java - waffle custom error page in spring -
java - waffle custom error page in spring -
i using waffle 1.7 + spring 4 + spring security 3.2 + thymeleaf. problem is, unable provide custom error page when fall-back form logging fails. configuration: @override protected void configure(httpsecurity http) throws exception { http.authorizerequests() .antmatchers("/**") .authenticated() .and() .exceptionhandling() .authenticationentrypoint(negotiatesecurityfilterentrypoint()) .accessdeniedpage("/access-denied") .and() .addfilterbefore(wafflenegotiatesecurityfilter(), basicauthenticationfilter.class); }
when user uses browser snpengo off , enters wrong credentials, default scheme 500 page appears next information:
com.sun.jna.platform.win32.win32exception: logon effort failed. waffle.windows.auth.impl.windowsauthproviderimpl.acceptsecuritytoken(windowsauthproviderimpl.java:134) waffle.servlet.spi.negotiatesecurityfilterprovider.dofilter(negotiatesecurityfilterprovider.java:103) waffle.servlet.spi.securityfilterprovidercollection.dofilter(securityfilterprovidercollection.java:130) ...
how can provide custom page (access-denied.html thymeleaf template) ? far have tried http://spring.io/blog/2013/11/01/exception-handling-in-spring-mvc without success.
after digging spring documentation , tracking waffle have been able solve in next "ugly" way. 1. disabling security /access-denied page prevent endless redirection loop 2. wrapping waffle filter grab exceptions , redirect it
does have improve solution ?
@override protected void configure(httpsecurity http) throws exception { http.authorizerequests() .antmatchers("/access-denied") .permitall() .and() .authorizerequests() .antmatchers("/**") .authenticated() .and() .exceptionhandling() .authenticationentrypoint(negotiatesecurityfilterentrypoint()) .accessdeniedpage("/access-denied") .and() .addfilterbefore(wafflenegotiatesecurityfilter(), basicauthenticationfilter.class); } public class wafflewrappersecuritybean extends genericfilterbean { @notnull private final genericfilterbean wrappedfilter; public wafflewrappersecuritybean(genericfilterbean filter) { wrappedfilter = filter; } @override public void dofilter(servletrequest request, servletresponse response, filterchain chain) throws ioexception, servletexception { seek { wrappedfilter.dofilter(request, response, chain); } grab (exception e) { ((httpservletresponse) response) .sendredirect("access-denied?message=" + e.getlocalizedmessage()); } } @override public void destroy() { wrappedfilter.destroy(); } } // controller code ommited
java spring spring-security waffle
Comments
Post a Comment