Announcement Announcement Module
No announcement yet.
change Acegi's default access denied behavior Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • change Acegi's default access denied behavior

    I've inherited a project that makes heavy use of Acegi. When a user does not have the proper permissions to execute a secured method Acegi seems to be returning a 403 HTTP response to the browser. What I would like to happen instead is that the user receives a friendly page telling them why they couldn't perform the action they just attempted. I don't want to have a generic 403 page that all 403 errors get redirected to. I want to provide the user with a useful error message within the same part of the application.
    For example, if they are trying to edit a user, and they don't have edit user permissions then they should still be on the edit user page, with an error message stating, "We're sorry, but you do not have permission to edit this user. Please see your administrator if you believe you should have this permission." or some such.
    Any thoughts on the best way to go about this?

  • #2
    Can't you simply write your own AccessDeniedHandler?


    • #3
      Is that the only way to accomplish this?