I have a controller in my project that handles all exceptions defined as follows:
@ControllerAdvice
public class GlobalExceptionHandlingController {
@ResponseBody
@ExceptionHandler(value = AccessDeniedException.class)
public ResponseEntity accessDeniedException() {
Logger.getLogger("#").log(Level.SEVERE, "Exception caught!");
return new ResponseEntity("Access is denied", HttpStatus.FORBIDDEN);
}
}
I am focusing on one specific exception here, and this is an AccessDeniedException that Spring Security throws upon unauthorized requests. This works fine for "normal" aka-a-a-ax-requests. I can click the link or enter the URL directly in the location bar, and I will see this message if the request is unauthorized.
However, on an AJAX request (using Angular for it), I get a standard 403 error page as an answer, but what’s interesting is that I see that an AccessDeniedException falls into this controller!
, , AccessDeniedHandler, :
Spring:
.and()
.exceptionHandling().accessDeniedPage("/error/403/");
, :
@Controller
public class AjaxErrorController {
@ResponseBody
@RequestMapping(value = "/error/403/", method = RequestMethod.GET)
public ResponseEntity accessDeniedException() {
return new ResponseEntity("Access is denied (AJAX)", HttpStatus.FORBIDDEN);
}
}
, , . ?
? , - .
Spring 4.2.5 Spring Security 4.0.4.