Announcement Announcement Module
Collapse
No announcement yet.
Error using custom 403 error page Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Error using custom 403 error page

    I have two user roles, USER and ADMIN.

    I have several pages, that USERs should see in the menu, but when they try to access the page, they should be redirected to the login page.

    I tried it two ways, neither of which works:

    1.) I tried the <error-page>-element:
    Code:
    <error-page>
    	<error-code>403</error-code>
    	<location>/login</location>
    </error-page>
    Error: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'error-page'.

    2.)
    Code:
    <access-denied-handler error-page="/login"/>
    Code:
    Error: Line 24 in XML document from class path resource [web.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content was found starting with element 'access-denied-handler'. One of '{"http://www.springframework.org/schema/security":intercept-url, "http://www.springframework.org/schema/security":form-login, "http://www.springframework.org/schema/security":openid-login, "http://www.springframework.org/schema/security":x509, "http://www.springframework.org/schema/security":http-basic, "http://www.springframework.org/schema/security":logout, "http://www.springframework.org/schema/security":concurrent-session-control, "http://www.springframework.org/schema/security":remember-me, "http://www.springframework.org/schema/security":anonymous, "http://www.springframework.org/schema/security":port-mappings}' is expected.
    Any help appreciated!

    Thanks!

  • #2
    1. Is only valid in web.xml
    2. The validity depends on where you are using it and the version of Spring Security you are using. Make sure you are using the correct schema (matching the Spring Security version) and use a decent XML editor to validate as you type and provide contextual information on available elements and attributes.

    Comment


    • #3
      Thanks. I solved it with:

      Code:
      <http auto-config="true" access-denied-page="/denied">
      in my web.xml.

      But now there's another problem. Instead of showing the denied-page, I'll get a 404-message:

      Code:
      HTTP ERROR 404
      
      Problem accessing /denied. Reason:
      
          NOT_FOUND
      When I access /denied directly, it is shown without any problems?

      Thanks again.

      Comment


      • #4
        Fixed that too by changing the filter mapping:

        Code:
            <filter-mapping>
                <filter-name>app</filter-name>
                <url-pattern>/*</url-pattern>
                <dispatcher>REQUEST</dispatcher>
                <dispatcher>ERROR</dispatcher>
            </filter-mapping>

        Comment


        • #5
          Originally posted by springinaction View Post
          Thanks. I solved it with:

          Code:
          <http auto-config="true" access-denied-page="/denied">
          in my web.xml.
          For the benefit of anyone reading this thread for guidance, the above change would have been in the Spring Security config file, not in web.xml.

          Comment

          Working...
          X