How to handle HTTP 403 with Spring Security 3.0.x

Question

I\'m facing a little issue with Spring Security 3.0.x (3.0.2 in particular at the moment). The whole application I\'m working on is working perfectly except when someone who doe

Answer 1

The way to make this work is to define a handler in your entry point:

public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {
    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response, org.springframework.security.core.AuthenticationException authException) throws IOException, ServletException {

        if (authException != null) {
            // you can check for the spefic exception here and redirect like this
            response.sendRedirect("403.html");
        }
    }
}

You can define this as your entry point by setting this as you entry point in the xml config file:

  ...