From 424f55ac484eb2dd662dda7491170eceaad1fb2d Mon Sep 17 00:00:00 2001
From: lor6 <loredana.crusoveanu@yahoo.com>
Date: Sun, 12 Feb 2017 16:11:55 +0200
Subject: [PATCH] custom access denied page (#1133)

* custom access denied page

* fix formatting, remove imports
---
 .../security/CustomAccessDeniedHandler.java   | 30 +++++++++++++++++++
 .../java/org/baeldung/spring/MvcConfig.java   |  1 +
 .../baeldung/spring/SecSecurityConfig.java    | 10 +++++++
 .../src/main/resources/webSecurityConfig.xml  |  6 ++++
 .../main/webapp/WEB-INF/view/accessDenied.jsp | 15 ++++++++++
 .../src/main/webapp/WEB-INF/view/homepage.jsp | 24 ++++++++-------
 .../src/main/webapp/WEB-INF/web.xml           |  7 +++++
 7 files changed, 82 insertions(+), 11 deletions(-)
 create mode 100644 spring-security-mvc-login/src/main/java/org/baeldung/security/CustomAccessDeniedHandler.java
 create mode 100644 spring-security-mvc-login/src/main/webapp/WEB-INF/view/accessDenied.jsp

diff --git a/spring-security-mvc-login/src/main/java/org/baeldung/security/CustomAccessDeniedHandler.java b/spring-security-mvc-login/src/main/java/org/baeldung/security/CustomAccessDeniedHandler.java
new file mode 100644
index 0000000000..ea4407c5c4
--- /dev/null
+++ b/spring-security-mvc-login/src/main/java/org/baeldung/security/CustomAccessDeniedHandler.java
@@ -0,0 +1,30 @@
+package org.baeldung.security;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.log4j.Logger;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.access.AccessDeniedHandler;
+
+public class CustomAccessDeniedHandler implements AccessDeniedHandler {
+
+    public static final Logger LOG = Logger.getLogger(CustomAccessDeniedHandler.class);
+
+    @Override
+    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException exc) throws IOException, ServletException {
+        Authentication auth = SecurityContextHolder.getContext()
+            .getAuthentication();
+        if (auth != null) {
+            LOG.warn("User: " + auth.getName() + " attempted to access the protected URL: " + request.getRequestURI());
+        }
+        
+        response.sendRedirect(request.getContextPath() + "/accessDenied");
+    }
+
+}
diff --git a/spring-security-mvc-login/src/main/java/org/baeldung/spring/MvcConfig.java b/spring-security-mvc-login/src/main/java/org/baeldung/spring/MvcConfig.java
index 02392df736..b59dbee0cf 100644
--- a/spring-security-mvc-login/src/main/java/org/baeldung/spring/MvcConfig.java
+++ b/spring-security-mvc-login/src/main/java/org/baeldung/spring/MvcConfig.java
@@ -28,6 +28,7 @@ public class MvcConfig extends WebMvcConfigurerAdapter {
         registry.addViewController("/login.html");
         registry.addViewController("/homepage.html");
         registry.addViewController("/admin/adminpage.html");
+        registry.addViewController("/accessDenied");
     }
 
     @Bean
diff --git a/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java b/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java
index ae41a037cd..7331d7bb18 100644
--- a/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java
+++ b/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java
@@ -1,5 +1,6 @@
 package org.baeldung.spring;
 
+import org.baeldung.security.CustomAccessDeniedHandler;
 import org.baeldung.security.CustomLogoutSuccessHandler;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -8,6 +9,7 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
 
 @Configuration
@@ -53,6 +55,9 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
         .logoutUrl("/perform_logout")
         .deleteCookies("JSESSIONID")
         .logoutSuccessHandler(logoutSuccessHandler());
+        //.and()
+        //.exceptionHandling().accessDeniedPage("/accessDenied");
+        //.exceptionHandling().accessDeniedHandler(accessDeniedHandler());
         // @formatter:on
     }
 
@@ -60,5 +65,10 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
     public LogoutSuccessHandler logoutSuccessHandler() {
         return new CustomLogoutSuccessHandler();
     }
+    
+    @Bean
+    public AccessDeniedHandler accessDeniedHandler(){
+        return new CustomAccessDeniedHandler();
+    }
 
