AccessDeniedException not going to accessDenied.xhtml

Hi All,
I'm currently writting a spring 3 security app with jsf2.
I have setup my applicationContext_security.xml that contains:-

I have one of service method that I guard as follows:-
@RolesAllowed({"PERM_MY_1"})
public abstract Bike getBike(Integer id);

How do I get the accessDenied.xhtml page to be displayed if the user does not have PERM_MY_1

I have noticed the following example:-

Would I have to implement a DefaultMethodSecurityExpressionHandler and then some how direct a request to accessDenied.xhtml

Inside web.xml i have the followong:-

Not sure what approach to take.

Mat

Can you post your web.xml?

Hi Vyas,
the following is my web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
	id="WebApp_ID" version="2.5">
	<display-name>JSFSample</display-name>

<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
	<listener>
		<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
	</listener>
	
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>/WEB-INF/applicationContext*.xml</param-value>
	</context-param>

<context-param>
    	<param-name>javax.faces.PROJECT_STAGE</param-name>
    	<param-value>Development</param-value>
  	</context-param>

<context-param>
		<param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
		<param-value>true</param-value>
	</context-param>

<context-param>
		<param-name>com.sun.faces.expressionFactory</param-name>
		<param-value>com.sun.el.ExpressionFactoryImpl</param-value>
	</context-param>

<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
		<dispatcher>FORWARD</dispatcher>
		<dispatcher>REQUEST</dispatcher>
	</filter-mapping>

<servlet>
		<servlet-name>Faces Servlet</servlet-name>
		<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>
	<servlet-mapping>
		<servlet-name>Faces Servlet</servlet-name>
		<url-pattern>/faces/*</url-pattern>
		<url-pattern>*.xhtml</url-pattern>
	</servlet-mapping>
	
	
  <welcome-file-list>
		<welcome-file>faces/login.xhtml</welcome-file>
   </welcome-file-list>

<error-page>
        <exception-type>org.springframework.security.access.AccessDeniedException</exception-type>
        <location>/faces/failed.xhtml</location>
	</error-page>
	
	
</web-app>

I have <sec:debug /> set within applicationContext_security.xml and the following is displayed when I enter an incorrect password
org.springframework.security.access.AccessDeniedException: Access is denied

Since I'm guarding the following, how can I control what jsf is displayed to the user if the user does not have this role

Mat

hi,
Please check the security configuration properly.

Hi Miku,
not sure what I have done wrong here. I understand that if I get an authentication error then accessDenied.xhtml will be diaplayed.
Not sure how it works for Authentication as I would still like to display accessDenied.xhtml.

Have I missed something. This is my first attempt at spring 3 security.

Mat

Hi Miku,
made a slight mistake, i'm guarding the following method with role PERM_MY_2

The user currently has role PER_MY_1, hence wen he attempts to use the method getBike(Integer id)
I get a org.springframework.security.access.AccessDeniedException that is diplayed in the eclipse console.
I'm not sure how then get the accessDenied.xhtml page displayed or how to handle the expection.

Any ideas

Mat

Hi All,
sorry for asking again, but Im desprate to solve this one.
Can anybody shine any light on what I'm doing wrong.

Mat

Hi All,
I found a solution to this, just incase anybody had a similar problem.

It looks like access-denied-page does not work under spring3

Hence I had to create an accessDeniedHandler

I hope this helps any body who had a similar problem.

Mat