Announcement Announcement Module
Collapse
No announcement yet.
HTTP 404 on accessDenied (Spring security 2.0.6) Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • HTTP 404 on accessDenied (Spring security 2.0.6)

    Dear All,

    I managed to configure Spring security 2.0.6 with Spring 2.5.6 and until now every thing
    is working fine except the accessDenied.jsp page for which I get HTTP 404 error.

    The access security detects when an authenticated user tries to get into a denied Url but
    the accessDenied.jsp page is never displayed (/myapp/accessDenied.jsp : HTTP 404).

    When I enter the desired Url (/myapp/accessDenied.jsp) directly, the page is displayed.

    After many searches in Spring forums, all the solutions given didn't work for me.

    I would be very grateful if you can help me solving this issue.

    N.B. : We can not migrate to Spring Security 3 as proposed in some threads.

    Thanks to all,
    Younes.
    Here is my conf :
    applicationContext-security.xml
    ----------------------------------------------
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
     <beans:beans xmlns="http://www.springframework.org/schema/security"
        xmlns:beans="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
                             http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                            http://www.springframework.org/schema/security
                             http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
     
    	<global-method-security secured-annotations="enabled"/>
     
     	<!-- access-denied-page="/accessDenied.jsp" -->
        <http auto-config="true" access-denied-page="/accessDenied.jsp">
            <intercept-url pattern="/login.jsp*" filters="none"/>
            <intercept-url pattern="/admin/**.do" access="ROLE_ADMIN"/>
            <intercept-url pattern="/sysadmin/**.do" access="ROLE_SYSTEM_ADMIN"/>
            <intercept-url pattern="/monitoring/**.do" access="ROLE_USER,ROLE_ADMIN,ROLE_SYSTEM_ADMIN"/>
            <intercept-url pattern="/**.do" access="ROLE_USER,ROLE_ADMIN,ROLE_SYSTEM_ADMIN"/>
        	<form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1" default-target-url="/main.do" always-use-default-target="true"/>
        	<logout logout-success-url="/main.do"/>
        	<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true" />
        	
        </http>
               
        <authentication-provider user-service-ref="myappDetailsService"/>
        
        <beans:bean id="myappDetailsService" class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl"> 
        	<beans:property name="dataSource" ref="dataSource"/>
        	<beans:property name="usersByUsernameQuery" 
        			  value="select use_login as username, use_password as password, use_actif as enabled, use_nom, use_prenom from brs_user where use_login=?"/>
        	<beans:property name="authoritiesByUsernameQuery" 
        			  value="
    						select username,role
    						from
    						((select use_login as username,'ROLE_USER' as role from brs_user
    						  where use_role_user=1)
    						  union
    						(select use_login as username,'ROLE_ADMIN' as role from brs_user
    						  where use_role_admin=1)
    						union
    						(select use_login as username,'ROLE_SYSTEM_ADMIN' as role from brs_user
    						  where use_role_sys_admin=1)) userRoles
    						where userRoles.username=?"/>
    	</beans:bean>  
    </beans:beans>
    web.xml
    ------------
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    
    <web-app version="2.4"
             xmlns="http://java.sun.com/xml/ns/j2ee"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
             http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" >
    
    	<context-param>
    		<param-name>contextConfigLocation</param-name>
    		<param-value>
    			/WEB-INF/applicationContext-hib.xml
    			/WEB-INF/applicationContext-security.xml
    		</param-value>		
    	</context-param>
    	
      <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
      </listener>
    
      <servlet>
        <servlet-name>app</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
      </servlet>
    
      <servlet-mapping>
        <servlet-name>app</servlet-name>
        <url-pattern>*.do</url-pattern>
      </servlet-mapping>
      
      <welcome-file-list>
        <welcome-file>
          index.jsp
        </welcome-file>
      </welcome-file-list>
    
      <jsp-config>
        <taglib>
          <taglib-uri>/spring</taglib-uri>
          <taglib-location>/WEB-INF/tld/spring-form.tld</taglib-location>
        </taglib>
      </jsp-config>
      <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
      </filter>  	
      <filter-mapping>
          <filter-name>springSecurityFilterChain</filter-name>
          <url-pattern>/*</url-pattern>
      </filter-mapping>
      <listener>
    		<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
      </listener>
    </web-app>

  • #2
    See SEC-1606 for the issue that you are dealing with. Since you cannot update you will have to use the workaround posted on the issue.

    Comment


    • #3
      Dear rwinch,
      I applyed the workaround from issue SEC-1606 as you proposed and it worked fine.
      thanks

      Comment

      Working...
      X