SEC-996: AccessDeniedhandlerimpl doesn't write response code if used with errorPage

Applied supplied patch which checks the committed flag before forwarding to the error page.

core/src/main/java/org/springframework/security/ui/AccessDeniedHandlerImpl.java

@@ -55,19 +55,22 @@ public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
 
     public void handle(ServletRequest request, ServletResponse response, AccessDeniedException accessDeniedException)
             throws IOException, ServletException {
+        if (!response.isCommitted()) {
             if (errorPage != null) {
                 // Put exception into request scope (perhaps of use to a view)
-            ((HttpServletRequest) request).setAttribute(SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY,
+                request.setAttribute(SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY, accessDeniedException);
-                accessDeniedException);
 
-            // Perform RequestDispatcher "forward"
+                // Set the 403 status code.
-            RequestDispatcher rd = request.getRequestDispatcher(errorPage);
+                HttpServletResponse resp = (HttpServletResponse) response;
-            rd.forward(request, response);
+                resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
+
+                // forward to error page.
+                RequestDispatcher dispatcher = request.getRequestDispatcher(errorPage);
+                dispatcher.forward(request, response);
+            } else {
+                HttpServletResponse resp = (HttpServletResponse) response;
+                resp.sendError(HttpServletResponse.SC_FORBIDDEN, accessDeniedException.getMessage());
             }
-
-        if (!response.isCommitted()) {
-            // Send 403 (we do this after response has been written)
-            ((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN, accessDeniedException.getMessage());
         }
     }