Spring Security Access Denied Logging with Missing Role
Is there an out of the box solution for denying login access in spring security. What I want is basically showing what role the user is missing when he gets an access denied exception.
If it is not, and I need to follow the path to access my DeniedHandler resources, how can I access the role configured on this controller that threw an access denied exception.
Thank!
source to share
No, there is no concept of "missing roles" out of the box.
Access related events are published through the standard Spring event engine and you can use ApplicationListener
to subscribe to them, but there is no assumption that the access decision is solely based on roles in Spring Security. To do this, you will need to configure your implementation AccessDecisionManager
to log information about how it reached a particular decision.
In this case, it AccessDeniedHandler
doesn't really matter.
source to share