Make SecurityEnforcementFilter more subclass friendly.

changelog.txt

@@ -12,6 +12,7 @@ Changes in version 0.6 (2004-xx-xx)
 * Added failed Authentication object to AuthenticationExceptions
 * Added signed JARs to all official release builds (see readme.txt)
 * Added remote client authentication validation package
+* Added protected sendAccessDeniedError method to SecurityEnforcementFilter
 * Updated Authentication to be serializable (Weblogic support)
 * Updated to Clover 1.3
 * Updated to HSQLDB version 1.7.2 Release Candidate 6D

core/src/main/java/org/acegisecurity/intercept/web/SecurityEnforcementFilter.java

@@ -202,11 +202,24 @@ public class SecurityEnforcementFilter implements Filter, InitializingBean {
                     "Access is denied - sending back forbidden response");
             }
 
-            ((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN); // 403
+            sendAccessDeniedError(request, response);
         } catch (Throwable otherException) {
             throw new ServletException(otherException);
         }
     }
 
     public void init(FilterConfig filterConfig) throws ServletException {}
+
+    /**
+     * Allows subclasses to override if required
+     *
+     * @param request
+     * @param response
+     *
+     * @throws IOException
+     */
+    protected void sendAccessDeniedError(ServletRequest request,
+        ServletResponse response) throws IOException {
+        ((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN); // 403
+    }
 }