Support for more than one access denied handler.

[btravis]

Is there a strategy or implementation in spring security to support more than one access denied handler? I did not see a way to do so with anything existing but thought I would ping the forum for ideas.

For our application we have both ajax and traditional web MVC patterns. For the ajax handling we are expecting a JSON response which has client side exception handling and for HTTP GET open window flows a custom access denied view will be rendered.

Currently we are thinking to create and register a custom AccessDeniedHandler which uses a factory pattern based on URL matching patterns to delegate to the correct handler. It would be great if I could just declare this on the interceptor-url definitions.

[arthomps]

Is there a strategy or implementation in spring security to support more than one access denied handler? I did not see a way to do so with anything existing but thought I would ping the forum for ideas.

For our application we have both ajax and traditional web MVC patterns. For the ajax handling we are expecting a JSON response which has client side exception handling and for HTTP GET open window flows a custom access denied view will be rendered.

Currently we are thinking to create and register a custom AccessDeniedHandler which uses a factory pattern based on URL matching patterns to delegate to the correct handler. It would be great if I could just declare this on the interceptor-url definitions.

Typically with AJAX, you need to write some client side code if you want to do a redirect. Have you considered writing that code to be triggered by the http response code?