diff --git a/spring-security-mvc-login/src/main/java/org/baeldung/security/CustomAccessDeniedHandler.java b/spring-security-mvc-login/src/main/java/org/baeldung/security/CustomAccessDeniedHandler.java new file mode 100644 index 0000000000..ea4407c5c4 --- /dev/null +++ b/spring-security-mvc-login/src/main/java/org/baeldung/security/CustomAccessDeniedHandler.java @@ -0,0 +1,30 @@ +package org.baeldung.security; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.log4j.Logger; +import org.springframework.security.access.AccessDeniedException; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.web.access.AccessDeniedHandler; + +public class CustomAccessDeniedHandler implements AccessDeniedHandler { + + public static final Logger LOG = Logger.getLogger(CustomAccessDeniedHandler.class); + + @Override + public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException exc) throws IOException, ServletException { + Authentication auth = SecurityContextHolder.getContext() + .getAuthentication(); + if (auth != null) { + LOG.warn("User: " + auth.getName() + " attempted to access the protected URL: " + request.getRequestURI()); + } + + response.sendRedirect(request.getContextPath() + "/accessDenied"); + } + +} diff --git a/spring-security-mvc-login/src/main/java/org/baeldung/spring/MvcConfig.java b/spring-security-mvc-login/src/main/java/org/baeldung/spring/MvcConfig.java index 02392df736..b59dbee0cf 100644 --- a/spring-security-mvc-login/src/main/java/org/baeldung/spring/MvcConfig.java +++ b/spring-security-mvc-login/src/main/java/org/baeldung/spring/MvcConfig.java @@ -28,6 +28,7 @@ public class MvcConfig extends WebMvcConfigurerAdapter { registry.addViewController("/login.html"); registry.addViewController("/homepage.html"); registry.addViewController("/admin/adminpage.html"); + registry.addViewController("/accessDenied"); } @Bean diff --git a/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java b/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java index ae41a037cd..7331d7bb18 100644 --- a/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java +++ b/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java @@ -1,5 +1,6 @@ package org.baeldung.spring; +import org.baeldung.security.CustomAccessDeniedHandler; import org.baeldung.security.CustomLogoutSuccessHandler; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -8,6 +9,7 @@ import org.springframework.security.config.annotation.authentication.builders.Au import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.web.access.AccessDeniedHandler; import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; @Configuration @@ -53,6 +55,9 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter { .logoutUrl("/perform_logout") .deleteCookies("JSESSIONID") .logoutSuccessHandler(logoutSuccessHandler()); + //.and() + //.exceptionHandling().accessDeniedPage("/accessDenied"); + //.exceptionHandling().accessDeniedHandler(accessDeniedHandler()); // @formatter:on } @@ -60,5 +65,10 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter { public LogoutSuccessHandler logoutSuccessHandler() { return new CustomLogoutSuccessHandler(); } + + @Bean + public AccessDeniedHandler accessDeniedHandler(){ + return new CustomAccessDeniedHandler(); + } } diff --git a/spring-security-mvc-login/src/main/resources/webSecurityConfig.xml b/spring-security-mvc-login/src/main/resources/webSecurityConfig.xml index 9c8fdea9ee..f0fa956934 100644 --- a/spring-security-mvc-login/src/main/resources/webSecurityConfig.xml +++ b/spring-security-mvc-login/src/main/resources/webSecurityConfig.xml @@ -19,10 +19,16 @@ always-use-default-target="true"/> + + + + + + diff --git a/spring-security-mvc-login/src/main/webapp/WEB-INF/view/accessDenied.jsp b/spring-security-mvc-login/src/main/webapp/WEB-INF/view/accessDenied.jsp new file mode 100644 index 0000000000..45820cf43d --- /dev/null +++ b/spring-security-mvc-login/src/main/webapp/WEB-INF/view/accessDenied.jsp @@ -0,0 +1,15 @@ +<%@ page language="java" contentType="text/html; charset=ISO-8859-1" + pageEncoding="ISO-8859-1"%> +<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> + + + + +Access Denied + + +

Sorry, you do not have permission to view this page.

+ +Click ">here to go back to the Homepage. + + \ No newline at end of file diff --git a/spring-security-mvc-login/src/main/webapp/WEB-INF/view/homepage.jsp b/spring-security-mvc-login/src/main/webapp/WEB-INF/view/homepage.jsp index 80f27f5466..c9d88cbc9b 100644 --- a/spring-security-mvc-login/src/main/webapp/WEB-INF/view/homepage.jsp +++ b/spring-security-mvc-login/src/main/webapp/WEB-INF/view/homepage.jsp @@ -4,21 +4,23 @@ -

This is the body of the sample view

+

This is the body of the sample view

- - This text is only visible to a user -
- + + This text is only visible to a user +

+ ">Restricted Admin Page +

+ - - This text is only visible to an admin -
+ + This text is only visible to an admin +
">Admin Page
- + + + ">Logout - ">Logout - \ No newline at end of file diff --git a/spring-security-mvc-login/src/main/webapp/WEB-INF/web.xml b/spring-security-mvc-login/src/main/webapp/WEB-INF/web.xml index 0a0a340995..eef48ec9b3 100644 --- a/spring-security-mvc-login/src/main/webapp/WEB-INF/web.xml +++ b/spring-security-mvc-login/src/main/webapp/WEB-INF/web.xml @@ -43,8 +43,15 @@ /* + + 403 + /accessDenied + + + + \ No newline at end of file