web-dev-qa-db-fra.com

Comment gérer AccessDeniedException dans Spring Security?

j'utilise spring security 3, et je veux que chaque fois que AccessDeniedException soit levé, l'utilisateur se redirige vers une page spécifique: 

org.springframework.security.access.AccessDeniedException: Access is denied
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.Java:71)
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.Java:203)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.Java:106)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.Java:83)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.Java:380)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.Java:97)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.Java:380)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.Java:78)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.Java:380)
    at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.Java:112)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.Java:380)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.Java:54)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.Java:380)
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.Java:35)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.Java:380)
    at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.Java:177)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.Java:380)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.Java:187)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.Java:380)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.Java:105)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.Java:380)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.Java:79)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.Java:380)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.Java:169)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.Java:237)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.Java:167)
    at org.Apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.Java:243)
    at org.Apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.Java:210)
    at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.Java:198)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.Java:76)
    at org.Apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.Java:243)
    at org.Apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.Java:210)
    at org.Apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.Java:224)
    at org.Apache.catalina.core.StandardContextValve.invoke(StandardContextValve.Java:169)
    at org.Apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.Java:472)
    at org.Apache.catalina.core.StandardHostValve.invoke(StandardHostValve.Java:168)
    at org.Apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.Java:100)
    at org.Apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.Java:929)
    at org.Apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.Java:118)
    at org.Apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.Java:405)
    at org.Apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.Java:964)
    at org.Apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.Java:515)
    at org.Apache.Tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.Java:302)
    at Java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.Java:886)
    at Java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.Java:908)
    at Java.lang.Thread.run(Thread.Java:619)

j'ai donc essayé d'utiliser access-denied-handler Et voici le gestionnaire:

@Service("accessDeniedHandler")
public class AccessDeniedHandler extends AccessDeniedHandlerImpl {

    Log log = LogFactory.getLog(getClass());

    @Override
    public void handle(HttpServletRequest request,
            HttpServletResponse response, AccessDeniedException exception)
            throws IOException, ServletException {
        log.info("############### Access Denied Handler!");
        setErrorPage("/accessDenied");
        super.handle(request, response, exception);
    }

}
  • applicationSecurity.xml:

      <beans:beans xmlns="http://www.springframework.org/schema/security"  
      xmlns:beans="http://www.springframework.org/schema/beans" 
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xmlns:util="http://www.springframework.org/schema/util"
      xmlns:p="http://www.springframework.org/schema/p"  
      xsi:schemaLocation="http://www.springframework.org/schema/beans
      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
      http://www.springframework.org/schema/security
      http://www.springframework.org/schema/security/spring-security-3.0.xsd
      http://www.springframework.org/schema/util
      http://www.springframework.org/schema/util/spring-util-3.0.xsd">
    
    <http use-expressions="true"  auto-config="true" >
    
    <session-management session-fixation-protection="none"/>
    
        <remember-me  token-validity-seconds="1209600"/>
    
        <intercept-url pattern="/accessDenied" access="permitAll"/>
    
        <intercept-url pattern="/login" access="permitAll"/>
        <intercept-url pattern="/j_spring_security_check" access="permitAll" />
    
        <intercept-url pattern="/faces/javax.faces.resource/**" access="permitAll"/>
        <intercept-url pattern="/xmlhttp/**" access="permitAll" />
        <intercept-url pattern="/resources/**" access="permitAll" />
    
        <intercept-url pattern="**/faces/javax.faces.resource/**" access="permitAll"/>
        <intercept-url pattern="**/xmlhttp/**" access="permitAll" />
        <intercept-url pattern="**/resources/**" access="permitAll" />
    
    
        <intercept-url pattern="/**" access="isAuthenticated()" />
    
    <access-denied-handler ref="accessDeniedHandler" />
    
    <!-- tried the error page too with no luck -->
    
    <!-- 
    <access-denied-handler error-page="/accessDenied" />
    -->
    
    
    </http>
    </beans:beans>
    

mais le issue: est que, lorsque l'exception est levée, elle n'entre pas dans la classe accessDeniedHandler, veuillez en informer.

UPDATE: j'ai essayé la solution du bean exceptions, et le comportement est identique, une exception est levée, mais aucune redirection n'a lieu pour la page accessDenied.

