Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Throw an exception instead of sending back a HTTP error code. This is necessary so any demonstration of upgrading from Servlet Spec authorization to Spring Security authorization, as the latter's ExceptionTranslationFilter expects specific exceptions to be thrown if you wish to commence the authentication process.

This commit is contained in:
Ben Alex 2007-12-14 19:44:50 +00:00
parent 2e4773525b
commit 55e4568003
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
samples/tutorial/src/main/java/bigbank/web/ListAccounts.java
View File

@ -3,6 +3,7 @@ package bigbank.web;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.util.Assert;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.Controller;
@ -21,8 +22,7 @@ public class ListAccounts implements Controller {
public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {
// Security check (this is unnecessary if Spring Security is performing the authorization)
// if (request.getUserPrincipal() == null) {
// response.sendError(HttpServletResponse.SC_FORBIDDEN, "You must login to view the account list");
// return null;
// throw new AuthenticationCredentialsNotFoundException("You must login to view the account list (Spring Security message)"); // only for Spring Security managed authentication
// }
// Actual business logic

6
samples/tutorial/src/main/java/bigbank/web/PostAccounts.java
View File

@ -3,6 +3,7 @@ package bigbank.web;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.AccessDeniedException;
import org.springframework.util.Assert;
import org.springframework.web.bind.ServletRequestUtils;
import org.springframework.web.servlet.ModelAndView;
@ -22,9 +23,8 @@ public class PostAccounts implements Controller {
public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {
// Security check (this is unnecessary if Spring Security is performing the authorization)
// if (request.isUserInRole("ROLE_TELLER")) {
// response.sendError(HttpServletResponse.SC_FORBIDDEN, "You must be a teller to post transactions");
// return null;
// if (!request.isUserInRole("ROLE_TELLER")) {
// throw new AccessDeniedException("You must be a teller to post transactions (Spring Security message)"); // only for Spring Security managed authentication
// }
// Actual business logic