ExceptionHandlingConfigurer (Spring Security 3.2.0.RC1 API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.config.annotation.web.configurers
Class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>>

java.lang.Object
  org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
      org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer<H>

All Implemented Interfaces:: SecurityConfigurer<DefaultSecurityFilterChain,H>

public final class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>>
extends SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
extends SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>

Adds exception handling for Spring Security related exceptions to an application. All properties have reasonable defaults, so no additional configuration is required other than applying this SecurityConfigurer.

Security Filters

The following Filters are populated

ExceptionTranslationFilter

Shared Objects Created

No shared objects are created.

Shared Objects Used

The following shared objects are used:

If no explicit RequestCache, is provided a RequestCache shared object is used to replay the request after authentication is successful
AuthenticationEntryPoint - see authenticationEntryPoint(AuthenticationEntryPoint)

Since:: 3.2

Constructor Summary
`ExceptionHandlingConfigurer()` Creates a new instance

Method Summary
`ExceptionHandlingConfigurer<H>`	`accessDeniedHandler(AccessDeniedHandler accessDeniedHandler)` Specifies the `AccessDeniedHandler` to be used
`ExceptionHandlingConfigurer<H>`	`accessDeniedPage(String accessDeniedUrl)` Shortcut to specify the `AccessDeniedHandler` to be used is a specific error page
`ExceptionHandlingConfigurer<H>`	`authenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)` Sets the `AuthenticationEntryPoint` to be used.
`void`	`configure(H http)` Configure the `SecurityBuilder` by setting the necessary properties on the `SecurityBuilder`.
`ExceptionHandlingConfigurer<H>`	`defaultAuthenticationEntryPointFor(AuthenticationEntryPoint entryPoint, RequestMatcher preferredMatcher)` Sets a default `AuthenticationEntryPoint` to be used which prefers being invoked for the provided `RequestMatcher`.
`B`	`disable()` Disables the `AbstractHttpConfigurer` by removing it.
`T`	`withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)`

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
`addObjectPostProcessor, and, getBuilder, init, postProcess, setBuilder`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

ExceptionHandlingConfigurer

public ExceptionHandlingConfigurer()

Creates a new instance

See Also:: HttpSecurity.exceptionHandling()

Method Detail

accessDeniedPage

public ExceptionHandlingConfigurer<H> accessDeniedPage(String accessDeniedUrl)

Shortcut to specify the AccessDeniedHandler to be used is a specific error page

Parameters:: accessDeniedUrl - the URL to the access denied page (i.e. /errors/401)
Returns:: the ExceptionHandlingConfigurer for further customization
See Also:: AccessDeniedHandlerImpl, #accessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler)}

accessDeniedHandler

public ExceptionHandlingConfigurer<H> accessDeniedHandler(AccessDeniedHandler accessDeniedHandler)

Specifies the AccessDeniedHandler to be used

Parameters:: accessDeniedHandler - the AccessDeniedHandler to be used
Returns:: the ExceptionHandlingConfigurer for further customization

authenticationEntryPoint

public ExceptionHandlingConfigurer<H> authenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)

Sets the AuthenticationEntryPoint to be used.

If no authenticationEntryPoint(AuthenticationEntryPoint) is specified, then defaultAuthenticationEntryPointFor(AuthenticationEntryPoint, RequestMatcher) will be used. The first AuthenticationEntryPoint will be used as the default is no matches were found.

If that is not provided defaults to Http403ForbiddenEntryPoint.

Parameters:: authenticationEntryPoint - the AuthenticationEntryPoint to use
Returns:: the ExceptionHandlingConfigurer for further customizations

defaultAuthenticationEntryPointFor

public ExceptionHandlingConfigurer<H> defaultAuthenticationEntryPointFor(AuthenticationEntryPoint entryPoint,
                                                                         RequestMatcher preferredMatcher)

Sets a default AuthenticationEntryPoint to be used which prefers being invoked for the provided RequestMatcher. If only a single default AuthenticationEntryPoint is specified, it will be what is used for the default AuthenticationEntryPoint. If multiple default AuthenticationEntryPoint instances are configured, then a DelegatingAuthenticationEntryPoint will be used.

Parameters:: entryPoint - the AuthenticationEntryPoint to use; preferredMatcher - the RequestMatcher for this default AuthenticationEntryPoint
Returns:: the ExceptionHandlingConfigurer for further customizations

configure

public void configure(H http)
               throws Exception

Description copied from interface: SecurityConfigurer

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

Specified by:: configure in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
Overrides:: configure in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Throws:: Exception

disable

public B disable()

Disables the AbstractHttpConfigurer by removing it. After doing so a fresh version of the configuration can be applied.

Returns:: the HttpSecurityBuilder for additional customizations

withObjectPostProcessor

public T withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)