Logs:

2012-01-08/12:33:43.610 [http-bio-8080-exec-8] DEBUG Converted URL to lowercase, from: '/'; to: '/'
2012-01-08/12:33:43.610 [http-bio-8080-exec-8] DEBUG Converted URL to lowercase, from: '/'; to: '/'
2012-01-08/12:33:43.610 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /**; matched=true
2012-01-08/12:33:43.610 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /**; matched=true
2012-01-08/12:33:43.610 [http-bio-8080-exec-8] DEBUG / at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2012-01-08/12:33:43.610 [http-bio-8080-exec-8] DEBUG / at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG HttpSession returned null object for SPRING_SECURITY_CONTEXT
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG HttpSession returned null object for SPRING_SECURITY_CONTEXT
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG No SecurityContext was available from the HttpSession: org.Apache.catalina.session.StandardSessionFacade@5b7da0d1. A new one will be created.
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG No SecurityContext was available from the HttpSession: org.Apache.catalina.session.StandardSessionFacade@5b7da0d1. A new one will be created.
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG / at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG / at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG / at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG / at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG / at position 4 of 10 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG / at position 4 of 10 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG / at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG / at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG pathInfo: both null (property equals)
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG pathInfo: both null (property equals)
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG queryString: both null (property equals)
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG queryString: both null (property equals)
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG requestURI: arg1=/MyApp/; arg2=/MyApp/ (property equals)
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG requestURI: arg1=/MyApp/; arg2=/MyApp/ (property equals)
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG serverPort: arg1=8080; arg2=8080 (property equals)
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG serverPort: arg1=8080; arg2=8080 (property equals)
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG requestURL: arg1=http://localhost:8080/MyApp/; arg2=http://localhost:8080/MyApp/ (property equals)
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG requestURL: arg1=http://localhost:8080/MyApp/; arg2=http://localhost:8080/MyApp/ (property equals)
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG scheme: arg1=http; arg2=http (property equals)
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG scheme: arg1=http; arg2=http (property equals)
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG serverName: arg1=localhost; arg2=localhost (property equals)
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG serverName: arg1=localhost; arg2=localhost (property equals)
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG contextPath: arg1=/MyApp; arg2=/MyApp (property equals)
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG contextPath: arg1=/MyApp; arg2=/MyApp (property equals)
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG servletPath: arg1=/; arg2=/ (property equals)
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG servletPath: arg1=/; arg2=/ (property equals)
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG Removing DefaultSavedRequest from session if present
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG Removing DefaultSavedRequest from session if present
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG / at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG / at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG / at position 7 of 10 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG / at position 7 of 10 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG / at position 8 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG / at position 8 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90576bf4: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@21a2c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 7F9F9C2E2922F5072EE36B6FBCFE8837; Granted Authorities: ROLE_ANONYMOUS'
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90576bf4: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@21a2c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 7F9F9C2E2922F5072EE36B6FBCFE8837; Granted Authorities: ROLE_ANONYMOUS'
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG / at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG / at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG / at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG / at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Converted URL to lowercase, from: '/'; to: '/'
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Converted URL to lowercase, from: '/'; to: '/'
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /accessdenied; matched=false
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /accessdenied; matched=false
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /login; matched=false
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /login; matched=false
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /j_spring_security_check; matched=false
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /j_spring_security_check; matched=false
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /faces/javax.faces.resource/**; matched=false
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /faces/javax.faces.resource/**; matched=false
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /xmlhttp/**; matched=false
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /xmlhttp/**; matched=false
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /resources/**; matched=false
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /resources/**; matched=false
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is **/faces/javax.faces.resource/**; matched=false
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is **/faces/javax.faces.resource/**; matched=false
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is **/xmlhttp/**; matched=false
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is **/xmlhttp/**; matched=false
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is **/resources/**; matched=false
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is **/resources/**; matched=false
2012-01-08/12:33:43.615 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /**; matched=true
2012-01-08/12:33:43.615 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /**; matched=true
2012-01-08/12:33:43.615 [http-bio-8080-exec-8] DEBUG Secure object: FilterInvocation: URL: /; Attributes: [isAuthenticated()]
2012-01-08/12:33:43.615 [http-bio-8080-exec-8] DEBUG Secure object: FilterInvocation: URL: /; Attributes: [isAuthenticated()]
2012-01-08/12:33:43.615 [http-bio-8080-exec-8] DEBUG Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@90576bf4: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@21a2c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 7F9F9C2E2922F5072EE36B6FBCFE8837; Granted Authorities: ROLE_ANONYMOUS
2012-01-08/12:33:43.615 [http-bio-8080-exec-8] DEBUG Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@90576bf4: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@21a2c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 7F9F9C2E2922F5072EE36B6FBCFE8837; Granted Authorities: ROLE_ANONYMOUS
2012-01-08/12:33:43.615 [http-bio-8080-exec-8] DEBUG Voter: org.springframework.security.web.access.expression.WebExpressionVoter@338652ff, returned: -1
2012-01-08/12:33:43.615 [http-bio-8080-exec-8] DEBUG Voter: org.springframework.security.web.access.expression.WebExpressionVoter@338652ff, returned: -1
2012-01-08/12:33:43.615 [http-bio-8080-exec-8] DEBUG Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.Java:71)
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.Java:203)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.Java:106)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.Java:83)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.Java:380)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.Java:97)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.Java:380)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.Java:78)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.Java:380)
    at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.Java:112)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.Java:380)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.Java:54)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.Java:380)
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.Java:35)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.Java:380)
    at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.Java:177)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.Java:380)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.Java:187)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.Java:380)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.Java:105)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.Java:380)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.Java:79)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.Java:380)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.Java:169)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.Java:237)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.Java:167)
    at org.Apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.Java:243)
    at org.Apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.Java:210)
    at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.Java:198)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.Java:76)
    at org.Apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.Java:243)
    at org.Apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.Java:210)
    at org.Apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.Java:224)
    at org.Apache.catalina.core.StandardContextValve.invoke(StandardContextValve.Java:169)
    at org.Apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.Java:472)
    at org.Apache.catalina.core.StandardHostValve.invoke(StandardHostValve.Java:168)
    at org.Apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.Java:100)
    at org.Apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.Java:929)
    at org.Apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.Java:118)
    at org.Apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.Java:405)
    at org.Apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.Java:964)
    at org.Apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.Java:515)
    at org.Apache.Tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.Java:302)
    at Java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.Java:886)
    at Java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.Java:908)
    at Java.lang.Thread.run(Thread.Java:619)
2012-01-08/12:33:43.615 [http-bio-8080-exec-8] DEBUG Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
12
Mahmoud Saleh