 }
diff --git a/spring-security-mvc-login/src/main/resources/webSecurityConfig.xml b/spring-security-mvc-login/src/main/resources/webSecurityConfig.xml
index 9c8fdea9ee..f0fa956934 100644
--- a/spring-security-mvc-login/src/main/resources/webSecurityConfig.xml
+++ b/spring-security-mvc-login/src/main/resources/webSecurityConfig.xml
@@ -19,10 +19,16 @@
             always-use-default-target="true"/>
 
         <logout logout-url="/perform_logout" delete-cookies="JSESSIONID" success-handler-ref="customLogoutSuccessHandler"/>
+
+        <!-- <access-denied-handler error-page="/accessDenied"/> -->
+        <access-denied-handler ref="customAccessDeniedHandler"/>
+    	
     </http>
 
     <beans:bean name="customLogoutSuccessHandler" class="org.baeldung.security.CustomLogoutSuccessHandler"/>
 
+    <beans:bean name="customAccessDeniedHandler" class="org.baeldung.security.CustomAccessDeniedHandler" />
+
     <authentication-manager>
         <authentication-provider>
             <user-service>
diff --git a/spring-security-mvc-login/src/main/webapp/WEB-INF/view/accessDenied.jsp b/spring-security-mvc-login/src/main/webapp/WEB-INF/view/accessDenied.jsp
new file mode 100644
index 0000000000..45820cf43d
--- /dev/null
+++ b/spring-security-mvc-login/src/main/webapp/WEB-INF/view/accessDenied.jsp
@@ -0,0 +1,15 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+    pageEncoding="ISO-8859-1"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Access Denied</title>
+</head>
+<body>
+<h2>Sorry, you do not have permission to view this page.</h2>
+
+Click <a href="<c:url value="/homepage.html" /> ">here</a> to go back to the Homepage.
+</body>
+</html>
\ No newline at end of file
diff --git a/spring-security-mvc-login/src/main/webapp/WEB-INF/view/homepage.jsp b/spring-security-mvc-login/src/main/webapp/WEB-INF/view/homepage.jsp
index 80f27f5466..c9d88cbc9b 100644
--- a/spring-security-mvc-login/src/main/webapp/WEB-INF/view/homepage.jsp
+++ b/spring-security-mvc-login/src/main/webapp/WEB-INF/view/homepage.jsp
@@ -4,21 +4,23 @@
 <head></head>
 
 <body>
-	<h1>This is the body of the sample view</h1>
+    <h1>This is the body of the sample view</h1>
 
-	<security:authorize access="hasRole('ROLE_USER')">
-		This text is only visible to a user
-		<br/>
-	</security:authorize>
+    <security:authorize access="hasRole('ROLE_USER')">
+        This text is only visible to a user
+        <br/> <br/>
+        <a href="<c:url value="/admin/adminpage.html" />">Restricted Admin Page</a>
+        <br/> <br/>
+    </security:authorize>
 	
-	<security:authorize access="hasRole('ROLE_ADMIN')">
-		This text is only visible to an admin
-		<br/>
+    <security:authorize access="hasRole('ROLE_ADMIN')">
+        This text is only visible to an admin
+        <br/>
         <a href="<c:url value="/admin/adminpage.html" />">Admin Page</a>
         <br/>
-	</security:authorize>
+    </security:authorize>
+
+    <a href="<c:url value="/perform_logout" />">Logout</a>
 
-	<a href="<c:url value="/perform_logout" />">Logout</a>
-	
 </body>
 </html>
\ No newline at end of file
diff --git a/spring-security-mvc-login/src/main/webapp/WEB-INF/web.xml b/spring-security-mvc-login/src/main/webapp/WEB-INF/web.xml
index 0a0a340995..eef48ec9b3 100644
--- a/spring-security-mvc-login/src/main/webapp/WEB-INF/web.xml
+++ b/spring-security-mvc-login/src/main/webapp/WEB-INF/web.xml
@@ -43,8 +43,15 @@
         <url-pattern>/*</url-pattern>
     </filter-mapping>
 
+    <error-page>
+        <error-code>403</error-code>
+        <location>/accessDenied</location>
+    </error-page>
+	
     <!-- <welcome-file-list> -->
     <!-- <welcome-file>index.html</welcome-file> -->
     <!-- </welcome-file-list> -->
+    
+   
 
 </web-app>
\ No newline at end of file