StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POSpring 3 Security: AccessDeniedHandler is not being invoked
text
Body
copied!<p>I have a spring 3 application with the configurations given below. When any user tries to access a page and he/she isn't logged in, I get an <strong>Access is Denied</strong> exception with an ugly stack trace. How do I handle this exception and not let it dump out a stack trace. I implemented my own access-denied-handler but that doesn't get invoked. </p> <p>Based on the type of the requested resource, I would like to show custom error messages or pages. Here is my spring configuration. </p> <p>How do I get Spring to invoke my access-denied-handler . Here is my spring configuration</p> <pre><code> <security:http auto-config='true'> <security:intercept-url pattern="/static/**" filters="none"/> <security:intercept-url pattern="/login" filters="none"/> <security:intercept-url pattern="/**" access="ROLE_USER" /> <security:form-login login-page="/index" default-target-url="/home" always-use-default-target="true" authentication-success-handler-ref="AuthenticationSuccessHandler" login-processing-url="/j_spring_security_check" authentication-failure-url="/index?error=true"/> <security:remember-me key="myLongSecretCookieKey" token-validity-seconds="1296000" data-source-ref="jdbcDataSource" user-service-ref="AppUserDetailsService" /> <security:access-denied-handler ref="myAccessDeniedHandler" /> </security:http> <bean id="myAccessDeniedHandler" class="web.exceptions.handlers.AccessDeniedExceptionHandler"> <property name="errorPage" value="/public/403.htm" /> </bean> </code></pre> <p>The custom class for handling this exception is given below</p> <pre><code>public class AccessDeniedExceptionHandler implements AccessDeniedHandler { private String errorPage; @Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException arg2) throws IOException, ServletException { response.sendRedirect(errorPage); } public void setErrorPage(String errorPage) { if ((errorPage != null) && !errorPage.startsWith("/")) { throw new IllegalArgumentException("errorPage must begin with '/'"); } this.errorPage = errorPage; } } </code></pre> <p>When I run this application, this is the error that I get. I am only pasting a part of the stacktrace and the Spring Debug logs. </p> <pre><code>20:39:46,173 DEBUG AffirmativeBased:53 - Voter: org.springframework.security.access.vote.RoleVoter@5b7da0d1, returned: -1 20:39:46,173 DEBUG AffirmativeBased:53 - Voter: org.springframework.security.access.vote.AuthenticatedVoter@14c92844, returned: 0 20:39:46,178 DEBUG ExceptionTranslationFilter:154 - Access is denied (user is anonymous); redirecting to authentication entry point org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:204) </code></pre> <p>How do I fix this problem? Firstly, I want to stop spring from Throwing that exception. If it still throws it, I want to handle it and not raise any flags. </p> <p>Update: I have attached a part of my web.xml as well. </p> <pre><code> <filter> <filter-name>HibernateFilter</filter-name> <filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class> </filter> <filter-mapping> <filter-name>HibernateFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>FORWARD</dispatcher> <dispatcher>REQUEST</dispatcher> </filter-mapping> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>  <servlet> <servlet-name>rowz</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload