Home/ Questions/Q 7458411
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T13:26:38+00:00

I have an application with JSF+Spring. I am using spring security and i works

  • 0

I have an application with JSF+Spring.
I am using spring security and i works properly.However when i try to reach a secured page without authentication,instead of redirecting me to the denied page i just shows 403 Forbidden page.
I don’t know if there is anyting missing on applicationContext or web.xml,here is my code:

part of applicationContext:

<sec:http access-denied-page="/denied.xhtml"  auto-config="true" use-expressions="false" >
    <sec:form-login login-page="/login.xhtml" default-target-url="/"   authentication-failure-url="/denied.xhtml"
    login-processing-url="/static/j_spring_security_check"
    />
    <sec:intercept-url pattern="/PANEL/**"  access="ROLE_GENERALT"></sec:intercept-url>
    <sec:logout invalidate-session="true" logout-url="/index.xhtml"/>
    </sec:http>

<sec:global-method-security secured-annotations="enabled" jsr250-annotations="enabled"></sec:global-method-security>

and web.xml:

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:/appContext.xml
        </param-value>
    </context-param>
    <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
</filter-mapping>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You need to set errorpage property for the accessDeniedHandler which is used by ExceptionTranslationFilter when an AccessDeniedException occurs

    see this for info link

    <bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter">
  <property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
  <property name="accessDeniedHandler" ref="accessDeniedHandler"/>
</bean>

<bean id="accessDeniedHandler" class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
  <property name="errorPage" value="/denied.xhtml"/>
</bean>

    alternatively, you can just add this to your web.xml

    <error-page>
  <error-code>403</error-code>
  <location>/pages/denied.xhtml</location>
</error-page>
    • 0