Spring Security Access Denied Logging with Missing Role

Is there an out of the box solution for denying login access in spring security. What I want is basically showing what role the user is missing when he gets an access denied exception.

If it is not, and I need to follow the path to access my DeniedHandler resources, how can I access the role configured on this controller that threw an access denied exception.



source to share

1 answer

No, there is no concept of "missing roles" out of the box.

Access related events are published through the standard Spring event engine and you can use ApplicationListener

to subscribe to them, but there is no assumption that the access decision is solely based on roles in Spring Security. To do this, you will need to configure your implementation AccessDecisionManager

to log information about how it reached a particular decision.

In this case, it AccessDeniedHandler

doesn't really matter.



All Articles