Problem with Spring Security - page not located

Asked

Viewed 380 times

4

When the user accesses a page that he does not have authorization for, it is to be directed to the page of AcessoNegado.xhtml. But it presents the following image:

inserir a descrição da imagem aqui

This page is located here:

\GestaoADM\src\main\webapp\AcessoNegado.xhtml

erro

And the setting is on applicationContext.xml;

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <beans:bean id="appUserDetailsService"
        class="br.com.gestaoadm.security.AppUserDetailsService" />


    <beans:bean id="exceptionTranslationFilter"
        class="org.springframework.security.web.access.ExceptionTranslationFilter">
        <beans:property name="accessDeniedHandler" ref="jsfAccessDeniedHandler" />
        <beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint" />
    </beans:bean>

    <beans:bean id="jsfAccessDeniedHandler"
        class=" br.com.gestaoadm.security.JsfAccessDeniedHandler">
        <beans:property name="loginPath" value="/AcessoNegado.xhtml" />
        <beans:property name="contextRelative" value="true" />
    </beans:bean>

    <beans:bean id="authenticationEntryPoint"
        class=" br.com.gestaoadm.security.JsfLoginUrlAuthenticationEntryPoint">
        <beans:property name="loginFormUrl" value="/Login.xhtml" />
        <beans:property name="redirectStrategy" ref="jsfRedirectStrategy" />
    </beans:bean>

    <beans:bean id="jsfRedirectStrategy"
        class=" br.com.gestaoadm.security.JsfRedirectStrategy" />




    <http pattern="/Login.xhtml" security="none" />
    <http pattern="/Erro.xhtml" security="none" />

    <http pattern="/javax.faces.resource/**" security="none" />

    <http auto-config="false" use-expressions="true">

        <custom-filter ref="exceptionTranslationFilter" before="FILTER_SECURITY_INTERCEPTOR" />


        <intercept-url pattern="/Inicio.xhtml" access="isAuthenticated()" />
        <intercept-url pattern="/imovel/**"
            access="hasAnyRole('CORRETORES','ADMINISTRADORES')" />
        <intercept-url pattern="/empresa/**" access="hasAnyRole('ADMINISTRADORES')" />
        <intercept-url pattern="/cliente/**" access="hasAnyRole('ADMINISTRADORES')" />

        <intercept-url pattern="/**" access="denyAll" />

        <form-login login-page="/Login.xhtml"

            authentication-failure-url="/Login.xhtml?invalid=true"
            default-target-url="/" always-use-default-target="true" />

        <logout logout-url="/j_spring_security_logout"
            invalidate-session="true" />


    </http>

    <!-- <authentication-manager> -->
    <!-- <authentication-provider> -->
    <!-- <user-service> -->
    <!-- <user name="joao" password="joao" authorities="CORRETORES" /> -->
    <!-- <user name="wladimir" password="wladimir" authorities="ADMINISTRADORES" 
        /> -->
    <!-- </user-service> -->
    <!-- </authentication-provider> -->
    <!-- </authentication-manager> -->

    <authentication-manager>
        <authentication-provider user-service-ref="appUserDetailsService">
            <!-- <password-encoder hash="md5" /> -->
        </authentication-provider>
    </authentication-manager>



</beans:beans>

The passage of importance is here:

<beans:bean id="jsfAccessDeniedHandler"
    class=" br.com.gestaoadm.security.JsfAccessDeniedHandler">
    <beans:property name="loginPath" value="/AcessoNegado.xhtml" />
    <beans:property name="contextRelative" value="true" />
</beans:bean>

I wonder what’s wrong?

  • Take a look at this answer, maybe I can help you: http://stackoverflow.com/questions/15489911/this-webpage-has-a-redirect-loop-in-spring-security-application

  • Here does not open the image for me. Maybe my proxy is blocking. Which message appears on the screen?

1 answer

1

What happens is that you have not set what is the necessary permission to access the denied access page.

So when the user is redirected the spring sees q he does not have permission to the access page denied and tries to redirect to ... the access page denied, to which he has no permission and so infinitely.

to solve this put this Interceptor:

<intercept-url pattern="/AcessoNegado.xhtml" access="isAuthenticated()" />

Browser other questions tagged

You are not signed in. Login or sign up in order to post.