Bom dia, estou tentando redirecionar um usuário do sistema para uma pagina de erro caso algo de errado aconteça com a sessão ou caso o usuário tenha acesso negado a determinada pagina etc…
Estou utilizando o Spring Security para isso.
na minha classe applicationContext.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<beans:bean id="appUserDetailsService" class="security.AppUserDetailsService" />
<beans:bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter">
<beans:property name="accessDeniedHandler" ref="jsfAccessDeniedHandler"/>
<beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
</beans:bean>
<beans:bean id="jsfAccessDeniedHandler" class="security.JsfAccessDeniedHandler">
<beans:property name="loginPath" value="/AcessoNegado.xhtml" />
<beans:property name="contextRelative" value="true" />
</beans:bean>
<beans:bean id="authenticationEntryPoint" class="security.JsfLoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/Login.xhtml"/>
<beans:property name="redirectStrategy" ref="jsfRedirectStrategy" />
</beans:bean>
<beans:bean id="jsfRedirectStrategy" class="security.JsfRedirectStrategy"/>
<http pattern="/Login.xhtml" security="none"/>
<http pattern="/Erro.xhtml" security="none"/>
<http pattern="/javax.faces.resource/**" security="none" />
<http auto-config="false" use-expressions="true">
<custom-filter ref="exceptionTranslationFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
<intercept-url pattern="/Home.xhtml" access="isAuthenticated()" />
<intercept-url pattern="/marca/**" access="hasAnyRole('ADMINISTRADORES')" />
<intercept-url pattern="/agenda/**" access="hasAnyRole('ADMINISTRADORES')" />
<intercept-url pattern="/cliente/**" access="hasAnyRole('PADRAO','ADMINISTRADORES')" />
<intercept-url pattern="/usuario/**" access="hasAnyRole('ADMINISTRADORES')" />
<intercept-url pattern="/**" access="denyAll" />
<form-login login-page="/Login.xhtml" authentication-failure-url="/Login.xhtml?invalid=true" default-target-url="/" always-use-default-target="true"/>
<logout logout-url="/j_spring_security_logout" invalidate-session="true" />
</http>
<authentication-manager>
<authentication-provider user-service-ref="appUserDetailsService">
<!-- <password-encoder hash="md5"/> -->
</authentication-provider>
</authentication-manager>
</beans:beans>
E usei como modelo essas 3 classes apresentadas no curso da algaworks.
https://github.com/algaworks/curso-javaee-primefaces/blob/master/ResolvendoProblemaRequisicaoAjax/src/main/java/com/algaworks/pedidovenda/security/JsfAccessDeniedHandler.java
https://github.com/algaworks/curso-javaee-primefaces/blob/master/ResolvendoProblemaRequisicaoAjax/src/main/java/com/algaworks/pedidovenda/security/JsfLoginUrlAuthenticationEntryPoint.java
https://github.com/algaworks/curso-javaee-primefaces/blob/master/ResolvendoProblemaRequisicaoAjax/src/main/java/com/algaworks/pedidovenda/security/JsfRedirectStrategy.java
Entretanto continuo sendo enviado para esta pagina.
Obs: é a primeira vez que utilizo o Spring, alguma ideia de como resolver?
att;
Edd: Verificando o console do chrome percebi as seguintes situacoes. quando devo ser direcionado para a pagina de erro /AcessoNegado.xhtml existem varias requisicoes e entre uma delas existe uma falha:
