Problem with Spring Security - page not found

4

When the user accesses a page that he does not have authorization, he is directed to the page of AcessoNegado.xhtml . However it has the following image:

Thispageislocatedhere:

\GestaoADM\src\main\webapp\AcessoNegado.xhtml

And the setting is in applicationContext.xml ;

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <beans:bean id="appUserDetailsService"
        class="br.com.gestaoadm.security.AppUserDetailsService" />


    <beans:bean id="exceptionTranslationFilter"
        class="org.springframework.security.web.access.ExceptionTranslationFilter">
        <beans:property name="accessDeniedHandler" ref="jsfAccessDeniedHandler" />
        <beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint" />
    </beans:bean>

    <beans:bean id="jsfAccessDeniedHandler"
        class=" br.com.gestaoadm.security.JsfAccessDeniedHandler">
        <beans:property name="loginPath" value="/AcessoNegado.xhtml" />
        <beans:property name="contextRelative" value="true" />
    </beans:bean>

    <beans:bean id="authenticationEntryPoint"
        class=" br.com.gestaoadm.security.JsfLoginUrlAuthenticationEntryPoint">
        <beans:property name="loginFormUrl" value="/Login.xhtml" />
        <beans:property name="redirectStrategy" ref="jsfRedirectStrategy" />
    </beans:bean>

    <beans:bean id="jsfRedirectStrategy"
        class=" br.com.gestaoadm.security.JsfRedirectStrategy" />




    <http pattern="/Login.xhtml" security="none" />
    <http pattern="/Erro.xhtml" security="none" />

    <http pattern="/javax.faces.resource/**" security="none" />

    <http auto-config="false" use-expressions="true">

        <custom-filter ref="exceptionTranslationFilter" before="FILTER_SECURITY_INTERCEPTOR" />


        <intercept-url pattern="/Inicio.xhtml" access="isAuthenticated()" />
        <intercept-url pattern="/imovel/**"
            access="hasAnyRole('CORRETORES','ADMINISTRADORES')" />
        <intercept-url pattern="/empresa/**" access="hasAnyRole('ADMINISTRADORES')" />
        <intercept-url pattern="/cliente/**" access="hasAnyRole('ADMINISTRADORES')" />

        <intercept-url pattern="/**" access="denyAll" />

        <form-login login-page="/Login.xhtml"

            authentication-failure-url="/Login.xhtml?invalid=true"
            default-target-url="/" always-use-default-target="true" />

        <logout logout-url="/j_spring_security_logout"
            invalidate-session="true" />


    </http>

    <!-- <authentication-manager> -->
    <!-- <authentication-provider> -->
    <!-- <user-service> -->
    <!-- <user name="joao" password="joao" authorities="CORRETORES" /> -->
    <!-- <user name="wladimir" password="wladimir" authorities="ADMINISTRADORES" 
        /> -->
    <!-- </user-service> -->
    <!-- </authentication-provider> -->
    <!-- </authentication-manager> -->

    <authentication-manager>
        <authentication-provider user-service-ref="appUserDetailsService">
            <!-- <password-encoder hash="md5" /> -->
        </authentication-provider>
    </authentication-manager>



</beans:beans>

The stretch of importance is here:

<beans:bean id="jsfAccessDeniedHandler"
    class=" br.com.gestaoadm.security.JsfAccessDeniedHandler">
    <beans:property name="loginPath" value="/AcessoNegado.xhtml" />
    <beans:property name="contextRelative" value="true" />
</beans:bean>

What's wrong?

    
asked by anonymous 30.06.2015 / 17:04

1 answer

1

What happens when you have not defined the permission required to access the denied access page.

So when the user is redirected, he sees that he does not have permission to the access page denied and tries to redirect to ... the access page denied, which he is not allowed and thus infinitely.

To solve this put this interceptor:

<intercept-url pattern="/AcessoNegado.xhtml" access="isAuthenticated()" />
    
02.07.2015 / 14:13