java.lang.Object
- org.craftercms.security.processors.impl.SecurityExceptionProcessor

All Implemented Interfaces:

RequestSecurityProcessor
```
public class SecurityExceptionProcessor
extends Object
implements RequestSecurityProcessor
```
Handles certain security exceptions:
- If it's an AuthenticationRequiredException, the AuthenticationRequiredHandler is used.
- If it's an AccessDeniedException, and the user is anonymous, the AuthenticationRequiredHandler is used. If not, the AccessDeniedHandler is used.
Author:

Alfonso Vásquez

Field Summary

Fields
Modifier and Type	Field	Description
`protected AccessDeniedHandler`	`accessDeniedHandler`
`protected AuthenticationRequiredHandler`	`authenticationRequiredHandler`
`static org.slf4j.Logger`	`logger`

Constructor Summary

Constructors
Constructor Description

SecurityExceptionProcessor()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`SecurityProviderException`	`findSecurityException(Exception topException)`
`protected void`	`handleAccessDeniedException(org.craftercms.commons.http.RequestContext context, AccessDeniedException e)`	Handles the specified `AccessDeniedException`, by calling the `AccessDeniedHandler`.
`protected void`	`handleAuthenticationRequiredException(org.craftercms.commons.http.RequestContext context, AuthenticationRequiredException e)`
`protected void`	`handleSecurityProviderException(SecurityProviderException e, org.craftercms.commons.http.RequestContext context)`
`void`	`processRequest(org.craftercms.commons.http.RequestContext context, RequestSecurityProcessorChain processorChain)`	Catches any exception thrown by the processor chain.
`void`	`setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler)`	Sets the `AccessDeniedHandler`, to handle any `AccessDeniedException`s thrown.
`void`	`setAuthenticationRequiredHandler(AuthenticationRequiredHandler authenticationRequiredHandler)`	Sets the `AuthenticationRequiredHandler`, to handle any `AuthenticationRequiredException`s thrown.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

public static final org.slf4j.Logger logger

authenticationRequiredHandler

protected AuthenticationRequiredHandler authenticationRequiredHandler

accessDeniedHandler

protected AccessDeniedHandler accessDeniedHandler

Constructor Detail
- SecurityExceptionProcessor
```
public SecurityExceptionProcessor()
```

Method Detail

setAuthenticationRequiredHandler
```
public void setAuthenticationRequiredHandler(AuthenticationRequiredHandler authenticationRequiredHandler)
```
Sets the AuthenticationRequiredHandler, to handle any AuthenticationRequiredExceptions thrown.

setAccessDeniedHandler
```
public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler)
```
Sets the AccessDeniedHandler, to handle any AccessDeniedExceptions thrown.

processRequest
```
public void processRequest(org.craftercms.commons.http.RequestContext context,
                           RequestSecurityProcessorChain processorChain)
                    throws Exception
```
Catches any exception thrown by the processor chain. If the exception is an instance of a SecurityProviderException, the exception is handled to see if authentication is required (AuthenticationRequiredException), or if access to the resource is denied (AccessDeniedException).

Specified by:

processRequest in interface RequestSecurityProcessor

Parameters:

context - the context which holds the current request and response

processorChain - the processor chain, used to call the next processor

Throws:

Exception

findSecurityException

public SecurityProviderException findSecurityException(Exception topException)

handleSecurityProviderException

protected void handleSecurityProviderException(SecurityProviderException e,
                                               org.craftercms.commons.http.RequestContext context)
                                        throws SecurityProviderException,
                                               IOException

Throws:: SecurityProviderException; IOException

handleAuthenticationRequiredException

protected void handleAuthenticationRequiredException(org.craftercms.commons.http.RequestContext context,
                                                     AuthenticationRequiredException e)
                                              throws SecurityProviderException,
                                                     IOException

Throws:: SecurityProviderException; IOException

handleAccessDeniedException

protected void handleAccessDeniedException(org.craftercms.commons.http.RequestContext context,
                                           AccessDeniedException e)
                                    throws SecurityProviderException,
                                           IOException

Handles the specified AccessDeniedException, by calling the AccessDeniedHandler.

Throws:: SecurityProviderException; IOException

Class SecurityExceptionProcessor

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

logger

authenticationRequiredHandler

accessDeniedHandler

Constructor Detail

SecurityExceptionProcessor

Method Detail

setAuthenticationRequiredHandler

setAccessDeniedHandler

processRequest

findSecurityException

handleSecurityProviderException

handleAuthenticationRequiredException

handleAccessDeniedException