Spring Security redirect to error page

**Generic1** · Nov 7th, 2010, 12:06 PM

Hello,

I would have a question to the redirection if an access to a resource fails.
In my Spring Application, if I login with "user1", I can access editProfile.htm and home.htm and if I login with "user2", than I only can access editProfile.htm but I can't access home.htm.
This all works very well but if I'am logged in with "user2" and I click the "home.htm" link at the JSP "editProfile.htm" than I get the Firefox- Page:
HTTP Status 404 - /SpringSecurityTest/WEB-INF/jsp/home.jsp -> instead of this page I would like to show the "error.htm" page but this doesn't work.
Does anyone know what I am doing wrong in the Spring Security config file.
Thanks a lot and all the best,
Generic1

HTML Code:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xmlns:aop="http://www.springframework.org/schema/aop"
           xsi:schemaLocation="http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
            http://www.springframework.org/schema/aop
            http://www.springframework.org/schema/aop/spring-aop-2.0.xsd">

     <bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
        <property name="filterInvocationDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                /**=httpSessionIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
            </value>
        </property>
    </bean>

    <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
        <property name="providers">
            <list>
                <ref bean="authenticationProvider" />
            </list>
        </property>
    </bean>
    
    <bean id="authenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
        <property name="userDetailsService" ref="authenticationDao" />
    </bean>

    <bean id="authenticationDao" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
        <property name="userMap">
            <value>
                user1=pwd1,ROLE_ADMIN,ROLE_USER
                user2=pwd2,ROLE_USER
            </value>
        </property>
    </bean>

<!--///////////////////////////////////////////////////////////////////////////////////////-->
    <!-- Filter 1 -->
    <bean id="httpSessionIntegrationFilter"
          class="org.springframework.security.context.HttpSessionContextIntegrationFilter" />

<!--///////////////////////////////////////////////////////////////////////////////////////-->
    <!-- Filter 2 -->
    <bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
        <property name="filterProcessesUrl" value="/j_acegi_security_check" />
        <property name="authenticationFailureUrl" value="/index.htm?login_error=1" />
        <property name="defaultTargetUrl" value="/editProfile.htm" />
        <property name="authenticationManager" ref="authenticationManager" />
    </bean>

    <bean id="authenticationEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
        <property name="loginFormUrl" value="/index.htm" />
        <property name="forceHttps" value="false" />
    </bean>

<!--///////////////////////////////////////////////////////////////////////////////////////-->
    <!-- Filter 3 -->
      <bean id="accessDeniedHandler" class="org.springframework.security.ui.AccessDeniedHandlerImpl">
        <property name="errorPage" value="/error.htm" />
    </bean>

    <bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
        <property name="authenticationEntryPoint" ref="authenticationEntryPoint" />
        <property name="accessDeniedHandler" ref="accessDeniedHandler" />
    </bean>

<!--///////////////////////////////////////////////////////////////////////////////////////-->
    <!-- Filter 4 -->
    <bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
        <property name="allowIfAllAbstainDecisions" value="false" />
        <property name="decisionVoters">
            <list>
                <bean class="org.springframework.security.vote.RoleVoter" />
            </list>
        </property>
    </bean>
    <bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="accessDecisionManager" ref="accessDecisionManager" />
        <property name="objectDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                /editprofile.htm=ROLE_USER,ROLE_ADMIN
                /home.htm=ROLE_ADMIN
            </value>
        </property>
    </bean>
    
</beans>

**Generic1** · Nov 8th, 2010, 02:10 AM

Has anyone an idea what I can do in this case, or does someone know an example which is similar to my one and which does work?
Thanks a lot,

**Generic1** · Nov 8th, 2010, 11:34 AM

Maybe someone can try out my application. It is really a basic application developed with Netbeans.
Thanks a lot

http://www.file-upload.net/download-...yTest.zip.html

**Rob Winch** · Nov 8th, 2010, 02:47 PM

See if this thread helps.

Thread: Spring Security redirect to error page

Thread Tools

Display

Spring Security redirect to error page

Posting Permissions