Si la page d'accès refusé est une page simple ne nécessitant pas de contrôleur, vous pouvez le faire comme suit:

<!-- This bean resolves specific types of exceptions to corresponding logical
    - view names for error views. The default behavior of DispatcherServlet -
    is to propagate all exceptions to the servlet container: this will happen
    - here with all other types of exceptions. -->
<bean
    class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver"
    p:defaultErrorView="uncaughtException">
    <property name="exceptionMappings">
        <props>
            <prop key=".DataAccessException">dataAccessFailure</prop>
            <prop key=".NoSuchRequestHandlingMethodException">resourceNotFound</prop>
            <prop key=".TypeMismatchException">resourceNotFound</prop>
            <prop key=".MissingServletRequestParameterException">resourceNotFound</prop>
            <prop key=".AccessDeniedException">accessDenied</prop>
        </props>
    </property>
</bean>

 <!-- remove this if you need a controller -->
 <mvc:view-controller path="/accessDenied" />

 <security:intercept-url pattern="/accessDenied" access="permitAll" />

Une autre façon consiste à utiliserAccessDeniedHander. Il vous suffira de configurer la balise spring-security:access-denied-handler dans la balise spring-security:http. Cette méthode semble fonctionner uniquement si la restriction d'accès est configurée par un security:intercept-url, mais pas si cela est fait au niveau du service (par exemple, par des annotations).

<security:http auto-config="true" ... >
  ...
  <security:access-denied-handler error-page="/myAccessDeniedPage"/>
</security:http>
9
Ralph

Solution par programme:

@Order(1)
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    //
    // ...
    //

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.exceptionHandling().accessDeniedHandler(new AccessDeniedHandlerImpl() {
            @Override
            public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
                super.handle(request, response, accessDeniedException);

                // 
                // Your Code Here
                //

            }

            @Override
            public void setErrorPage(String errorPage) {
                super.setErrorPage(errorPage);

                // 
                // Your Code Here
                //

            }
        });

        //
        // ...
        //

    }

    //
    // ...
    //

}
7
Marcelo C.

J'ai pu résoudre le problème de la redirection après expiration de la session en utilisant sessionManagementFilter as dans ce message:

http://www.icesoft.org/wiki/display/ICE/Spring+Security+3.0

0
Mahmoud Saleh
DEBUG Access is denied (user is anonymous)

si vous regardez le code de printemps, vous verrez que celui-ci appelle accessDeniedHandler uniquement pour les utilisateurs non anonymes. 

<security:intercept-url pattern="/**" access="@storeAccessService.initForExpiredXmlHttpRequest() and _other_rules_here

où je faisais dans initForExpiredXmlHttpRequest ()

HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
//logic to filter
UsernamePasswordAuthenticationToken sessionExpiredAuthentication = new UsernamePasswordAuthenticationToken(
                "session-expired", "session-expired");
        SecurityContextHolder.getContext().setAuthentication(sessionExpiredAuthentication);
0
Yura

2012-01-08/12: 33: 43.615 [http-bio-8080-exec-8] DEBUG L'accès est refusé (l'utilisateur est anonyme); redirection au point d'entrée d'authentification org.springframework.security.access.AccessDeniedException: l'accès est refusé

Il semble que votre page de connexion (ou certains de ses éléments) ne soit disponible que pour les utilisateurs connectés.

0
Ralph