Announcement Announcement Module
Collapse
No announcement yet.
What's available after access denied? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • What's available after access denied?

    I haven't dug too deep into this yet, but I was wonder what information was still available after an "Access Denied" decision? Is the Authentication object still available?

    Reason being, I want to log in the database the fact that someone attempted to access a loction they were not granted access to.

    My gut tells me the authentication object is still there, but I just wanted to get some confirmation.

    Thanks,
    Patrick

  • #2
    Re: What's available after access denied?

    Originally posted by pburleson
    I haven't dug too deep into this yet, but I was wonder what information was still available after an "Access Denied" decision? Is the Authentication object still available?

    Reason being, I want to log in the database the fact that someone attempted to access a loction they were not granted access to.

    My gut tells me the authentication object is still there, but I just wanted to get some confirmation.

    Thanks,
    Patrick
    Well, my gut was wrong...I see that the Authentication object is removed from the SecureContext before giving an access denied error.

    Hmm, is the Authenticated object still in the "Well Known Location" in the session? Somewhat of a rhetorical question as I'm about to find out.

    Patrick

    Comment


    • #3
      Yes, the Authentication will still be available in the well-known location.

      I've added to my TODO list to put the AccessDeniedException into the HttpSession, so you can display the line number etc on the SC_FORBIDDEN (403) page.

      Comment


      • #4
        Thanks Ben.

        I probably shouldn't have even asked the question without experimenting a little. I was definitely able to get the Authentication object.

        Patrick

        Comment


        • #5
          I've just committed this change to SecurityEnforcementFilter to CVS.

          Comment

          Working...
          X