Ana Sayfa Keşfet Yardım
Üye Ol Giriş Yap
github
/
spring-security
şunun yansıması https://github.com/spring-projects/spring-security
2
0
Çatalla 0
Dosyalar Sorunlar 0 Wiki
Kaynağa Gözat

Propagate Any AccessDeniedException

Any time a response handler throws an exception, we want to
propagate an underlying AccessDeniedException if their is one.

Issue gh-16058
Josh Cummings 3 ay önce
ebeveyn
fae61b9426
işleme
52394c1f07
1 değiştirilmiş dosya ile 10 ekleme ve 15 silme
Görünümü Böl Farklılık Durumunu Göster
  1. 10 15
      config/src/main/java/org/springframework/security/config/annotation/method/configuration/AuthorizationProxyWebConfiguration.java

+ 10 - 15
config/src/main/java/org/springframework/security/config/annotation/method/configuration/AuthorizationProxyWebConfiguration.java
Dosyayı Görüntüle 

@@ -28,7 +28,6 @@ import org.springframework.context.annotation.Configuration;
 
 import org.springframework.context.annotation.Role;
 
 import org.springframework.http.HttpEntity;
 
 import org.springframework.http.ResponseEntity;
 
-import org.springframework.http.converter.HttpMessageNotWritableException;
 
 import org.springframework.security.access.AccessDeniedException;
 
 import org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory;
 
 import org.springframework.security.web.util.ThrowableAnalyzer;
 
@@ -52,11 +51,11 @@ class AuthorizationProxyWebConfiguration implements WebMvcConfigurer {
 
 		for (int i = 0; i < resolvers.size(); i++) {
 
 			HandlerExceptionResolver resolver = resolvers.get(i);
 
 			if (resolver instanceof DefaultHandlerExceptionResolver) {
 
-				resolvers.add(i, new HttpMessageNotWritableAccessDeniedExceptionResolver());
 
+				resolvers.add(i, new AccessDeniedExceptionResolver());
 
 				return;
 
 			}
 
 		}
 
-		resolvers.add(new HttpMessageNotWritableAccessDeniedExceptionResolver());
 
+		resolvers.add(new AccessDeniedExceptionResolver());
 
 	}
 
 
 	static class WebTargetVisitor implements AuthorizationAdvisorProxyFactory.TargetVisitor {
 
@@ -84,24 +83,20 @@ class AuthorizationProxyWebConfiguration implements WebMvcConfigurer {
 
 
 	}
 
 
-	static class HttpMessageNotWritableAccessDeniedExceptionResolver implements HandlerExceptionResolver {
 
+	static class AccessDeniedExceptionResolver implements HandlerExceptionResolver {
 
 
 		final ThrowableAnalyzer throwableAnalyzer = new ThrowableAnalyzer();
 
 
 		@Override
 
 		public ModelAndView resolveException(HttpServletRequest request, HttpServletResponse response, Object handler,
 
 				Exception ex) {
 
-			// Only resolves AccessDeniedException if it occurred during serialization,
 
-			// otherwise lets the user-defined handler deal with it.
 
-			if (ex instanceof HttpMessageNotWritableException) {
 
-				Throwable[] causeChain = this.throwableAnalyzer.determineCauseChain(ex);
 
-				Throwable accessDeniedException = this.throwableAnalyzer
 
-					.getFirstThrowableOfType(AccessDeniedException.class, causeChain);
 
-				if (accessDeniedException != null) {
 
-					return new ModelAndView((model, req, res) -> {
 
-						throw ex;
 
-					});
 
-				}
 
+			Throwable[] causeChain = this.throwableAnalyzer.determineCauseChain(ex);
 
+			Throwable accessDeniedException = this.throwableAnalyzer
 
+				.getFirstThrowableOfType(AccessDeniedException.class, causeChain);
 
+			if (accessDeniedException != null) {
 
+				return new ModelAndView((model, req, res) -> {
 
+					throw ex;
 
+				});
 
 			}
 
 			return null;
 
 		}