This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Spring and the fly likes AccessDeniedException not going to accessDenied.xhtml Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "AccessDeniedException not going to accessDenied.xhtml" Watch "AccessDeniedException not going to accessDenied.xhtml" New topic
Author

AccessDeniedException not going to accessDenied.xhtml

Mat Anthony
Ranch Hand

Joined: May 21, 2008
Posts: 232
Hi All,
I'm currently writting a spring 3 security app with jsf2.
I have setup my applicationContext_security.xml that contains:-



I have one of service method that I guard as follows:-
@RolesAllowed({"PERM_MY_1"})
public abstract Bike getBike(Integer id);

How do I get the accessDenied.xhtml page to be displayed if the user does not have PERM_MY_1

I have noticed the following example:-


Would I have to implement a DefaultMethodSecurityExpressionHandler and then some how direct a request to accessDenied.xhtml

Inside web.xml i have the followong:-


Not sure what approach to take.

Mat


Vyas Sanzgiri
Ranch Hand

Joined: Jun 16, 2007
Posts: 686

Can you post your web.xml?


===Vyas Sanzgiri===
My Blog
Mat Anthony
Ranch Hand

Joined: May 21, 2008
Posts: 232
Hi Vyas,
the following is my web.xml


I have <sec:debug /> set within applicationContext_security.xml and the following is displayed when I enter an incorrect password
org.springframework.security.access.AccessDeniedException: Access is denied

Since I'm guarding the following, how can I control what jsf is displayed to the user if the user does not have this role



Mat



Miku Ranjan
Ranch Hand

Joined: Oct 11, 2011
Posts: 98
hi,
Please check the security configuration properly.
Mat Anthony
Ranch Hand

Joined: May 21, 2008
Posts: 232
Hi Miku,
not sure what I have done wrong here. I understand that if I get an authentication error then accessDenied.xhtml will be diaplayed.
Not sure how it works for Authentication as I would still like to display accessDenied.xhtml.

Have I missed something. This is my first attempt at spring 3 security.

Mat
Mat Anthony
Ranch Hand

Joined: May 21, 2008
Posts: 232
Hi Miku,
made a slight mistake, i'm guarding the following method with role PERM_MY_2


The user currently has role PER_MY_1, hence wen he attempts to use the method getBike(Integer id)
I get a org.springframework.security.access.AccessDeniedException that is diplayed in the eclipse console.
I'm not sure how then get the accessDenied.xhtml page displayed or how to handle the expection.

Any ideas

Mat
Mat Anthony
Ranch Hand

Joined: May 21, 2008
Posts: 232
Hi All,
sorry for asking again, but Im desprate to solve this one.
Can anybody shine any light on what I'm doing wrong.

Mat
Mat Anthony
Ranch Hand

Joined: May 21, 2008
Posts: 232
Hi All,
I found a solution to this, just incase anybody had a similar problem.

It looks like access-denied-page does not work under spring3


Hence I had to create an accessDeniedHandler




I hope this helps any body who had a similar problem.

Mat
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: AccessDeniedException not going to accessDenied.xhtml
 
Similar Threads
RequestDispatcher null - cant find /j_spring_security_check
applicationContext.xml - Can not find definition for element 'beans'
No AuthenticationEntryPoint could be established
AccessDeniedExceptionHandler handle method never called
Error getting Spring security 2 to set up in Spring 2.5