How to send message or redirect user when security constraint block access

Question

I have following security constraint in my web.xml

<security-constraint>
    <display-name>Admin Pages</display-name>
    <web-resource-collection>

        <web-resource-name>Protected Admin Area</web-resource-name>
        <description/>
        <url-pattern>/administrator/*</url-pattern>
        <url-pattern>/faces/backend/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
        <http-method>HEAD</http-method>
        <http-method>PUT</http-method>
        <http-method>OPTIONS</http-method>
        <http-method>TRACE</http-method>
        <http-method>DELETE</http-method>
    </web-resource-collection>
    <auth-constraint>
        <description/>
        <role-name>administrator</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>

It`s works fine. But i would like to redirect users (already logged user with some assign role but not role administrator). In this case. When user trying to access to url http://mywebap//administrator/* he get a response from server

403 Forbiden.

I would here not display this but redirect user to some more friendly view. It is possible?

score 1 · Accepted Answer · edited May 23 '17 at 12:14

1

Simply configure the desired page as a custom HTTP 403 error page in web.xml.

<error-page>
    <error-code>403</error-code>
    <location>/WEB-INF/errorpages/403.xhtml</location>
</error-page>

This assumes that you've covered *.xhtml as URL pattern of FacesServlet. And, it's being placed in /WEB-INF to prevent direct access.

edited May 23 '17 at 12:14

Community

1
1

answered May 26 '15 at 15:28

BalusC

1,082,665
372
3,610
3,555

How to send message or redirect user when security constraint block access

1 Answers1