31 March 2011

access-denied-handler doesn't redirect to page and display a 404 Page Not Found (for spring security 3.05)

Below i find 2 ways which probably(but not in all cases unfortunatelly) solve your problem with displaying page which you want istead "404 Page Not Found"


Remember: Error page is forwarded to not redirected.


Using applicationname-security.xml

1)

in <security:http> tag add:
<security:access-denied-handler ref="AccessDeniedHandler" />

and add this bean (applicationname-security.xml)
<bean id="AccessDeniedHandler" class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
<property name="errorPage" value="/login.jsp"/>
</bean>


DO NOT USE :
<security:access-denied-handler error-page="/login.jsp" />
it is old depretched way to do it.

if this doesn't work and you using struts ,try add handling forwards to filter-mapping in web.xml

<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>


Still doesn't work?
Alternativly use can use this solution.

in web.xml

<error-page>
<error-code>404</error-code>
<location>/index.html</location>
</error-page>
it worked for me)

Another common mistakes:

-Trying using solution from spring 2.x in spring 3.x (Not all of them working,for example solution with custom implementation of )
-wrong URL given to <property name="errorPage" value="/login.jsp"/>(for solution 1) or <location>/index.html</location> (for solutin 2)
- i suggest using spring security 3.0.5 or higher,because previous version has few bugs that cause some problem with <http> tag aread.

if you still has problem then ... use Apache shiro istead.
It is easier and more human friendly.

Look to:
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/springsecurity-single.html#nsa-http
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/springsecurity-single.html#ns-getting-started


btw.. I learning spring security at the moment and it is quite painful process... i feel like person 3 second before starts vomit .
Documentation is usable,but not too helpful.
Lack of good tutorial
Lack of useful example
I didn't find good book to spring security 3. (  Spring security 3 by  Peter Mularien has lots of good and useful information BUT has one major disadvantage ....examples are CRAP,because they based on spring petclinic example,so they are quite often lack of information about issues which can appear during implementation of spring security .)

NOTE TO MYSELF
this post need be updated.