403 Redirect Error - Spring Google App Engine Security

Question

I am using the sample code to authenticate with Google App Engine and I can't get Spring to Redirect to my registration page without getting a 403 error.

Here is the stack trace of the error.

21:13:34,576 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] - Checking match of request : '/home.jsp'; against '/register.jsp*'
21:13:34,576 DEBUG [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] - Secure object: FilterInvocation: URL: /home.jsp; Attributes: [hasRole('USER')]
21:13:34,576 DEBUG [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] - Secure object: FilterInvocation: URL: /home.jsp; Attributes: [hasRole('USER')]
21:13:34,576 DEBUG [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] - Previously Authenticated: GaeUserAuthentication{principal=GaeUser{userId='185804764220139124118', nickname='test@example.com', forename='null', surname='null', authorities=[NEW_USER], email=test@example.com}, isEnabled=true}, details=org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null, authenticated=true}
21:13:34,576 DEBUG    [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] - Previously Authenticated: GaeUserAuthentication{principal=GaeUser{userId='185804764220139124118', nickname='test@example.com', forename='null', surname='null', authorities=[NEW_USER], email=test@example.com}, isEnabled=true}, details=org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null, authenticated=true}
21:13:34,584 DEBUG [org.springframework.security.access.vote.AffirmativeBased] - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@415edbff, returned: -1
21:13:34,584 DEBUG [org.springframework.security.access.vote.AffirmativeBased] - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@415edbff, returned: -1
21:13:34,586 DEBUG [org.springframework.security.web.access.ExceptionTranslationFilter] - Access is denied (user is not anonymous); delegating to AccessDeniedHandler

Here is my

applicationContext-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">


<http pattern="/favicon.ico" security="none" />
<http pattern="/loggedout.jsp" security="none" />
<http pattern="/disabled.jsp" security="none" />
<http pattern="/_ah/**" security="none" />  
<http pattern="/landing.jsp" security="none"></http>
<http pattern="/register.jsp" security="none"/>
<http use-expressions="true" entry-point-ref="gaeEntryPoint">
    <intercept-url pattern="/" access="permitAll" />
    <intercept-url pattern="/logout.jsp" access="permitAll" />
    <intercept-url pattern="/register.jsp*" access="hasRole('NEW_USER')"/>
    <intercept-url pattern="/**" access="hasRole('USER')" />
    <intercept-url pattern="/_ah/**" access="permitAll"/>
    <custom-filter position="PRE_AUTH_FILTER" ref="gaeFilter" />
</http>

<b:bean id="gaeEntryPoint"
    class="com.principalmvl.lojackmykids.authentication.GoogleAccountsAuthenticationEntryPoint" />

<b:bean id="gaeFilter"
    class="com.principalmvl.lojackmykids.authentication.GaeAuthenticationFilter">
    <b:property name="authenticationManager" ref="authenticationManager" />
    <b:property name="failureHandler">
        <b:bean
            class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler">
            <b:property name="exceptionMappings">
                <b:map>
                    <b:entry
                        key="org.springframework.security.authentication.DisabledException"
                        value="/disabled.jsp" />
                </b:map>
            </b:property>
        </b:bean>
    </b:property>
</b:bean>

<authentication-manager alias="authenticationManager">
    <authentication-provider ref="gaeAuthenticationProvider" />
</authentication-manager>

<b:bean id="gaeAuthenticationProvider"
    class="com.principalmvl.lojackmykids.authentication.GoogleAccountsAuthenticationProvider">
    <b:property name="userRegistry" ref="userRegistry" />
</b:bean>

<b:bean id="userRegistry"
    class="com.principalmvl.lojackmykids.datautilities.GaeDatastoreUserRegistry" />

<b:bean id="loggerListener"
    class="org.springframework.security.authentication.event.LoggerListener" />

The register.jsp page has NEW_USER as a role for that authenticated user.

Can someone tell me what I'm doing wrong?

Answer 1

I think the HTTP is missing <security:access-denied-handler ref="accessDeniedHandler" /> and its implemetation <bean id="accessDeniedHandler" class="com.ddd.AccessDeniedHandler"> <property name="strAccessDeniedUrl" value="access_denied_login.jsp" /> </bean>

you need to extend AccessDeniedHandler class to handle your logic