com.broadleafcommerce.oauth2.resource.security.exception.AccessDeniedExceptionAdvisor

@RestControllerAdvice(annotations=org.springframework.web.bind.annotation.ResponseBody.class) public class AccessDeniedExceptionAdvisor extends Object

There is an open issue in Spring where methods annotated with @PreAuthorize correctly throw an AccessDeniedException, but it is not passed through ExceptionTranslationFilter and thus results in a 500 response rather than a 403.

This exception advisor serves as a workaround to return 403 until the resolution of that ticket.

Constructor Summary

Constructors

Constructor

Description

AccessDeniedExceptionAdvisor()
Method Summary

Modifier and Type

Method

Description

org.springframework.http.ResponseEntity<Object>

handleAccessDeniedException(org.springframework.security.access.AccessDeniedException ex, org.springframework.web.context.request.WebRequest request)

protected void

logDebug(Exception ex, org.springframework.web.context.request.WebRequest request)

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- AccessDeniedExceptionAdvisor
  
  public AccessDeniedExceptionAdvisor()
Method Details
- handleAccessDeniedException
  
  @ExceptionHandler(org.springframework.security.access.AccessDeniedException.class) public org.springframework.http.ResponseEntity<Object> handleAccessDeniedException(org.springframework.security.access.AccessDeniedException ex, org.springframework.web.context.request.WebRequest request)
- logDebug
  
  protected void logDebug(Exception ex, org.springframework.web.context.request.WebRequest request)

Class AccessDeniedExceptionAdvisor

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

AccessDeniedExceptionAdvisor

Method Details

handleAccessDeniedException

logDebug