Register AccessDeniedHandler earlier so that it gets used

This is baffling (might need help from @rwinch to understand), but there is an integration test in sparklr2 that fails without this change. As far as I can tell it registers the right access denied handler even before this change, but it never gets called. See spring-atticgh-315
zhuxinjun · Jan 23, 2015 · 1a04ec9 · 1a04ec9
1 parent d8bcdb4
commit 1a04ec9
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/...work/security/oauth2/config/annotation/web/configuration/ResourceServerConfiguration.java b/...work/security/oauth2/config/annotation/web/configuration/ResourceServerConfiguration.java
@@ -130,16 +130,18 @@ protected void configure(HttpSecurity http) throws Exception {
 		for (ResourceServerConfigurer configurer : configurers) {
 			configurer.configure(resources);
 		}
+		// @formatter:off	
+		http
+			.exceptionHandling().accessDeniedHandler(resources.getAccessDeniedHandler()).and()
+			.anonymous().disable()
+			.csrf().disable();
+		// @formatter:on
 		http.apply(resources);
 		RequestMatcherConfigurer requests = http.requestMatchers();
 		if (endpoints != null) {
 			// Assume we are in an Authorization Server
 			requests.requestMatchers(new NotOAuthRequestMatcher(endpoints.oauth2EndpointHandlerMapping()));
 		}
-		// @formatter:off	
-		http.anonymous().disable()
-			.csrf().disable();
-		// @formatter:on
 		for (ResourceServerConfigurer configurer : configurers) {
 			// Delegates can add authorizeRequests() here
 			configurer.configure(http);

diff --git a/...k/security/oauth2/config/annotation/web/configurers/ResourceServerSecurityConfigurer.java b/...k/security/oauth2/config/annotation/web/configurers/ResourceServerSecurityConfigurer.java
@@ -220,4 +220,8 @@ private TokenStore tokenStore() {
 		return this.tokenStore;
 	}
 
+	public AccessDeniedHandler getAccessDeniedHandler() {
+		return this.accessDeniedHandler;
+	}
+
 }