Announcement Announcement Module
No announcement yet.
AccessDeniedException customised error page Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • AccessDeniedException customised error page


    I have a small problem which is bugging me when using Acegi. Whenever a user attempts to access a page which
    he/she is not authorised an AccessDeniedException is being thrown. I understand that using SecurityEnforcementFilter
    it will catches the exception and set response status to 403 SC_FORBIDDEN.

    Problem: I set a 403 error-page handling in web.xml and expect my customised 403 error page to be displayed whenever
    an unauthorised user try to access a page. However, it never display my customised 403 error page but it display
    the webserver default 403 error page.

    I'm using Spring MVC and Tomcat 5.0.19 and Spring 1.2.2.

    Note: this is quite similar to where
    the user uses tapestry and is having similar problem.

    1. Is this a common problem?
    2. Is there anyway for me to display my customised page without any code modification?

    Thanks in advanced.
    Last edited by robyn; May 14th, 2006, 08:36 PM.

  • #2
    I cannot reproduce this problem. I just checked into CVS a modification to Contacts Sample Filter web.xml which uses a 403 successfully with a custom error page. So, it should "just work" with something like:



    • #3
      Customized error page

      I have also come across the same problem. I'm working with a very simple POC app. I'm just hitting JSPs - haven't even introduced an MVC.

      I'm using Tomcat 5.0.28. When I try to hit the error page directly, I'm able (this validates that the error page can be accessed anonymously). Also, I tried the same authorization failure test in IE 6.0 and Firefox 1.0.7. Firefox behaves perfectly (I get my error page); IE shows the IE 403(Forbidden) page.


      • #4
        It's an IE bug. The 403 error page must be at least 512 bytes. What I did to get around it was add a html comment with a few hundred bytes.

        <!-- aaaaaaaa ... zzzzzzzzz -->