Package org.dspace.app.rest.exception

Class DSpaceAccessDeniedHandler

java.lang.Object
org.dspace.app.rest.exception.DSpaceAccessDeniedHandler
All Implemented Interfaces:
org.springframework.security.web.access.AccessDeniedHandler
@Component public class DSpaceAccessDeniedHandler extends Object implements org.springframework.security.web.access.AccessDeniedHandler
This Handler customizes behavior of AccessDeniedException errors thrown by Spring Security/Boot.

More specifically, we use this Handler to ensure exceptions related to CSRF Tokens are also sent to our DSpaceApiExceptionControllerAdvice class, which manages all exceptions for the DSpace backend. Without this handler, those CSRF exceptions are managed by Spring Security/Boot *before* DSpaceApiExceptionControllerAdvice is triggered.

Additionally, this Handler is customized to refresh the CSRF Token whenever an InvalidCsrfTokenException occurs. This helps ensure our DSpace server-side token (stored in a server-side cookie) remains "synced" with the token on the client side. If they ever get out of sync, the next request will throw an InvalidCsrfTokenException.

See Also:

  • Constructor Summary

    Constructors
    Constructor
    Description
    DSpaceAccessDeniedHandler()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    handle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.access.AccessDeniedException ex)
    Override handle() to pass these exceptions over to our DSpaceApiExceptionControllerAdvice handler

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • DSpaceAccessDeniedHandler

      public DSpaceAccessDeniedHandler()

  • Method Details

    • handle

      public void handle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.access.AccessDeniedException ex) throws IOException, javax.servlet.ServletException
      Override handle() to pass these exceptions over to our DSpaceApiExceptionControllerAdvice handler
      Specified by:
      handle in interface org.springframework.security.web.access.AccessDeniedHandler
      Parameters:
      request - request
      response - response
      ex - AccessDeniedException
      Throws:
      IOException
      javax.servlet.ServletException