Home/ Questions/Q 532719
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T09:26:04+00:00

I have a j2ee web application using spring web flow ang spring security. I

  • 0

I have a j2ee web application using spring web flow ang spring security. I want to redirect the user to page(maybe an error page) if the user’s role has no access on the page being accessed because currently I get the error

Error 404–Not Found
From RFC 2068 Hypertext Transfer Protocol — HTTP/1.1:
10.4.5 404 Not Found
The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.

If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.

How do I do this redirection.I tried the access-denied-page attribute of security:http but I still get the error. Here’s my configuration for security-http.

By the way.I am using Spring Faces and Facelets. Could this have been the cause of the problem?

<!-- Configure Spring Security -->
<security:http auto-config="true" access-denied-page="/deniedpage.xhtml" 
    session-fixation-protection="newSession">
    <security:intercept-url pattern="/main.do"
        access="ROLE_SUPERVISOR, ROLE_USER" />
    <security:intercept-url pattern="/logoutSuccess.do"
        access="ROLE_SUPERVISOR, ROLE_USER" />
    <security:intercept-url pattern="/edit.do" 
        access="ROLE_SUPERVISOR" />
    <security:intercept-url pattern="/register.do"
        access="ROLE_SUPERVISOR" />
    <security:intercept-url pattern="/admin_main.do"
        access="ROLE_SUPERVISOR" />
    <security:intercept-url pattern="/*"
        access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <security:form-login login-page="/loginForm.do"
        default-target-url="/main.do" authentication-failure-url="/loginForm.do?login_error=1" />
    <security:logout logout-url="/logout.do"
        invalidate-session="true" logout-success-url="/logoutSuccess.do" />
    <security:concurrent-session-control
        max-sessions="-1" exception-if-maximum-exceeded="true" expired-url="/loginform.do" />

</security:http>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The access-denied-page attribute of security:http should be enough, show us the Spring configuration you are using.
    In the meantime try adding this to web.xml: 

    <error-page>
    <error-code>404</error-code>
    <location>notfound.jsp</location>
</error-page>
    • 0