Class SecurityExceptionProcessor
java.lang.Object
org.craftercms.security.processors.impl.SecurityExceptionProcessor
- All Implemented Interfaces:
RequestSecurityProcessor
Handles certain security exceptions:
- If it's an
AuthenticationRequiredException, theAuthenticationRequiredHandleris used. - If it's an
AccessDeniedException, and the user is anonymous, theAuthenticationRequiredHandleris used. If not, theAccessDeniedHandleris used.
- Author:
- Alfonso Vásquez
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected AccessDeniedHandlerprotected AuthenticationRequiredHandlerstatic final org.slf4j.Logger -
Constructor Summary
ConstructorsConstructorDescriptionSecurityExceptionProcessor(AuthenticationRequiredHandler authenticationRequiredHandler, AccessDeniedHandler accessDeniedHandler) -
Method Summary
Modifier and TypeMethodDescriptionfindSecurityException(Exception topException) protected voidhandleAccessDeniedException(org.craftercms.commons.http.RequestContext context, AccessDeniedException e) Handles the specifiedAccessDeniedException, by calling theAccessDeniedHandler.protected voidhandleAuthenticationRequiredException(org.craftercms.commons.http.RequestContext context, AuthenticationRequiredException e) protected voidhandleSecurityProviderException(SecurityProviderException e, org.craftercms.commons.http.RequestContext context) voidprocessRequest(org.craftercms.commons.http.RequestContext context, RequestSecurityProcessorChain processorChain) Catches any exception thrown by the processor chain.
-
Field Details
-
logger
public static final org.slf4j.Logger logger -
authenticationRequiredHandler
-
accessDeniedHandler
-
-
Constructor Details
-
SecurityExceptionProcessor
public SecurityExceptionProcessor(AuthenticationRequiredHandler authenticationRequiredHandler, AccessDeniedHandler accessDeniedHandler)
-
-
Method Details
-
processRequest
public void processRequest(org.craftercms.commons.http.RequestContext context, RequestSecurityProcessorChain processorChain) throws Exception Catches any exception thrown by the processor chain. If the exception is an instance of aSecurityProviderException, the exception is handled to see if authentication is required (AuthenticationRequiredException), or if access to the resource is denied (AccessDeniedException).- Specified by:
processRequestin interfaceRequestSecurityProcessor- Parameters:
context- the context which holds the current request and responseprocessorChain- the processor chain, used to call the next processor- Throws:
Exception
-
findSecurityException
-
handleSecurityProviderException
protected void handleSecurityProviderException(SecurityProviderException e, org.craftercms.commons.http.RequestContext context) throws SecurityProviderException, IOException - Throws:
SecurityProviderExceptionIOException
-
handleAuthenticationRequiredException
protected void handleAuthenticationRequiredException(org.craftercms.commons.http.RequestContext context, AuthenticationRequiredException e) throws SecurityProviderException, IOException - Throws:
SecurityProviderExceptionIOException
-
handleAccessDeniedException
protected void handleAccessDeniedException(org.craftercms.commons.http.RequestContext context, AccessDeniedException e) throws SecurityProviderException, IOException Handles the specifiedAccessDeniedException, by calling theAccessDeniedHandler.- Throws:
SecurityProviderExceptionIOException
-