ServletException {
if (exception instanceof AuthenticationException) {
logger.debug("Authentication exception occurred", exception);
sendStartAuthentication(request, response, chain, (AuthenticationException) exception);
} else if (exception instanceof AuthorizationException) {
AuthorizationException ae = (AuthorizationException) exception;
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (AuthenticationUtils.isValid(auth)) {
logger.debug("{} access {} is denied", auth.getName(), ae.getResource());
accessDeniedHandler.handle(request, response, (AuthorizationException) exception);
} else {
logger.debug("anonymous access {} is denied", ae.getResource());
sendStartAuthentication(request, response, chain,
new AuthenticationException(ae.getMessage()));
}
}
}