Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Throw an exception instead of sending back a HTTP error code. This is necessary so any demonstration of upgrading from Servlet Spec authorization to Spring Security authorization, as the latter's ExceptionTranslationFilter expects specific exceptions to be thrown if you wish to commence the authentication process.

Ben Alex 17 years ago
parent
2e4773525b
commit
55e4568003
2 changed files with 5 additions and 5 deletions
Split View Show Diff Stats
  1. 2 2
      samples/tutorial/src/main/java/bigbank/web/ListAccounts.java
  2. 3 3
      samples/tutorial/src/main/java/bigbank/web/PostAccounts.java

+ 2 - 2
samples/tutorial/src/main/java/bigbank/web/ListAccounts.java
View File 

@@ -3,6 +3,7 @@ package bigbank.web;
 
 import javax.servlet.http.HttpServletRequest;
 
 import javax.servlet.http.HttpServletResponse;
 
 
+import org.springframework.security.AuthenticationCredentialsNotFoundException;
 
 import org.springframework.util.Assert;
 
 import org.springframework.web.servlet.ModelAndView;
 
 import org.springframework.web.servlet.mvc.Controller;
 
@@ -21,8 +22,7 @@ public class ListAccounts implements Controller {
 
 	public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {
 
 		// Security check (this is unnecessary if Spring Security is performing the authorization)
 
 //		if (request.getUserPrincipal() == null) {
 
-//			response.sendError(HttpServletResponse.SC_FORBIDDEN, "You must login to view the account list");
 
-//			return null;
 
+//			throw new AuthenticationCredentialsNotFoundException("You must login to view the account list (Spring Security message)"); // only for Spring Security managed authentication
 
 //		}
 
 		
 		// Actual business logic

+ 3 - 3
samples/tutorial/src/main/java/bigbank/web/PostAccounts.java
View File 

@@ -3,6 +3,7 @@ package bigbank.web;
 
 import javax.servlet.http.HttpServletRequest;
 
 import javax.servlet.http.HttpServletResponse;
 
 
+import org.springframework.security.AccessDeniedException;
 
 import org.springframework.util.Assert;
 
 import org.springframework.web.bind.ServletRequestUtils;
 
 import org.springframework.web.servlet.ModelAndView;
 
@@ -22,9 +23,8 @@ public class PostAccounts implements Controller {
 
 
 	public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {
 
 		// Security check (this is unnecessary if Spring Security is performing the authorization)
 
-//		if (request.isUserInRole("ROLE_TELLER")) {
 
-//			response.sendError(HttpServletResponse.SC_FORBIDDEN, "You must be a teller to post transactions");
 
-//			return null;
 
+//		if (!request.isUserInRole("ROLE_TELLER")) {
 
+//			throw new AccessDeniedException("You must be a teller to post transactions (Spring Security message)"); // only for Spring Security managed authentication
 
 //		}
 
 		
 		// Actual business logic