Class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>>
java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<ExceptionHandlingConfigurer<H>,H>
org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer<H>
- All Implemented Interfaces:
SecurityConfigurer<DefaultSecurityFilterChain,H>
public final class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractHttpConfigurer<ExceptionHandlingConfigurer<H>,H>
Adds exception handling for Spring Security related exceptions to an application. All
properties have reasonable defaults, so no additional configuration is required other
than applying this
SecurityConfigurer.
Security Filters
The following Filters are populatedShared Objects Created
No shared objects are created.Shared Objects Used
The following shared objects are used:- If no explicit
RequestCache, is provided aRequestCacheshared object is used to replay the request after authentication is successful AuthenticationEntryPoint- seeauthenticationEntryPoint(AuthenticationEntryPoint)
- Since:
- 3.2
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionaccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) Specifies theAccessDeniedHandlerto be usedaccessDeniedPage(String accessDeniedUrl) Shortcut to specify theAccessDeniedHandlerto be used is a specific error pageauthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) Sets theAuthenticationEntryPointto be used.voidConfigure theSecurityBuilderby setting the necessary properties on theSecurityBuilder.defaultAccessDeniedHandlerFor(AccessDeniedHandler deniedHandler, RequestMatcher preferredMatcher) Sets a defaultAccessDeniedHandlerto be used which prefers being invoked for the providedRequestMatcher.defaultAuthenticationEntryPointFor(AuthenticationEntryPoint entryPoint, RequestMatcher preferredMatcher) Sets a defaultAuthenticationEntryPointto be used which prefers being invoked for the providedRequestMatcher.Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, getSecurityContextHolderStrategy, withObjectPostProcessorMethods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, init, postProcess, setBuilder
-
Constructor Details
-
ExceptionHandlingConfigurer
public ExceptionHandlingConfigurer()Creates a new instance- See Also:
-
-
Method Details
-
accessDeniedPage
Shortcut to specify theAccessDeniedHandlerto be used is a specific error page- Parameters:
accessDeniedUrl- the URL to the access denied page (i.e. /errors/401)- Returns:
- the
ExceptionHandlingConfigurerfor further customization - See Also:
-
accessDeniedHandler
Specifies theAccessDeniedHandlerto be used- Parameters:
accessDeniedHandler- theAccessDeniedHandlerto be used- Returns:
- the
ExceptionHandlingConfigurerfor further customization
-
defaultAccessDeniedHandlerFor
public ExceptionHandlingConfigurer<H> defaultAccessDeniedHandlerFor(AccessDeniedHandler deniedHandler, RequestMatcher preferredMatcher) Sets a defaultAccessDeniedHandlerto be used which prefers being invoked for the providedRequestMatcher. If only a single defaultAccessDeniedHandleris specified, it will be what is used for the defaultAccessDeniedHandler. If multiple defaultAccessDeniedHandlerinstances are configured, then aRequestMatcherDelegatingAccessDeniedHandlerwill be used.- Parameters:
deniedHandler- theAccessDeniedHandlerto usepreferredMatcher- theRequestMatcherfor this defaultAccessDeniedHandler- Returns:
- the
ExceptionHandlingConfigurerfor further customizations - Since:
- 5.1
-
authenticationEntryPoint
public ExceptionHandlingConfigurer<H> authenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) Sets theAuthenticationEntryPointto be used.If no
authenticationEntryPoint(AuthenticationEntryPoint)is specified, thendefaultAuthenticationEntryPointFor(AuthenticationEntryPoint, RequestMatcher)will be used. The firstAuthenticationEntryPointwill be used as the default if no matches were found.If that is not provided defaults to
Http403ForbiddenEntryPoint.- Parameters:
authenticationEntryPoint- theAuthenticationEntryPointto use- Returns:
- the
ExceptionHandlingConfigurerfor further customizations
-
defaultAuthenticationEntryPointFor
public ExceptionHandlingConfigurer<H> defaultAuthenticationEntryPointFor(AuthenticationEntryPoint entryPoint, RequestMatcher preferredMatcher) Sets a defaultAuthenticationEntryPointto be used which prefers being invoked for the providedRequestMatcher. If only a single defaultAuthenticationEntryPointis specified, it will be what is used for the defaultAuthenticationEntryPoint. If multiple defaultAuthenticationEntryPointinstances are configured, then aDelegatingAuthenticationEntryPointwill be used.- Parameters:
entryPoint- theAuthenticationEntryPointto usepreferredMatcher- theRequestMatcherfor this defaultAuthenticationEntryPoint- Returns:
- the
ExceptionHandlingConfigurerfor further customizations
-
configure
Description copied from interface:SecurityConfigurerConfigure theSecurityBuilderby setting the necessary properties on theSecurityBuilder.- Specified by:
configurein interfaceSecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>> - Overrides:
configurein classSecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
-