How To Redirect 403 Response To Friendly Page

[Ben Alex]

Yes, you can catch org.acegisecurity.AccessDeniedException as the MVC controller. The SecurityEnforcementFilter (which usually catches this exception) will never have it propagate up from the DispatcherServlet.

[adeveloper]

I mapped org.acegisecurity.AccessDeniedException in a exceptionResolver, but 403 does not get forwarded to the error page.

Can we use Spring settings or we need to use web.xml to forward to a particular jsp file in case of the 403 error?

[jorlokk]

have tried the /403.jsp too - that didn't work either. what actaully gets displayed is an auto-generated forbidden page..

if i hit the 403.jsp directly it does get displayed.

If the problem occours in IE, but not in other browsers - it's IE's pretty-error-print functionality that is the problem. Your error page is to small, it needs to be atleast 10kB (add a long comment to make it larger). Read more about the problem at:
http://www.hostedfaqs.com/123hosts/f...rror-pages.php

BTW: This is a reply to the web.xml solution with the errorcode/-page mapping.

- Jørgen Løkke -

[Ben Alex]

In 1.0.0 RC2 we refactored error handling into an ExceptionTranslationFilter, so take a look at that and see if it makes it easier for you to handle 403s in a custom manner.