Error using custom 403 error page

**springinaction** · Nov 25th, 2009, 02:31 AM

I have two user roles, USER and ADMIN.

I have several pages, that USERs should see in the menu, but when they try to access the page, they should be redirected to the login page.

I tried it two ways, neither of which works:

1.) I tried the <error-page>-element:

Code:

<error-page>
	<error-code>403</error-code>
	<location>/login</location>
</error-page>

Error: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'error-page'.

2.)

Code:

<access-denied-handler error-page="/login"/>

Code:

Error: Line 24 in XML document from class path resource [web.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content was found starting with element 'access-denied-handler'. One of '{"http://www.springframework.org/schema/security":intercept-url, "http://www.springframework.org/schema/security":form-login, "http://www.springframework.org/schema/security":openid-login, "http://www.springframework.org/schema/security":x509, "http://www.springframework.org/schema/security":http-basic, "http://www.springframework.org/schema/security":logout, "http://www.springframework.org/schema/security":concurrent-session-control, "http://www.springframework.org/schema/security":remember-me, "http://www.springframework.org/schema/security":anonymous, "http://www.springframework.org/schema/security":port-mappings}' is expected.

Any help appreciated!

Thanks!

**Luke Taylor** · Nov 25th, 2009, 04:22 AM

1. Is only valid in web.xml
2. The validity depends on where you are using it and the version of Spring Security you are using. Make sure you are using the correct schema (matching the Spring Security version) and use a decent XML editor to validate as you type and provide contextual information on available elements and attributes.

**springinaction** · Nov 25th, 2009, 05:34 AM

Thanks. I solved it with:

Code:

<http auto-config="true" access-denied-page="/denied">

in my web.xml.

But now there's another problem. Instead of showing the denied-page, I'll get a 404-message:

Code:

HTTP ERROR 404

Problem accessing /denied. Reason:

    NOT_FOUND

When I access /denied directly, it is shown without any problems?

Thanks again.

**springinaction** · Nov 26th, 2009, 06:47 AM

Fixed that too by changing the filter mapping:

Code:

    <filter-mapping>
        <filter-name>app</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>ERROR</dispatcher>
    </filter-mapping>

**Andrew Swan** · Feb 7th, 2010, 08:32 PM

Originally Posted by springinaction

Thanks. I solved it with:

Code:

<http auto-config="true" access-denied-page="/denied">

in my web.xml.

For the benefit of anyone reading this thread for guidance, the above change would have been in the Spring Security config file, not in web.xml.

Thread: Error using custom 403 error page

Thread Tools

Display

Hybrid View

Error using custom 403 error page

Posting Permissions