Example 1 with AccessDeniedHandlerImpl
use of org.springframework.security.web.access.AccessDeniedHandlerImpl in project spring-security by spring-projects.
the class CsrfConfigurer method getDefaultAccessDeniedHandler.
/**
* Gets the default {@link AccessDeniedHandler} from the
* {@link ExceptionHandlingConfigurer#getAccessDeniedHandler(HttpSecurityBuilder)} or
* create a {@link AccessDeniedHandlerImpl} if not available.
* @param http the {@link HttpSecurityBuilder}
* @return the {@link AccessDeniedHandler}
*/
@SuppressWarnings("unchecked")
private AccessDeniedHandler getDefaultAccessDeniedHandler(H http) {
ExceptionHandlingConfigurer<H> exceptionConfig = http.getConfigurer(ExceptionHandlingConfigurer.class);
AccessDeniedHandler handler = null;
if (exceptionConfig != null) {
handler = exceptionConfig.getAccessDeniedHandler(http);
}
if (handler == null) {
handler = new AccessDeniedHandlerImpl();
}
return handler;
}
Also used :
AccessDeniedHandlerImpl(org.springframework.security.web.access.AccessDeniedHandlerImpl)
DelegatingAccessDeniedHandler(org.springframework.security.web.access.DelegatingAccessDeniedHandler)
InvalidSessionAccessDeniedHandler(org.springframework.security.web.session.InvalidSessionAccessDeniedHandler)
AccessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler)
Example 2 with AccessDeniedHandlerImpl
use of org.springframework.security.web.access.AccessDeniedHandlerImpl in project midpoint by Evolveum.
the class MidpointExceptionHandlingConfigurer method accessDeniedPage.
public MidpointExceptionHandlingConfigurer<H> accessDeniedPage(String accessDeniedUrl) {
AccessDeniedHandlerImpl accessDeniedHandler = new AccessDeniedHandlerImpl();
accessDeniedHandler.setErrorPage(accessDeniedUrl);
return accessDeniedHandler(accessDeniedHandler);
}
Also used :
AccessDeniedHandlerImpl(org.springframework.security.web.access.AccessDeniedHandlerImpl)
Example 3 with AccessDeniedHandlerImpl
use of org.springframework.security.web.access.AccessDeniedHandlerImpl in project spring-security-oauth by spring-projects.
the class OAuthConsumerBeanDefinitionParser method parse.
public BeanDefinition parse(Element element, ParserContext parserContext) {
BeanDefinitionBuilder consumerContextFilterBean = BeanDefinitionBuilder.rootBeanDefinition(OAuthConsumerContextFilter.class);
String failureHandlerRef = element.getAttribute("failure-handler-ref");
if (StringUtils.hasText(failureHandlerRef)) {
consumerContextFilterBean.addPropertyReference("OAuthFailureHandler", failureHandlerRef);
} else {
String failurePage = element.getAttribute("oauth-failure-page");
if (StringUtils.hasText(failurePage)) {
AccessDeniedHandlerImpl failureHandler = new AccessDeniedHandlerImpl();
failureHandler.setErrorPage(failurePage);
consumerContextFilterBean.addPropertyValue("OAuthFailureHandler", failureHandler);
}
}
String resourceDetailsRef = element.getAttribute("resource-details-service-ref");
String supportRef = element.getAttribute("support-ref");
if (!StringUtils.hasText(supportRef)) {
BeanDefinitionBuilder consumerSupportBean = BeanDefinitionBuilder.rootBeanDefinition(CoreOAuthConsumerSupport.class);
if (StringUtils.hasText(resourceDetailsRef)) {
consumerSupportBean.addPropertyReference("protectedResourceDetailsService", resourceDetailsRef);
}
parserContext.getRegistry().registerBeanDefinition("oauthConsumerSupport", consumerSupportBean.getBeanDefinition());
supportRef = "oauthConsumerSupport";
}
consumerContextFilterBean.addPropertyReference("consumerSupport", supportRef);
String tokenServicesFactoryRef = element.getAttribute("token-services-ref");
if (StringUtils.hasText(tokenServicesFactoryRef)) {
consumerContextFilterBean.addPropertyReference("tokenServices", tokenServicesFactoryRef);
}
