CODEWITHSUNDEEP
springspring-security
Richie
Richie

Reputation: 5199

spring security 404 for access-denied-handler

I'm trying to set up my spring mvc webapp to use the spring access-denied-handler but can't get it to catch the errors. Using my configurations it looks like spring is fowarding to the access denied handler but for some reason when my access denied handler is executed I get a 404 not found. HTTP Status 404 - /accessDenied.

Can someone please help me to find out what might be going wrong here? I definitely have a jsp named accessDenied.jsp


<!-- Resources -->
<intercept-url pattern="/resources/css/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/resources/images/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/resources/js/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />

<!-- Pages -->  
<intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/accessDenied" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/welcome" access="ROLE_LEVEL7" />
<intercept-url pattern="/priceOverride" access="ROLE_LEVEL7" /> 

<!-- Error handlers -->
<access-denied-handler ref="accessDeniedHandler" />

Then in my mvc-dispatcher-servlet...

    <context:component-scan base-package="com.company.reporting.controller" />
   <bean id="accessDeniedHandler" 
        class="com.company.reporting.handler.ReportingAccessDeniedHandler">
        <property name="accessDeniedUrl" value="/accessDenied" />
   </bean>
    <bean
        class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="prefix">
            <value>/WEB-INF/pages/</value>
        </property>
        <property name="suffix">
            <value>.jsp</value>
        </property>
    </bean>
    <mvc:resources mapping="/resources/**" location="/resources/" />    
    <mvc:annotation-driven />

enter image description here

thanks

Upvotes: 1

Views: 2002

Answers (2)

Richie
Richie

Reputation: 5199

I've decided that I did not need to override the default access denied handler. So instead of implementing a handler all I did was to add this inside my security config...

<access-denied-handler error-page="/accessDenied.htm"/>

Upvotes: 0

Oleksii Duzhyi
Oleksii Duzhyi

Reputation: 1223

Creating accessDeniedHandler bean is not enough. This bean will just redirect you request to /accessDenied URL. You should also create AccessDeniedController (or name it smth like that) with following code:

@Controller
public class AccessDeniedController {

    @RequestMapping(value = "/accessDenied")
    public String handleAccessDenied(){
        return "accessDenied";
    }
}

and put it to your "com.company.reporting.controller" package.

Upvotes: 1

Related Questions