From 55e4568003c3b55cea068ff05acf56d8569e1762 Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Fri, 14 Dec 2007 19:44:50 +0000 Subject: [PATCH] Throw an exception instead of sending back a HTTP error code. This is necessary so any demonstration of upgrading from Servlet Spec authorization to Spring Security authorization, as the latter's ExceptionTranslationFilter expects specific exceptions to be thrown if you wish to commence the authentication process. --- .../tutorial/src/main/java/bigbank/web/ListAccounts.java | 4 ++-- .../tutorial/src/main/java/bigbank/web/PostAccounts.java | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/samples/tutorial/src/main/java/bigbank/web/ListAccounts.java b/samples/tutorial/src/main/java/bigbank/web/ListAccounts.java index 6c2c5b810e..d0ea3ed67b 100644 --- a/samples/tutorial/src/main/java/bigbank/web/ListAccounts.java +++ b/samples/tutorial/src/main/java/bigbank/web/ListAccounts.java @@ -3,6 +3,7 @@ package bigbank.web; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.security.AuthenticationCredentialsNotFoundException; import org.springframework.util.Assert; import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.mvc.Controller; @@ -21,8 +22,7 @@ public class ListAccounts implements Controller { public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception { // Security check (this is unnecessary if Spring Security is performing the authorization) // if (request.getUserPrincipal() == null) { -// response.sendError(HttpServletResponse.SC_FORBIDDEN, "You must login to view the account list"); -// return null; +// throw new AuthenticationCredentialsNotFoundException("You must login to view the account list (Spring Security message)"); // only for Spring Security managed authentication // } // Actual business logic diff --git a/samples/tutorial/src/main/java/bigbank/web/PostAccounts.java b/samples/tutorial/src/main/java/bigbank/web/PostAccounts.java index 58fb342215..e5967b52e3 100644 --- a/samples/tutorial/src/main/java/bigbank/web/PostAccounts.java +++ b/samples/tutorial/src/main/java/bigbank/web/PostAccounts.java @@ -3,6 +3,7 @@ package bigbank.web; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.security.AccessDeniedException; import org.springframework.util.Assert; import org.springframework.web.bind.ServletRequestUtils; import org.springframework.web.servlet.ModelAndView; @@ -22,9 +23,8 @@ public class PostAccounts implements Controller { public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception { // Security check (this is unnecessary if Spring Security is performing the authorization) -// if (request.isUserInRole("ROLE_TELLER")) { -// response.sendError(HttpServletResponse.SC_FORBIDDEN, "You must be a teller to post transactions"); -// return null; +// if (!request.isUserInRole("ROLE_TELLER")) { +// throw new AccessDeniedException("You must be a teller to post transactions (Spring Security message)"); // only for Spring Security managed authentication // } // Actual business logic