void handle()

in plugin-core/plugin/src/main/groovy/grails/plugin/springsecurity/web/access/AjaxAwareAccessDeniedHandler.groovy [58:120]

• 52 lines of code
• 20 McCabe index (conditional complexity)

	void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) throws IOException, ServletException {

		if (e && loggedIn && authenticationTrustResolver.isRememberMe(authentication)) {
			// user has a cookie but is getting bounced because of IS_AUTHENTICATED_FULLY,
			// so Spring Security won't save the original request
			requestCache.saveRequest request, response
		}

		if (response.committed) {
			log.trace 'response is committed'
			return
		}

		boolean ajaxError = ajaxErrorPage != null && SpringSecurityUtils.isAjax(request)
		if (errorPage == null && !ajaxError) {
			log.trace 'Sending 403 for non-Ajax request without errorPage specified'
			response.sendError HttpServletResponse.SC_FORBIDDEN, e.message
			return
		}

		if (useForward && (errorPage != null || ajaxError)) {
			log.trace 'Forwarding to error page'
			// Put exception into request scope (perhaps of use to a view)
			request.setAttribute(WebAttributes.ACCESS_DENIED_403, e)
			response.status = HttpServletResponse.SC_FORBIDDEN
			request.getRequestDispatcher(ajaxError ? ajaxErrorPage : errorPage).forward request, response
			return
		}

		String redirectUrl
		String serverURL = ReflectionUtils.grailsServerURL
		if (serverURL == null) {
			boolean includePort = true
			String scheme = request.scheme
			String serverName = request.serverName
			int serverPort = portResolver.getServerPort(request)
			String contextPath = request.contextPath
			boolean inHttp = 'http' == scheme.toLowerCase()
			boolean inHttps = 'https' == scheme.toLowerCase()

			if (inHttp && (serverPort == 80)) {
				includePort = false
			}
			else if (inHttps && (serverPort == 443)) {
				includePort = false
			}
			redirectUrl = scheme + '://' + serverName + ((includePort) ? (':' + serverPort) : '') + contextPath
		}
		else {
			redirectUrl = serverURL
		}

		if (ajaxError) {
			redirectUrl += ajaxErrorPage
		}
		else if (errorPage != null) {
			redirectUrl += errorPage
		}

		String encodedRedirectUrl = response.encodeRedirectURL(redirectUrl)
		log.trace 'Redirecting to {}', encodedRedirectUrl
		response.sendRedirect encodedRedirectUrl
	}