Announcement Announcement Module
Collapse
No announcement yet.
access-denied-page & url Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • access-denied-page & url

    I put this at security context
    Code:
    <http auto-config='true' access-denied-page="/home.action">
    When access is denied for user, it redirects him to home page, but the url address in address bar at browser doesn't change for /home.action. What should I do to correct this? The controller, which processes requests to home.action, extends AbstractController.

  • #2
    you could try to add "redirect:" before your url (so it becomes "redirect:/home.action")

    Comment


    • #3
      Nope, IllegalArgumentException will throw then. It should begin with "/".

      Comment


      • #4
        you are right.

        The <http>-tag creates a ExceptionTranslationFilter and this filter uses by default a org.springframework.security.ui .AccessDeniedHandlerImpl

        The javadoc of that AccessDeniedHandler states:

        This implementation sends a 403 (SC_FORBIDDEN) HTTP error code. In addition, if a errorPage is defined, the implementation will perform a request dispatcher "forward" to the specified error page view
        So to have the behaviour that you want, you could implement your own AccessDeniedHandler

        And then declare an ExceptionTranslationFilter that uses your AccessDeniedHandler.

        An inconvenience is that the <http>-tag doesn't let you specify another ExceptionHandlerFilter this means you need to manually create you security configuration (filterchain, etc)

        Comment


        • #5
          Alternatively just use an MVC controller which handles the URL and does whatever you want.

          Support for a custom AccessDeniedHandler is already part of completed roadmap for Spring Security 3.0:

          http://jira.springsource.org/browse/SEC-1100

          Comment


          • #6
            Thanks for answers!

            Comment

            Working...
            X