Table of Contents
In this post , we will see how to customize 403 access denied page.
If user do not have access to page, then it will show default 403 page which will look like as below:
so if user does not have access to page, it will be redirected to /403 and you can handle 403 in controller class as below:
We can create 403.jsp as below:
You need to add ref in http tag in spring-security.xml.
If user do not have access to page, then it will show default 403 page which will look like as below:
You can customize 403 as below page:
If you want to configure custom 403 access denied page, there are two ways to do it.
- Using access-denied-handler error-page
- Using AccessDeniedHandler ref
Using access-denied-handler error-page
You can put entry for attribute access-denied-handler in spring-security.xml as below.
|
1 2 3 4 5 6 |
<http auto-config="true" use-expressions="true"> <access-denied-handler error-page="/403" /> ... other entries </http> |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
// for 403 access denied page @RequestMapping(value = "/403", method = RequestMethod.GET) public ModelAndView accesssDenied(Principal user) { ModelAndView model = new ModelAndView(); if (user != null) { model.addObject("msg", "Hi " + user.getName() + ", You can not access this page!"); } else { model.addObject("msg", "You can not access this page!"); } model.setViewName("403"); return model; } |
|
1 2 3 4 5 6 7 8 9 10 11 |
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <html> <body> <h1>HTTP Status 403 - Access is denied</h1> <h2>${msg}</h2> <c:url value="/j_spring_security_logout" var="logoutUrl" /> <a href="${logoutUrl}">Log Out</a> </body> </html> |
Please refer to Spring security database authentication for spring-security.xml and other files.
Using AccessDeniedHandler ref:
You can also use AccessDeniedHandler to handle 403 access denied page.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
package org.arpit.java2blog.handler; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.web.access.AccessDeniedHandler; public class CustomAccessDeniedHandler implements AccessDeniedHandler { private String errorPage; public CustomAccessDeniedHandler() { } public CustomAccessDeniedHandler(String errorPage) { this.errorPage = errorPage; } public String getErrorPage() { return errorPage; } public void setErrorPage(String errorPage) { this.errorPage = errorPage; } @Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException { //You can redirect to errorpage response.sendRedirect(errorPage); } } |
|
1 2 3 4 5 6 7 8 9 |
<http auto-config="true" use-expressions="true"> <access-denied-handler ref=custom403 /> </http> <beans:bean id="custom403" class="org.arpit.java2blog.handler.CustomAccessDeniedHandler"> <beans:property name="errorPage" value="403" /> ... other entries |
Download source code:
Was this post helpful?
Let us know if this post was helpful. Feedbacks are monitored on daily basis. Please do provide feedback as that\'s the only way to improve.
