/*
* Copyright 2013-2017 Erudika. https://erudika.com
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* For issues and patches go to: https://github.com/erudika
*/
package com.erudika.para.security;
import com.erudika.para.rest.RestUtils;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandlerImpl;
/**
* Access denied handler.
* @author Alex Bogdanovski [alex@erudika.com]
*/
public class SimpleAccessDeniedHandler extends AccessDeniedHandlerImpl {
/**
* Default constructor.
* @param errorPage error page path e.g. "/error.html"
*/
public SimpleAccessDeniedHandler(String errorPage) {
setErrorPage(errorPage);
}
@Override
public void handle(HttpServletRequest request, HttpServletResponse response,
AccessDeniedException accessDeniedException) throws IOException, ServletException {
if (isRestRequest(request)) {
RestUtils.returnStatusResponse(response, HttpServletResponse.SC_FORBIDDEN, accessDeniedException.getMessage());
} else {
super.handle(request, response, accessDeniedException);
}
}
/**
* Checks if it is a rest request.
* @param request request
* @return true if rest or ajax
*/
protected boolean isRestRequest(HttpServletRequest request) {
return RestRequestMatcher.INSTANCE.matches(request) || AjaxRequestMatcher.INSTANCE.matches(request);
}
}