/** * Creates the {@link AccessDeniedHandler} from the result of * {@link #getDefaultAccessDeniedHandler(HttpSecurityBuilder)} and * {@link #getInvalidSessionStrategy(HttpSecurityBuilder)}. If * {@link #getInvalidSessionStrategy(HttpSecurityBuilder)} is non-null, then a * {@link DelegatingAccessDeniedHandler} is used in combination with * {@link InvalidSessionAccessDeniedHandler} and the * {@link #getDefaultAccessDeniedHandler(HttpSecurityBuilder)}. Otherwise, only * {@link #getDefaultAccessDeniedHandler(HttpSecurityBuilder)} is used. * * @param http the {@link HttpSecurityBuilder} * @return the {@link AccessDeniedHandler} */ private AccessDeniedHandler createAccessDeniedHandler(H http) { InvalidSessionStrategy invalidSessionStrategy = getInvalidSessionStrategy(http); AccessDeniedHandler defaultAccessDeniedHandler = getDefaultAccessDeniedHandler( http); if (invalidSessionStrategy == null) { return defaultAccessDeniedHandler; } InvalidSessionAccessDeniedHandler invalidSessionDeniedHandler = new InvalidSessionAccessDeniedHandler( invalidSessionStrategy); LinkedHashMap<Class<? extends AccessDeniedException>, AccessDeniedHandler> handlers = new LinkedHashMap<Class<? extends AccessDeniedException>, AccessDeniedHandler>(); handlers.put(MissingCsrfTokenException.class, invalidSessionDeniedHandler); return new DelegatingAccessDeniedHandler(handlers, defaultAccessDeniedHandler); }
/** * Creates the {@link AccessDeniedHandler} from the result of * {@link #getDefaultAccessDeniedHandler(HttpSecurityBuilder)} and * {@link #getInvalidSessionStrategy(HttpSecurityBuilder)}. If * {@link #getInvalidSessionStrategy(HttpSecurityBuilder)} is non-null, then a * {@link DelegatingAccessDeniedHandler} is used in combination with * {@link InvalidSessionAccessDeniedHandler} and the * {@link #getDefaultAccessDeniedHandler(HttpSecurityBuilder)}. Otherwise, only * {@link #getDefaultAccessDeniedHandler(HttpSecurityBuilder)} is used. * * @param http the {@link HttpSecurityBuilder} * @return the {@link AccessDeniedHandler} */ private AccessDeniedHandler createAccessDeniedHandler(H http) { InvalidSessionStrategy invalidSessionStrategy = getInvalidSessionStrategy(http); AccessDeniedHandler defaultAccessDeniedHandler = getDefaultAccessDeniedHandler( http); if (invalidSessionStrategy == null) { return defaultAccessDeniedHandler; } InvalidSessionAccessDeniedHandler invalidSessionDeniedHandler = new InvalidSessionAccessDeniedHandler( invalidSessionStrategy); LinkedHashMap<Class<? extends AccessDeniedException>, AccessDeniedHandler> handlers = new LinkedHashMap<Class<? extends AccessDeniedException>, AccessDeniedHandler>(); handlers.put(MissingCsrfTokenException.class, invalidSessionDeniedHandler); return new DelegatingAccessDeniedHandler(handlers, defaultAccessDeniedHandler); }
/** * Creates the {@link AccessDeniedHandler} from the result of * {@link #getDefaultAccessDeniedHandler(HttpSecurityBuilder)} and * {@link #getInvalidSessionStrategy(HttpSecurityBuilder)}. If * {@link #getInvalidSessionStrategy(HttpSecurityBuilder)} is non-null, then a * {@link DelegatingAccessDeniedHandler} is used in combination with * {@link InvalidSessionAccessDeniedHandler} and the * {@link #getDefaultAccessDeniedHandler(HttpSecurityBuilder)}. Otherwise, only * {@link #getDefaultAccessDeniedHandler(HttpSecurityBuilder)} is used. * * @param http the {@link HttpSecurityBuilder} * @return the {@link AccessDeniedHandler} */ private AccessDeniedHandler createAccessDeniedHandler(H http) { InvalidSessionStrategy invalidSessionStrategy = getInvalidSessionStrategy(http); AccessDeniedHandler defaultAccessDeniedHandler = getDefaultAccessDeniedHandler( http); if (invalidSessionStrategy == null) { return defaultAccessDeniedHandler; } InvalidSessionAccessDeniedHandler invalidSessionDeniedHandler = new InvalidSessionAccessDeniedHandler( invalidSessionStrategy); LinkedHashMap<Class<? extends AccessDeniedException>, AccessDeniedHandler> handlers = new LinkedHashMap<Class<? extends AccessDeniedException>, AccessDeniedHandler>(); handlers.put(MissingCsrfTokenException.class, invalidSessionDeniedHandler); return new DelegatingAccessDeniedHandler(handlers, defaultAccessDeniedHandler); }