Search in sources :

Example 1 with InvalidSessionAccessDeniedHandler

use of org.springframework.security.web.session.InvalidSessionAccessDeniedHandler in project spring-security by spring-projects.

the class CsrfConfigurer method createAccessDeniedHandler.

/**
	 * Creates the {@link AccessDeniedHandler} from the result of
	 * {@link #getDefaultAccessDeniedHandler(HttpSecurityBuilder)} and
	 * {@link #getInvalidSessionStrategy(HttpSecurityBuilder)}. If
	 * {@link #getInvalidSessionStrategy(HttpSecurityBuilder)} is non-null, then a
	 * {@link DelegatingAccessDeniedHandler} is used in combination with
	 * {@link InvalidSessionAccessDeniedHandler} and the
	 * {@link #getDefaultAccessDeniedHandler(HttpSecurityBuilder)}. Otherwise, only
	 * {@link #getDefaultAccessDeniedHandler(HttpSecurityBuilder)} is used.
	 *
	 * @param http the {@link HttpSecurityBuilder}
	 * @return the {@link AccessDeniedHandler}
	 */
private AccessDeniedHandler createAccessDeniedHandler(H http) {
    InvalidSessionStrategy invalidSessionStrategy = getInvalidSessionStrategy(http);
    AccessDeniedHandler defaultAccessDeniedHandler = getDefaultAccessDeniedHandler(http);
    if (invalidSessionStrategy == null) {
        return defaultAccessDeniedHandler;
    }
    InvalidSessionAccessDeniedHandler invalidSessionDeniedHandler = new InvalidSessionAccessDeniedHandler(invalidSessionStrategy);
    LinkedHashMap<Class<? extends AccessDeniedException>, AccessDeniedHandler> handlers = new LinkedHashMap<Class<? extends AccessDeniedException>, AccessDeniedHandler>();
    handlers.put(MissingCsrfTokenException.class, invalidSessionDeniedHandler);
    return new DelegatingAccessDeniedHandler(handlers, defaultAccessDeniedHandler);
}
Also used : AccessDeniedException(org.springframework.security.access.AccessDeniedException) InvalidSessionAccessDeniedHandler(org.springframework.security.web.session.InvalidSessionAccessDeniedHandler) DelegatingAccessDeniedHandler(org.springframework.security.web.access.DelegatingAccessDeniedHandler) InvalidSessionAccessDeniedHandler(org.springframework.security.web.session.InvalidSessionAccessDeniedHandler) AccessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler) DelegatingAccessDeniedHandler(org.springframework.security.web.access.DelegatingAccessDeniedHandler) InvalidSessionStrategy(org.springframework.security.web.session.InvalidSessionStrategy) LinkedHashMap(java.util.LinkedHashMap)

Aggregations

LinkedHashMap (java.util.LinkedHashMap)1 AccessDeniedException (org.springframework.security.access.AccessDeniedException)1 AccessDeniedHandler (org.springframework.security.web.access.AccessDeniedHandler)1 DelegatingAccessDeniedHandler (org.springframework.security.web.access.DelegatingAccessDeniedHandler)1 InvalidSessionAccessDeniedHandler (org.springframework.security.web.session.InvalidSessionAccessDeniedHandler)1 InvalidSessionStrategy (org.springframework.security.web.session.InvalidSessionStrategy)1