i've configured a custom error page for 403 responses in my web.xml. i
want that page to use the authz taglib to render itself differently
depending on whether the authentication for the request is anonymous
or represents a known user of my application.
however, acegi security doesn't seem to be getting invoked for the
error page. when i turn on debugging, i see that the original request
results in an AccessDeniedException, and the container (tomcat 5.5)
serves my forbidden page, but my authz:authorize tags all seem to be
evaluating to false, and authz:authentication operation="username"
evaluates to the empty string, all of which seems to indicate that
there is no current security context.
the debug logging seems to indicate that
HttpSessionContextIntegrationFilter clears the ContextHolder just
after the AccessDeniedException is thrown. no second invocation of the
filter chain for the custom error page is processed. hmm.. are filters
not executed when requests are forwarded? i assume that tomcat is
forwarding to the custom error page.
thanks!
relevant web.xml snippets:
<filter>
<filter-name>console-security</filter-name>
<filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetBean</param-name>
<param-value>consoleFilterChainProxy</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>console-security</filter-name>
<url-pattern>/console/*</url-pattern>
</filter-mapping>
<error-page>
<error-code>403</error-code>
<location>/console/error</location>
</error-page>
and from the spring config:
<bean id="consoleFilterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
<property name="accessDecisionManager">
<ref bean="accessDecisionManager"/>
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/console/error=ROLE_ANONYMOUS,ROLE_USER,ROLE_ROOT
.......
</value>
</property>
</bean>
and from the jsp:
username: <pre>[<authz:authentication operation="username"/>]</pre>
<authz:authorize ifAnyGranted="ROLE_USER">
<p>
<html:link page="/console/logout">
You are logged in. Log out to sign up for a new account.
</html:link>
</p>
</authz:authorize>
<authz:authorize ifAnyGranted="ROLE_ANONYMOUS">
<p>
<html:link page="/console/account">
You need to be logged in to access this resource.
</html:link>
<br>
<html:link page="/console/account/new">
If you do not have an account, click here to sign up for one.
</html:link>
</p>
</authz:authorize>
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid�3432&bid#0486&dat�1642
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
