Announcement Announcement Module
Collapse
No announcement yet.
access-denied-page not working Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • access-denied-page not working

    Hi all, I have a problem with the redirection after checking the access rules..this is my securty conf file:

    Code:
    ....	
    <!-- This is where we configure Spring-Security  -->
    	<security:http auto-config="true" use-expressions="true" access-denied-page="/auth/denied" >
    	
    		<security:intercept-url pattern="/auth/login" access="permitAll"/>
    		<security:intercept-url pattern="/test" access="hasRole('ROLE_USER')"/>
    		
    		<!-- Adding the openid-login tag activates Spring Security's support for OpenID  -->
    		<security:openid-login
    				login-page="/auth/login" 
    				authentication-failure-url="/auth/login?error=true"
    				authentication-success-handler-ref="postSuccessAuthHandler"/>
    			
    		<security:logout 
    				invalidate-session="true" 
    				logout-success-url="/auth/_logout" 
    				logout-url="/auth/logout"/>
    	
    	</security:http>
    	
    	<bean id="postSuccessAuthHandler" class="util.PostSuccessfulAuthenticationHandler">
    		<property name="defaultTargetUrl" value="/home"></property>
    	</bean> 
    ....
    the problem is that I can't access to the page /test without login, then it works, but when I'm not logged it is redirecting me to /auth/login instead of /auth/denied....
    why?!
    Thanks in advance...

  • #2
    This is expected behavior. What were you expecting to happen (perhaps someone can assist you on getting this setup)? The redirect to the login page occurs because you have not been authenticated so the application is giving the user a chance to login. For exmple, if you go to gmail.com and are not logged in it does give an access denied page it gives a login screen. The access denied page will be displayed if the user is logged in but does not have permission to view the page (i.e. the page requires ROLE_ADMIN and only has ROLE_USER).

    Comment


    • #3
      yep...you're right...I understood it after some tests!thanks for your reply...it was working too much good...
      I am approaching right now to spring security and this problems happen because I didn't read documentation well...sometimes it's useful read it with accuracy before putting hands on!
      Thank you again

      Comment

      Working...
      X