mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-20 19:12:14 +00:00
SEC-199: Use ServletException.getRootCause() to extract any Acegi Security exceptions.
This commit is contained in:
Ben Alex
parent
4e09777dec
commit
307ac99ec5
@ -16,6 +16,7 @@
|
|||||||
package org.acegisecurity.ui;
|
package org.acegisecurity.ui;
|
||||||
|
|
||||||
import org.acegisecurity.AccessDeniedException;
|
import org.acegisecurity.AccessDeniedException;
|
||||||
|
import org.acegisecurity.AcegiSecurityException;
|
||||||
import org.acegisecurity.AuthenticationException;
|
import org.acegisecurity.AuthenticationException;
|
||||||
import org.acegisecurity.AuthenticationTrustResolver;
|
import org.acegisecurity.AuthenticationTrustResolver;
|
||||||
import org.acegisecurity.AuthenticationTrustResolverImpl;
|
import org.acegisecurity.AuthenticationTrustResolverImpl;
|
||||||
@ -145,38 +146,20 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean {
|
|||||||
if (logger.isDebugEnabled()) {
|
if (logger.isDebugEnabled()) {
|
||||||
logger.debug("Chain processed normally");
|
logger.debug("Chain processed normally");
|
||||||
}
|
}
|
||||||
} catch (AuthenticationException authentication) {
|
} catch (AuthenticationException ex) {
|
||||||
if (logger.isDebugEnabled()) {
|
handleException(request, response, chain, ex);
|
||||||
logger.debug("Authentication exception occurred; redirecting to authentication entry point",
|
} catch (AccessDeniedException ex) {
|
||||||
authentication);
|
handleException(request, response, chain, ex);
|
||||||
}
|
} catch (ServletException ex) {
|
||||||
|
if (ex.getRootCause() instanceof AuthenticationException
|
||||||
sendStartAuthentication(request, response, chain, authentication);
|
|| ex.getRootCause() instanceof AccessDeniedException) {
|
||||||
} catch (AccessDeniedException accessDenied) {
|
handleException(request, response, chain,
|
||||||
if (authenticationTrustResolver.isAnonymous(
|
(AcegiSecurityException) ex.getRootCause());
|
||||||
SecurityContextHolder.getContext().getAuthentication())) {
|
|
||||||
if (logger.isDebugEnabled()) {
|
|
||||||
logger.debug("Access is denied (user is anonymous); redirecting to authentication entry point",
|
|
||||||
accessDenied);
|
|
||||||
}
|
|
||||||
|
|
||||||
sendStartAuthentication(request, response, chain,
|
|
||||||
new InsufficientAuthenticationException(
|
|
||||||
"Full authentication is required to access this resource"));
|
|
||||||
} else {
|
} else {
|
||||||
if (logger.isDebugEnabled()) {
|
throw ex;
|
||||||
logger.debug("Access is denied (user is not anonymous); sending back forbidden response",
|
|
||||||
accessDenied);
|
|
||||||
}
|
}
|
||||||
|
} catch (IOException ex) {
|
||||||
sendAccessDeniedError(request, response, chain, accessDenied);
|
throw ex;
|
||||||
}
|
|
||||||
} catch (ServletException e) {
|
|
||||||
throw e;
|
|
||||||
} catch (IOException e) {
|
|
||||||
throw e;
|
|
||||||
} catch (Throwable otherException) {
|
|
||||||
throw new ServletException(otherException);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -192,6 +175,40 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean {
|
|||||||
return portResolver;
|
return portResolver;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void handleException(ServletRequest request,
|
||||||
|
ServletResponse response, FilterChain chain,
|
||||||
|
AcegiSecurityException exception) throws IOException, ServletException {
|
||||||
|
if (exception instanceof AuthenticationException) {
|
||||||
|
if (logger.isDebugEnabled()) {
|
||||||
|
logger.debug("Authentication exception occurred; redirecting to authentication entry point",
|
||||||
|
exception);
|
||||||
|
}
|
||||||
|
|
||||||
|
sendStartAuthentication(request, response, chain,
|
||||||
|
(AuthenticationException) exception);
|
||||||
|
} else if (exception instanceof AccessDeniedException) {
|
||||||
|
if (authenticationTrustResolver.isAnonymous(
|
||||||
|
SecurityContextHolder.getContext().getAuthentication())) {
|
||||||
|
if (logger.isDebugEnabled()) {
|
||||||
|
logger.debug("Access is denied (user is anonymous); redirecting to authentication entry point",
|
||||||
|
exception);
|
||||||
|
}
|
||||||
|
|
||||||
|
sendStartAuthentication(request, response, chain,
|
||||||
|
new InsufficientAuthenticationException(
|
||||||
|
"Full authentication is required to access this resource"));
|
||||||
|
} else {
|
||||||
|
if (logger.isDebugEnabled()) {
|
||||||
|
logger.debug("Access is denied (user is not anonymous); sending back forbidden response",
|
||||||
|
exception);
|
||||||
|
}
|
||||||
|
|
||||||
|
sendAccessDeniedError(request, response, chain,
|
||||||
|
(AccessDeniedException) exception);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public void init(FilterConfig filterConfig) throws ServletException {}
|
public void init(FilterConfig filterConfig) throws ServletException {}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user