Add HttpStatusAccessDeniedHandler

spring-projects · Jan 30, 2025 · 750e135 · 750e135
1 parent 174f17e
commit 750e135
Show file tree

Hide file tree

Showing 2 changed files with 73 additions and 0 deletions.
diff --git a/web/src/main/java/org/springframework/security/web/access/HttpStatusAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/access/HttpStatusAccessDeniedHandler.java
@@ -0,0 +1,27 @@
+package org.springframework.security.web.access;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.util.Assert;
+
+import java.io.IOException;
+
+public class HttpStatusAccessDeniedHandler implements AccessDeniedHandler {
+
+	private final HttpStatus httpStatus;
+
+	public HttpStatusAccessDeniedHandler(HttpStatus httpStatus) {
+		Assert.notNull(httpStatus, "httpStatus cannot be null");
+		this.httpStatus = httpStatus;
+	}
+
+	@Override
+	public void handle(HttpServletRequest request, HttpServletResponse response,
+			AccessDeniedException accessDeniedException) throws IOException, ServletException {
+		response.sendError(this.httpStatus.value(), accessDeniedException.getMessage());
+	}
+
+}
diff --git a/...test/java/org/springframework/security/web/access/HttpStatusAccessDeniedHandlerTests.java b/...test/java/org/springframework/security/web/access/HttpStatusAccessDeniedHandlerTests.java
@@ -0,0 +1,46 @@
+package org.springframework.security.web.access;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.http.HttpStatus;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.access.AccessDeniedException;
+
+import java.io.IOException;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+
+@ExtendWith(MockitoExtension.class)
+public class HttpStatusAccessDeniedHandlerTests {
+
+	@Mock
+	private HttpServletRequest request;
+
+	@Mock
+	private HttpServletResponse response;
+
+	private HttpStatus httpStatus = HttpStatus.FORBIDDEN;
+
+	private HttpStatusAccessDeniedHandler handler = new HttpStatusAccessDeniedHandler(this.httpStatus);
+
+	private AccessDeniedException exception = new AccessDeniedException("Forbidden");
+
+	@Test
+	public void constructorHttpStatusWhenNullThenException() {
+		assertThatIllegalArgumentException().isThrownBy(() -> new HttpStatusAccessDeniedHandler(null));
+	}
+
+	@Test
+	public void commenceThenStatusSet() throws IOException, ServletException {
+		this.response = new MockHttpServletResponse();
+		this.handler.handle(this.request, this.response, this.exception);
+		assertThat(this.response.getStatus()).isEqualTo(this.httpStatus.value());
+	}
+
+}