with a "/" and is interpreted relative to the current context root.

Parameters:
errorPage - the dispatcher path to display
Throws:
IllegalArgumentException - if the argument doesn't comply with the above limitations


Copyright © 2004-2012 Interface21, Inc. All Rights Reserved.