Package org.dspace.app.rest.exception

Class DSpaceAccessDeniedHandler

  • All Implemented Interfaces:
    org.springframework.security.web.access.AccessDeniedHandler
    @Component
public class DSpaceAccessDeniedHandler
extends Object
implements org.springframework.security.web.access.AccessDeniedHandler
    This Handler customizes behavior of AccessDeniedException errors thrown by Spring Security/Boot.

    More specifically, we use this Handler to ensure exceptions related to CSRF Tokens are also sent to our DSpaceApiExceptionControllerAdvice class, which manages all exceptions for the DSpace backend. Without this handler, those CSRF exceptions are managed by Spring Security/Boot *before* DSpaceApiExceptionControllerAdvice is triggered.

    Additionally, this Handler is customized to refresh the CSRF Token whenever an InvalidCsrfTokenException occurs. This helps ensure our DSpace server-side token (stored in a server-side cookie) remains "synced" with the token on the client side. If they ever get out of sync, the next request will throw an InvalidCsrfTokenException.

    See Also:
    DSpaceApiExceptionControllerAdvice

    • Constructor Detail

      • DSpaceAccessDeniedHandler

        public DSpaceAccessDeniedHandler()

    • Method Detail

      • handle

        public void handle​(javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response,
                   org.springframework.security.access.AccessDeniedException ex)
            throws IOException,
                   javax.servlet.ServletException
        Override handle() to pass these exceptions over to our DSpaceApiExceptionControllerAdvice handler
        Specified by:
        handle in interface org.springframework.security.web.access.AccessDeniedHandler
        Parameters:
        request - request
        response - response
        ex - AccessDeniedException
        Throws:
        IOException
        javax.servlet.ServletException