Re: [Acegisecurity-developer] security filters not executing for custom error page

Thu, 09 Feb 2006 15:46:41 -0800 

On 2/9/06, Ben Alex <[EMAIL PROTECTED]> wrote:

> This is discussed a few times on the forums. Essentially there is
> nothing we can do about it. Some people have modified the
> ExceptionTranslationFilter (RC2 rename of SecuirtyEnforcementFilter)
> method sendAccessDenied(ServletRequest, ServletResponse, FilterChain,
> AccessDeniedException) to store additional information in HttpSession
> given it's not available from the normal SecurityContextHolder.
> Alternatively, use a JSP-based 403 page and access the HttpSession
> attribute keyed on
> HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY to

ah yes, that was what i needed. thanks! i'll look harder through the
forums next time.

> retrieve the user's details. This won't help you with the authz taglib,
> though, as it uses SecurityContextHolder. I suppose it's worth
> considering making it (and other taglibs) revert to checking the
> HttpSession directly if SecurityContextHolder doesn't contain an
> Authentication (such a check could be put into a static utility method
> for use by any taglib or templating system macro).

that would be super cool :)


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Reply via email to