• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

AccessDeniedException not going to accessDenied.xhtml

 
Mat Anthony
Ranch Hand
Posts: 259
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
I'm currently writting a spring 3 security app with jsf2.
I have setup my applicationContext_security.xml that contains:-



I have one of service method that I guard as follows:-
@RolesAllowed({"PERM_MY_1"})
public abstract Bike getBike(Integer id);

How do I get the accessDenied.xhtml page to be displayed if the user does not have PERM_MY_1

I have noticed the following example:-


Would I have to implement a DefaultMethodSecurityExpressionHandler and then some how direct a request to accessDenied.xhtml

Inside web.xml i have the followong:-


Not sure what approach to take.

Mat


 
Vyas Sanzgiri
Ranch Hand
Posts: 686
Chrome Netbeans IDE Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can you post your web.xml?
 
Mat Anthony
Ranch Hand
Posts: 259
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Vyas,
the following is my web.xml


I have <sec:debug /> set within applicationContext_security.xml and the following is displayed when I enter an incorrect password
org.springframework.security.access.AccessDeniedException: Access is denied

Since I'm guarding the following, how can I control what jsf is displayed to the user if the user does not have this role



Mat



 
Miku Ranjan
Ranch Hand
Posts: 98
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,
Please check the security configuration properly.
 
Mat Anthony
Ranch Hand
Posts: 259
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Miku,
not sure what I have done wrong here. I understand that if I get an authentication error then accessDenied.xhtml will be diaplayed.
Not sure how it works for Authentication as I would still like to display accessDenied.xhtml.

Have I missed something. This is my first attempt at spring 3 security.

Mat
 
Mat Anthony
Ranch Hand
Posts: 259
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Miku,
made a slight mistake, i'm guarding the following method with role PERM_MY_2


The user currently has role PER_MY_1, hence wen he attempts to use the method getBike(Integer id)
I get a org.springframework.security.access.AccessDeniedException that is diplayed in the eclipse console.
I'm not sure how then get the accessDenied.xhtml page displayed or how to handle the expection.

Any ideas

Mat
 
Mat Anthony
Ranch Hand
Posts: 259
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
sorry for asking again, but Im desprate to solve this one.
Can anybody shine any light on what I'm doing wrong.

Mat
 
Mat Anthony
Ranch Hand
Posts: 259
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
I found a solution to this, just incase anybody had a similar problem.

It looks like access-denied-page does not work under spring3


Hence I had to create an accessDeniedHandler




I hope this helps any body who had a similar problem.

Mat
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic