Skip to content

Commit 97fdfb0

Browse files
earlgrey02sjohnr
earlgrey02
authored and
sjohnr
committed
Add HttpStatusAccessDeniedHandler
Signed-off-by: earlgrey02 <[email protected]>
1 parent 10394c8 commit 97fdfb0

File tree

2 files changed

+80
-0
lines changed

2 files changed

+80
-0
lines changed

web/src/main/java/org/springframework/security/web/access/HttpStatusAccessDeniedHandler.java

+34
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
package org.springframework.security.web.access;
2+
3+
import jakarta.servlet.ServletException;
4+
import jakarta.servlet.http.HttpServletRequest;
5+
import jakarta.servlet.http.HttpServletResponse;
6+
import org.apache.commons.logging.Log;
7+
import org.apache.commons.logging.LogFactory;
8+
import org.springframework.core.log.LogMessage;
9+
import org.springframework.http.HttpStatus;
10+
import org.springframework.security.access.AccessDeniedException;
11+
import org.springframework.util.Assert;
12+
13+
import java.io.IOException;
14+
15+
public class HttpStatusAccessDeniedHandler implements AccessDeniedHandler {
16+
17+
protected static final Log logger = LogFactory.getLog(HttpStatusAccessDeniedHandler.class);
18+
19+
private final HttpStatus httpStatus;
20+
21+
public HttpStatusAccessDeniedHandler(HttpStatus httpStatus) {
22+
Assert.notNull(httpStatus, "httpStatus cannot be null");
23+
this.httpStatus = httpStatus;
24+
}
25+
26+
@Override
27+
public void handle(HttpServletRequest request, HttpServletResponse response,
28+
AccessDeniedException accessDeniedException) throws IOException, ServletException {
29+
logger.debug(LogMessage.format("Access denied with status code %d", this.httpStatus.value()));
30+
31+
response.sendError(this.httpStatus.value(), "Access Denied");
32+
}
33+
34+
}

web/src/test/java/org/springframework/security/web/access/HttpStatusAccessDeniedHandlerTests.java

+46
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
package org.springframework.security.web.access;
2+
3+
import jakarta.servlet.ServletException;
4+
import jakarta.servlet.http.HttpServletRequest;
5+
import jakarta.servlet.http.HttpServletResponse;
6+
import org.junit.jupiter.api.Test;
7+
import org.junit.jupiter.api.extension.ExtendWith;
8+
import org.mockito.Mock;
9+
import org.mockito.junit.jupiter.MockitoExtension;
10+
import org.springframework.http.HttpStatus;
11+
import org.springframework.mock.web.MockHttpServletResponse;
12+
import org.springframework.security.access.AccessDeniedException;
13+
14+
import java.io.IOException;
15+
16+
import static org.assertj.core.api.Assertions.assertThat;
17+
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
18+
19+
@ExtendWith(MockitoExtension.class)
20+
public class HttpStatusAccessDeniedHandlerTests {
21+
22+
@Mock
23+
private HttpServletRequest request;
24+
25+
@Mock
26+
private HttpServletResponse response;
27+
28+
private HttpStatus httpStatus = HttpStatus.FORBIDDEN;
29+
30+
private HttpStatusAccessDeniedHandler handler = new HttpStatusAccessDeniedHandler(this.httpStatus);
31+
32+
private AccessDeniedException exception = new AccessDeniedException("Forbidden");
33+
34+
@Test
35+
public void constructorHttpStatusWhenNullThenException() {
36+
assertThatIllegalArgumentException().isThrownBy(() -> new HttpStatusAccessDeniedHandler(null));
37+
}
38+
39+
@Test
40+
public void commenceThenStatusSet() throws IOException, ServletException {
41+
this.response = new MockHttpServletResponse();
42+
this.handler.handle(this.request, this.response, this.exception);
43+
assertThat(this.response.getStatus()).isEqualTo(this.httpStatus.value());
44+
}
45+
46+
}

0 commit comments

Comments
 (0)