Skip to content

Commit 52394c1

Browse files
jzheauxjzheaux
committed
Propagate Any AccessDeniedException
Any time a response handler throws an exception, we want to propagate an underlying AccessDeniedException if their is one. Issue gh-16058
1 parent fae61b9 commit 52394c1

File tree

1 file changed

+10
-15
lines changed

1 file changed

+10
-15
lines changed

config/src/main/java/org/springframework/security/config/annotation/method/configuration/AuthorizationProxyWebConfiguration.java

Lines changed: 10 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,6 @@
2828
import org.springframework.context.annotation.Role;
2929
import org.springframework.http.HttpEntity;
3030
import org.springframework.http.ResponseEntity;
31-
import org.springframework.http.converter.HttpMessageNotWritableException;
3231
import org.springframework.security.access.AccessDeniedException;
3332
import org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory;
3433
import org.springframework.security.web.util.ThrowableAnalyzer;
@@ -52,11 +51,11 @@ public void extendHandlerExceptionResolvers(List<HandlerExceptionResolver> resol
5251
for (int i = 0; i < resolvers.size(); i++) {
5352
HandlerExceptionResolver resolver = resolvers.get(i);
5453
if (resolver instanceof DefaultHandlerExceptionResolver) {
55-
resolvers.add(i, new HttpMessageNotWritableAccessDeniedExceptionResolver());
54+
resolvers.add(i, new AccessDeniedExceptionResolver());
5655
return;
5756
}
5857
}
59-
resolvers.add(new HttpMessageNotWritableAccessDeniedExceptionResolver());
58+
resolvers.add(new AccessDeniedExceptionResolver());
6059
}
6160

6261
static class WebTargetVisitor implements AuthorizationAdvisorProxyFactory.TargetVisitor {
@@ -84,24 +83,20 @@ public Object visit(AuthorizationAdvisorProxyFactory proxyFactory, Object target
8483

8584
}
8685

87-
static class HttpMessageNotWritableAccessDeniedExceptionResolver implements HandlerExceptionResolver {
86+
static class AccessDeniedExceptionResolver implements HandlerExceptionResolver {
8887

8988
final ThrowableAnalyzer throwableAnalyzer = new ThrowableAnalyzer();
9089

9190
@Override
9291
public ModelAndView resolveException(HttpServletRequest request, HttpServletResponse response, Object handler,
9392
Exception ex) {
94-
// Only resolves AccessDeniedException if it occurred during serialization,
95-
// otherwise lets the user-defined handler deal with it.
96-
if (ex instanceof HttpMessageNotWritableException) {
97-
Throwable[] causeChain = this.throwableAnalyzer.determineCauseChain(ex);
98-
Throwable accessDeniedException = this.throwableAnalyzer
99-
.getFirstThrowableOfType(AccessDeniedException.class, causeChain);
100-
if (accessDeniedException != null) {
101-
return new ModelAndView((model, req, res) -> {
102-
throw ex;
103-
});
104-
}
93+
Throwable[] causeChain = this.throwableAnalyzer.determineCauseChain(ex);
94+
Throwable accessDeniedException = this.throwableAnalyzer
95+
.getFirstThrowableOfType(AccessDeniedException.class, causeChain);
96+
if (accessDeniedException != null) {
97+
return new ModelAndView((model, req, res) -> {
98+
throw ex;
99+
});
105100
}
106101
return null;
107102
}

0 commit comments

Comments
 (0)