package eu.dnetlib.organizations; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.access.AccessDeniedHandler; import org.springframework.stereotype.Component; import eu.dnetlib.organizations.controller.UserInfo; @Component public class MyAccessDeniedHandler implements AccessDeniedHandler { private static Logger logger = LoggerFactory.getLogger(MyAccessDeniedHandler.class); @Override public void handle(final HttpServletRequest req, final HttpServletResponse res, final AccessDeniedException e) throws IOException, ServletException { final Authentication auth = SecurityContextHolder.getContext().getAuthentication(); if (auth != null) { logger.warn(String.format("User '%s' (%s) attempted to access the protected URL: %s", auth.getName(), req.getRemoteAddr(), req.getRequestURI())); } if (UserInfo.isNotAuthorized(auth)) { res.sendRedirect(req.getContextPath() + "/authorizationRequest"); } else { res.sendRedirect(req.getContextPath() + "/alreadyRegistered"); } } }