Package org.dspace.app.rest.exception
Class DSpaceAccessDeniedHandler
java.lang.Object
org.dspace.app.rest.exception.DSpaceAccessDeniedHandler
- All Implemented Interfaces:
AccessDeniedHandler
This Handler customizes behavior of AccessDeniedException errors thrown by Spring Security/Boot.
More specifically, we use this Handler to ensure exceptions related to CSRF Tokens are also sent to our DSpaceApiExceptionControllerAdvice class, which manages all exceptions for the DSpace backend. Without this handler, those CSRF exceptions are managed by Spring Security/Boot *before* DSpaceApiExceptionControllerAdvice is triggered.
Additionally, this Handler is customized to refresh the CSRF Token whenever an InvalidCsrfTokenException occurs. This helps ensure our DSpace server-side token (stored in a server-side cookie) remains "synced" with the token on the client side. If they ever get out of sync, the next request will throw an InvalidCsrfTokenException.
- See Also:
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidhandle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, AccessDeniedException ex) Override handle() to pass these exceptions over to our DSpaceApiExceptionControllerAdvice handler
-
Constructor Details
-
DSpaceAccessDeniedHandler
public DSpaceAccessDeniedHandler()
-
-
Method Details
-
handle
public void handle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, AccessDeniedException ex) throws IOException, jakarta.servlet.ServletException Override handle() to pass these exceptions over to our DSpaceApiExceptionControllerAdvice handler- Specified by:
handlein interfaceAccessDeniedHandler- Parameters:
request- requestresponse- responseex- AccessDeniedException- Throws:
IOExceptionjakarta.servlet.ServletException
-