When the user accesses a page that he does not have authorization, he is directed to the page of AcessoNegado.xhtml
. However it has the following image:
Thispageislocatedhere:
\GestaoADM\src\main\webapp\AcessoNegado.xhtml
And the setting is in applicationContext.xml
;
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<beans:bean id="appUserDetailsService"
class="br.com.gestaoadm.security.AppUserDetailsService" />
<beans:bean id="exceptionTranslationFilter"
class="org.springframework.security.web.access.ExceptionTranslationFilter">
<beans:property name="accessDeniedHandler" ref="jsfAccessDeniedHandler" />
<beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint" />
</beans:bean>
<beans:bean id="jsfAccessDeniedHandler"
class=" br.com.gestaoadm.security.JsfAccessDeniedHandler">
<beans:property name="loginPath" value="/AcessoNegado.xhtml" />
<beans:property name="contextRelative" value="true" />
</beans:bean>
<beans:bean id="authenticationEntryPoint"
class=" br.com.gestaoadm.security.JsfLoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/Login.xhtml" />
<beans:property name="redirectStrategy" ref="jsfRedirectStrategy" />
</beans:bean>
<beans:bean id="jsfRedirectStrategy"
class=" br.com.gestaoadm.security.JsfRedirectStrategy" />
<http pattern="/Login.xhtml" security="none" />
<http pattern="/Erro.xhtml" security="none" />
<http pattern="/javax.faces.resource/**" security="none" />
<http auto-config="false" use-expressions="true">
<custom-filter ref="exceptionTranslationFilter" before="FILTER_SECURITY_INTERCEPTOR" />
<intercept-url pattern="/Inicio.xhtml" access="isAuthenticated()" />
<intercept-url pattern="/imovel/**"
access="hasAnyRole('CORRETORES','ADMINISTRADORES')" />
<intercept-url pattern="/empresa/**" access="hasAnyRole('ADMINISTRADORES')" />
<intercept-url pattern="/cliente/**" access="hasAnyRole('ADMINISTRADORES')" />
<intercept-url pattern="/**" access="denyAll" />
<form-login login-page="/Login.xhtml"
authentication-failure-url="/Login.xhtml?invalid=true"
default-target-url="/" always-use-default-target="true" />
<logout logout-url="/j_spring_security_logout"
invalidate-session="true" />
</http>
<!-- <authentication-manager> -->
<!-- <authentication-provider> -->
<!-- <user-service> -->
<!-- <user name="joao" password="joao" authorities="CORRETORES" /> -->
<!-- <user name="wladimir" password="wladimir" authorities="ADMINISTRADORES"
/> -->
<!-- </user-service> -->
<!-- </authentication-provider> -->
<!-- </authentication-manager> -->
<authentication-manager>
<authentication-provider user-service-ref="appUserDetailsService">
<!-- <password-encoder hash="md5" /> -->
</authentication-provider>
</authentication-manager>
</beans:beans>
The stretch of importance is here:
<beans:bean id="jsfAccessDeniedHandler"
class=" br.com.gestaoadm.security.JsfAccessDeniedHandler">
<beans:property name="loginPath" value="/AcessoNegado.xhtml" />
<beans:property name="contextRelative" value="true" />
</beans:bean>
What's wrong?