me.alidg.errors.conf

Class ServletSecurityErrorsAutoConfiguration

java.lang.Object

me.alidg.errors.conf.ServletSecurityErrorsAutoConfiguration

@ConditionalOnWebApplication(type=SERVLET)
 @ConditionalOnClass(name="org.springframework.security.web.access.AccessDeniedHandler")
public class ServletSecurityErrorsAutoConfiguration
extends Object

A servlet specific auto-configuration to register an AccessDeniedHandler and another AuthenticationEntryPoint when the traditional Spring Security is detected. Using these two handlers will make sure that our exception handling mechanism would properly catch and handle all security related exceptions.

Author:

Ali Dehghani

Implementation Note:

In contrast with other handlers that register themselves automatically, in order to use these two handlers, you should register them in your security configuration manually as follows:

 
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

     private final AccessDeniedHandler accessDeniedHandler;
     private final AuthenticationEntryPoint authenticationEntryPoint;

     public SecurityConfig(AccessDeniedHandler accessDeniedHandler, AuthenticationEntryPoint authenticationEntryPoint) {
         this.accessDeniedHandler = accessDeniedHandler;
         this.authenticationEntryPoint = authenticationEntryPoint;
     }

     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http
                 .exceptionHandling()
                     .accessDeniedHandler(accessDeniedHandler)
                     .authenticationEntryPoint(authenticationEntryPoint);
     }
 }
 
 

Constructor Summary

Constructors

Constructor and Description
ServletSecurityErrorsAutoConfiguration()

Method Summary

Modifier and Type	Method and Description
org.springframework.security.web.access.AccessDeniedHandler	accessDeniedHandler() Registers a handler to handle to access denied exceptions.
org.springframework.security.web.AuthenticationEntryPoint	authenticationEntryPoint() Registers a handler to handle all authentication exceptions.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ServletSecurityErrorsAutoConfiguration

public ServletSecurityErrorsAutoConfiguration()

Method Detail

accessDeniedHandler

@Bean
 @ConditionalOnClass(name="org.springframework.security.web.access.AccessDeniedHandler")
public org.springframework.security.web.access.AccessDeniedHandler accessDeniedHandler()

Registers a handler to handle to access denied exceptions.

Returns:

The registered access denied handler.

authenticationEntryPoint

@Bean
 @ConditionalOnClass(name="org.springframework.security.web.AuthenticationEntryPoint")
public org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint()

Registers a handler to handle all authentication exceptions.

Returns:

The registered authentication entry point.