Announcement Announcement Module
Collapse
No announcement yet.
custom 403 page Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • custom 403 page

    I have been struggling with creating a custom 403 page for several days now. As I understand it, this is done by setting the access-denied-page in the spring security config. So I set the access-denied-page to "/accessdenied" and "/accessdenied.jspx" Both return a blank page: saying "Requested Resource Not Found" even though I have a controller for /myapp/accessdenied and I also have the jspx file navigable at /myapp/accessdenied.jspx. Now if I hit the URLs directly, without going to a page restricted by roles, the pages render fine and I see my custom page. Any ideas? Here is my spring config:
    Code:
    
    	<!-- HTTP security configurations -->
        <http auto-config="true" use-expressions="true" create-session="always" access-denied-page="/accessdenied.jspx">
        	<session-management session-fixation-protection="newSession"/>
        	<form-login login-processing-url="/static/j_spring_security_check" 
        		login-page="/login" 
        		authentication-failure-url="/login?login_error=t"/>
            <logout logout-url="/logout" invalidate-session="true"/>
            
            <!-- Configure these elements to secure URIs in your application -->
            <intercept-url pattern="/special_role_restr/**" access="hasAnyRole('SELECTEDCLIENT-805','SELECTEDCLIENT-840','SELECTEDCLIENT-301','SELECTEDCLIENT-370')"/>
            <intercept-url pattern="/choices/**" access="hasRole('ROLE_ADMIN')"/>
            <intercept-url pattern="/admin/**" access="hasRole('ADMIN')"/>
            <intercept-url pattern="/member/**" access="isAuthenticated()" />
            <intercept-url pattern="/resources/**" access="permitAll" />
            <intercept-url pattern="/static/**" access="permitAll" />
            <intercept-url pattern="/login" access="permitAll" />
            <intercept-url pattern="/accessDenied" access="permitAll" />
            <intercept-url pattern="/**" access="isAuthenticated()" />
        </http>
    
    	<!-- Configure Authentication mechanism -->
         <authentication-manager alias="authenticationManager">
            <authentication-provider ref="itxJPAAuthenticationProviderService"/>
    	 </authentication-manager>

  • #2
    Are you on the latest version of Spring Security? If you are not try updating to the latest version. Is there a Filter involved in rendering your views (i.e. UrlRewriteFilter)? The error page will be forwarded to so any Filter that process your access denied page need to process a forward too. If you search for UrlRewriteFilter, you will find a number of threads describing how you can remove UrlRewriteFilter if you are only using it for restful URLs with Spring MVC (hint look at the Spring MVC Showcase for an example of this). Have you tried enabling logging? What do the logs look like? What does your web.xml look like?

    Comment


    • #3
      here is the web.xml:

      Code:
      <?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
      <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.4" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
      
          
          <display-name>myapp</display-name>
          
          <description>Roo generated myapp application</description>
      
          
          <!-- Enable escaping of form submission contents -->
          <context-param>
              <param-name>defaultHtmlEscape</param-name>
              <param-value>true</param-value>
          </context-param>
          
          <context-param>
              <param-name>contextConfigLocation</param-name>
              <param-value>classpath*:META-INF/spring/applicationContext*.xml</param-value>
          </context-param>
          
          <filter>
              <filter-name>CharacterEncodingFilter</filter-name>
              <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
              <init-param>
                  <param-name>encoding</param-name>
                  <param-value>UTF-8</param-value>
              </init-param>
              <init-param>
                  <param-name>forceEncoding</param-name>
                  <param-value>true</param-value>
              </init-param>
          </filter>
          
           <filter>
             <filter-name>ctxAwareResourceFilter</filter-name>
              <filter-class>net.youngdev.util.jee.AppContextAwareResourceFilter</filter-class>
          <!--     <init-param>
                  <param-name>replaceable-1</param-name>
                  <param-value>/sanddollar</param-value>
              </init-param>
              <init-param>
                  <param-name>replaceable-2</param-name>
                  <param-value>/sd</param-value>
              </init-param>-->
              <!-- notice that there is no param for ${pageContext['request'].contextPath}.  That
              is automatically added whether it is specified or not -->
          </filter>
          
          <filter>
               <filter-name>sitemesh</filter-name>
               <filter-class> com.opensymphony.module.sitemesh.filter.PageFilter</filter-class>
          </filter>
          
          <filter>
              <filter-name>HttpMethodFilter</filter-name>
              <filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
          </filter>
          
          
          
          <filter>
              <filter-name>springSecurityFilterChain</filter-name>
              <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
          </filter>
          <filter>
              <filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
              <filter-class>org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter</filter-class>
          </filter>
          
          <filter-mapping>
              <filter-name>ctxAwareResourceFilter</filter-name>
              <url-pattern>*.js</url-pattern>
          </filter-mapping>
          <filter-mapping>
              <filter-name>ctxAwareResourceFilter</filter-name>
              <url-pattern>*.css</url-pattern>
          </filter-mapping>
          
          <filter-mapping>
              <filter-name>CharacterEncodingFilter</filter-name>
              <url-pattern>/*</url-pattern>
          </filter-mapping>
          
      
          
          <filter-mapping>
              <filter-name>HttpMethodFilter</filter-name>
              <url-pattern>/*</url-pattern>
          </filter-mapping>
      
          
          
          <filter-mapping>
              <filter-name>springSecurityFilterChain</filter-name>
              <url-pattern>/*</url-pattern>
          </filter-mapping>
          <filter-mapping>
              <filter-name>sitemesh</filter-name>
              <url-pattern>/*</url-pattern>                            
              <dispatcher>FORWARD</dispatcher> 
      		<dispatcher>REQUEST</dispatcher> 
      		<dispatcher>ERROR</dispatcher> 
          </filter-mapping>
          <filter-mapping>
              <filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
              <url-pattern>/*</url-pattern>
          </filter-mapping>
          
          <!-- Creates the Spring Container shared by all Servlets and Filters -->
          <listener>
              <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
          </listener>
          
          <!-- Handles Spring requests -->
          <servlet>
              <servlet-name>myapp</servlet-name>
              <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
              <init-param>
                  <param-name>contextConfigLocation</param-name>
                  <param-value>/WEB-INF/spring/webmvc-config.xml</param-value>
              </init-param>
              <load-on-startup>1</load-on-startup>
          </servlet>
          
          <servlet-mapping>
              <servlet-name>myapp</servlet-name>
              <url-pattern>/</url-pattern>
          </servlet-mapping>
          
          <session-config>
              <session-timeout>10</session-timeout>
          </session-config>
          
          <error-page>
              <exception-type>java.lang.Exception</exception-type>
              <location>/uncaughtException</location>
          </error-page>
          
          <error-page>
              <error-code>404</error-code>
              <location>/resourceNotFound</location>
          </error-page>
      </web-app>

      Comment


      • #4
        nevermind. I added an error page for code 403 and suddenly all is well. go figure

        Comment


        • #5
          Error page

          Hello you have only created a page entitled 403 and it works fine I am having also this problem can you explain clearly how you solve it am actually using spring roo and application is not working because of this :S

          Comment


          • #6
            Add the following line to your web.xml:
            Code:
                 <error-page>
                    <error-code>403</error-code>
                    <location>/accessDenied</location>
                </error-page>
            Where /accessDenied is a controller method that resolves from http://mydomain.com:8080/myapp/accessDenied

            Comment


            • #7
              Error

              hello thanks for replying ..I should create a controller which maps to this page that I should create and add it to web .xml it is it?

              Comment

              Working...
              X