Announcement Announcement Module
No announcement yet.
AbstractSecurityInterceptor beforeInvocation Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • AbstractSecurityInterceptor beforeInvocation

    I would like to redirect user to Access Denied Page whenever user is trying to go to an URL that is not configured within spring configuration file. i.e. Create a configuration where if by mistake or otherwise user is trying to go to an URL that is either not available within the application or is not configured with a role (authorities) then user should not be allowed to use the page and redirect to Access Denied Page. The same logic should apply for method execution using MethodSecurityInterceptor also.

    I am using Spring Security 2.0.4. I would like to use "rejectPublicInvocations=true" property of FilterSecurityInterceptor. It throws IllegalArgumentException in above situation instead of "AccessDeniedException". Therefore ExceptionTranslationFilter is not able to handle the Exception and instead the IllegalArgumentException is sent to end-user.

    I would like to know if my thinking of using "rejectPublicInvocations" is valid based on above situation. If not, can someone suggest an alternative way to do the same?

    I would appreciate some feedback on this issue.