How to handle the customize AccessDeniedException in the spring security.

[Sstwood]

This is my configure xml:

HTML Code:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

	<http auto-config="true">
		<custom-filter position="PRE_AUTH_FILTER" ref="myFilter" />
	</http>

	<beans:bean id="myFilter"
		class="com.sysatwork.keysafe.filter.IpAddressFilter">
                <beans:property name="validIPs" value="127.0.0.1" />
	</beans:bean>

	<authentication-manager />
</beans:beans>

And I throw AccessDeniedException in my filter if the ip is not valid. But the spring security did not handle this exception. It turns to my default 500 error page defined in my web.xml instead of turns to my default 403 error page.

Pls help me , Tks

[Rob Winch]

The ExcpetionTranslationFilter will only catch exceptions that happen after it in the FilterChain.

PS: if you haven't considered it already, you might look into using Spring Security's hasIpAddress.