CustomAccessDeniedHandler.java example

Explorer
Consent2Share-master
package gov.samhsa.consent2share.web;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.csrf.InvalidCsrfTokenException;

/**
 * The Class CustomAccessDeniedHandler.
 */
public class CustomAccessDeniedHandler implements AccessDeniedHandler {

	/** The Constant LOGGER. */
	private static final Logger LOGGER = LoggerFactory
			.getLogger(CustomAccessDeniedHandler.class);

	/** The access denied url. */
	private String accessDeniedUrl;

	/**
	 * Instantiates a new custom access denied handler.
	 */
	public CustomAccessDeniedHandler() {
	}

	/**
	 * Instantiates a new custom access denied handler.
	 *
	 * @param accessDeniedUrl
	 *            the access denied url
	 */
	public CustomAccessDeniedHandler(String accessDeniedUrl) {
		this.accessDeniedUrl = accessDeniedUrl;
	}

	/*
	 * (non-Javadoc)
	 * 
	 * @see
	 * org.springframework.security.web.access.AccessDeniedHandler#handle(javax
	 * .servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
	 * org.springframework.security.access.AccessDeniedException)
	 */
	@Override
	public void handle(HttpServletRequest request,
			HttpServletResponse response,
			AccessDeniedException accessDeniedException) throws IOException,
			ServletException {

		LOGGER.info("Access denied url: " + accessDeniedUrl);

		if (accessDeniedException instanceof InvalidCsrfTokenException) {
			request.getSession().setAttribute("tokenErrorMessage",
					"Page has expired! Please try login again.");
			response.sendRedirect("../index.html");
		} else {

			request.getSession().setAttribute("message",
					"You do not have permission to access this page!");
			response.sendRedirect("../" + accessDeniedUrl);
		}
	}

	/**
	 * Gets the access denied url.
	 *
	 * @return the access denied url
	 */
	public String getAccessDeniedUrl() {
		return accessDeniedUrl;
	}

	/**
	 * Sets the access denied url.
	 *
	 * @param accessDeniedUrl
	 *            the new access denied url
	 */
	public void setAccessDeniedUrl(String accessDeniedUrl) {
		this.accessDeniedUrl = accessDeniedUrl;
	}
}