String rememberMeServicesRef = element.getAttribute("remember-me-services-ref");
if (StringUtils.hasText(rememberMeServicesRef)) {
consumerContextFilterBean.addPropertyReference("rememberMeServices", rememberMeServicesRef);
}
String redirectStrategyRef = element.getAttribute("redirect-strategy-ref");
if (StringUtils.hasText(redirectStrategyRef)) {
consumerContextFilterBean.addPropertyReference("redirectStrategy", redirectStrategyRef);
}
parserContext.getRegistry().registerBeanDefinition("oauthConsumerContextFilter", consumerContextFilterBean.getBeanDefinition());
List<BeanMetadataElement> filterChain = ConfigUtils.findFilterChain(parserContext, element.getAttribute("filter-chain-ref"));
filterChain.add(filterChain.size(), new RuntimeBeanReference("oauthConsumerContextFilter"));
BeanDefinition fids = ConfigUtils.createSecurityMetadataSource(element, parserContext);
if (fids != null) {
BeanDefinitionBuilder consumerAccessFilterBean = BeanDefinitionBuilder.rootBeanDefinition(OAuthConsumerProcessingFilter.class);
if (StringUtils.hasText(resourceDetailsRef)) {
consumerAccessFilterBean.addPropertyReference("protectedResourceDetailsService", resourceDetailsRef);
}
String requireAuthenticated = element.getAttribute("requireAuthenticated");
if (StringUtils.hasText(requireAuthenticated)) {
consumerAccessFilterBean.addPropertyValue("requireAuthenticated", requireAuthenticated);
}
consumerAccessFilterBean.addPropertyValue("objectDefinitionSource", fids);
parserContext.getRegistry().registerBeanDefinition("oauthConsumerFilter", consumerAccessFilterBean.getBeanDefinition());
filterChain.add(filterChain.size(), new RuntimeBeanReference("oauthConsumerFilter"));
}
return null;
}
Also used :
BeanMetadataElement(org.springframework.beans.BeanMetadataElement)
AccessDeniedHandlerImpl(org.springframework.security.web.access.AccessDeniedHandlerImpl)
BeanDefinitionBuilder(org.springframework.beans.factory.support.BeanDefinitionBuilder)
RuntimeBeanReference(org.springframework.beans.factory.config.RuntimeBeanReference)
BeanDefinition(org.springframework.beans.factory.config.BeanDefinition)
Example 4 with AccessDeniedHandlerImpl
use of org.springframework.security.web.access.AccessDeniedHandlerImpl in project spring-security by spring-projects.
the class ExceptionHandlingConfigurer method accessDeniedPage.
/**
* Shortcut to specify the {@link AccessDeniedHandler} to be used is a specific error
* page
* @param accessDeniedUrl the URL to the access denied page (i.e. /errors/401)
* @return the {@link ExceptionHandlingConfigurer} for further customization
* @see AccessDeniedHandlerImpl
* @see #accessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler)
*/
public ExceptionHandlingConfigurer<H> accessDeniedPage(String accessDeniedUrl) {
AccessDeniedHandlerImpl accessDeniedHandler = new AccessDeniedHandlerImpl();
accessDeniedHandler.setErrorPage(accessDeniedUrl);
return accessDeniedHandler(accessDeniedHandler);
}
Also used :
AccessDeniedHandlerImpl(org.springframework.security.web.access.AccessDeniedHandlerImpl)
Aggregations
AccessDeniedHandlerImpl (org.springframework.security.web.access.AccessDeniedHandlerImpl)4
BeanMetadataElement (org.springframework.beans.BeanMetadataElement)1
BeanDefinition (org.springframework.beans.factory.config.BeanDefinition)1
RuntimeBeanReference (org.springframework.beans.factory.config.RuntimeBeanReference)1
BeanDefinitionBuilder (org.springframework.beans.factory.support.BeanDefinitionBuilder)1
AccessDeniedHandler (org.springframework.security.web.access.AccessDeniedHandler)1
DelegatingAccessDeniedHandler (org.springframework.security.web.access.DelegatingAccessDeniedHandler)1
InvalidSessionAccessDeniedHandler (org.springframework.security.web.session.InvalidSessionAccessDeniedHandler)1
