Mapping an exception to 404 page while using Spring Security taglibs

Question

When mapping an Exception to 404 page, the Spring Security tags can\'t find the authentication information from the security context. With a \"real\" 404 the authentication is f

Answer 1

Add the following two dispatcher elements to your spring security filter-mapping:

<filter-mapping>
    ...
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>ERROR</dispatcher>
</filter-mapping>

By default only ordinary requests go through a defined filter-mapping.

"INCLUDE" and "FORWARD" are the two other valid dispatcher element values.

Answer 2

The most probable case is that some component in your code is calling HttpSession.invalidate() while exception handling. You can easily find this out by a simple debugging.

But actually it is not necessary to check for isAnonymous() - it is enough to check for user not having ROLE_USER authority:

• In Spring Security 2: you can use areNotGranted attribute of <sec:authorize> tag (see Spring Security 2 documentation
• In Spring Security 3: you can use Spring EL for evaluation of negative condition: access="!hasRole('ROLE_USER')"