31 March 2011

access-denied-handler doesn't redirect to page and display a 404 Page Not Found (for spring security 3.05)

Below i find 2 ways which probably(but not in all cases unfortunatelly) solve your problem with displaying page which you want istead "404 Page Not Found"

Remember: Error page is forwarded to not redirected.

Using applicationname-security.xml


in <security:http> tag add:
<security:access-denied-handler ref="AccessDeniedHandler" />

and add this bean (applicationname-security.xml)
<bean id="AccessDeniedHandler" class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
<property name="errorPage" value="/login.jsp"/>

<security:access-denied-handler error-page="/login.jsp" />
it is old depretched way to do it.

if this doesn't work and you using struts ,try add handling forwards to filter-mapping in web.xml


Still doesn't work?
Alternativly use can use this solution.

in web.xml

it worked for me)

Another common mistakes:

-Trying using solution from spring 2.x in spring 3.x (Not all of them working,for example solution with custom implementation of )
-wrong URL given to <property name="errorPage" value="/login.jsp"/>(for solution 1) or <location>/index.html</location> (for solutin 2)
- i suggest using spring security 3.0.5 or higher,because previous version has few bugs that cause some problem with <http> tag aread.

if you still has problem then ... use Apache shiro istead.
It is easier and more human friendly.

Look to:

btw.. I learning spring security at the moment and it is quite painful process... i feel like person 3 second before starts vomit .
Documentation is usable,but not too helpful.
Lack of good tutorial
Lack of useful example
I didn't find good book to spring security 3. (  Spring security 3 by  Peter Mularien has lots of good and useful information BUT has one major disadvantage ....examples are CRAP,because they based on spring petclinic example,so they are quite often lack of information about issues which can appear during implementation of spring security .)

this post need be updated.