Reputation: 901
Spring Security Access Denied logging with missing role
Is there an out of the box solution for a access denied logging in spring security. What I want is basically show which role the user is missing when he gets the access denied exception.
If not, and I have to go down the path of having my own accesssDeniedHandler, how can I access the role configured on that controller which throwed access denied exception.
Thanks!
Upvotes: 5
Views: 960
Answers (1)
Reputation: 22742
No, there is no concept of "missing roles" out of the box.
Access denied events are published through Spring's standard event mechanism and you can use an ApplicationListener to subscribe to these, but there is no assumption that an access decision is purely based on roles in Spring Security. To achieve that, you would need to customize the AccessDecisionManager implementation to log information on how it arrived at a particular decision.
The AccessDeniedHandler isn't really relevant in this case.
Upvotes: 2
Related Questions
- Spring security shows access denied for valid user
- Spring security doesn't match a given role
- Why the application does not see the Roles in Spring Security (Forbidden)
- How to fix role in Spring Security?
- Spring Security Logging Access Denied Exception
- Spring Security 403 error when access with role JAVA
- Java Spring Security unrecognised roles
- Spring security 4 : Access denied on providing roles
- Spring Security access denied roles or what else?
- spring security roles issues