custom 403 error page with spring security configured via java code

Question

Anyone knows how to configure a customized 403 page in spring security? Looking in the web, all the results I get it's with XML configuration, and I am using Java configuration. That's my SecurityConfig:

@Configuration
@ComponentScan(value="com")
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return new CustomAuthenticationManager();
    }

    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf()
                .disable()
            .authorizeRequests()
                .antMatchers("/resources/**", "/publico/**").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/acesso/login").permitAll()
                .loginProcessingUrl("/login").permitAll()
                .usernameParameter("login")
                .passwordParameter("senha")
                .successHandler(new CustomAuthenticationSuccessHandler())
                .failureHandler(new CustomAuthenticationFailureHandler())
                .and()
            .logout()
                .logoutUrl("/logout")
                .logoutSuccessUrl("/acesso/login").permitAll();
    }

}

I have a custom implementation for AccessDeniedHandler too:

public class CustomAccessDeniedHandler implements AccessDeniedHandler {

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException arg2) throws IOException, ServletException {
        response.sendRedirect(request.getContextPath() + "/erro/no_permit");
    }

}

Marco López · Accepted Answer · 2014-06-14T08:31:54.397

11

If I'm right, to personalize the page 403, you could use the model implemented by this server.

Spring Security : Customize 403 Access Denied Page

Example:

AppConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers("/resources/**", "/signup").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin()
            .loginPage("/login")
            .permitAll()
            .and()
            .exceptionHandling().accessDeniedPage("/403")
            .and()
            .logout().logoutUrl("/logout").logoutSuccessUrl("/")
            .and()
            .rememberMe()
            .and()
            .csrf().disable();
}

HomeController.java

@RequestMapping("/403")
public String accessDenied() {
    return "errors/403";
}

And the .html, would be a custom page with some message 403.

edited Jun 14 '14 at 08:31

answered Jun 12 '14 at 22:20

Marco López

156
3
13

I already have seen this example, but it uses configuration by XML, and I am using none XML in my project. I need a example which uses configuration by java code. – Kleber Mota Jun 12 '14 at 22:22
1

You've added this method: .and() .exceptionHandling().accessDeniedPage("/403") your HTTPSecurity? – Marco López Jun 12 '14 at 22:24
Actuallu java configuration for spring security looks ugly – gstackoverflow Jul 14 '15 at 21:07

custom 403 error page with spring security configured via java code

1 Answers1

Linked