Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Customize page: HTTP Status 403 - Bad or missing CSRF value

Former Member

on ‎2018 Mar 01 8:45 PM

0 Likes
1,061

Hello, I'm having some trouble customizing the behavior after a CSRF error. I've found the following solution in multiple SPRING MVC websites but I'm unable to apply on my spring-security-config.xml

http://www.baeldung.com/spring-security-custom-access-denied-page

Have anyone sucessfully changed that page redirecting to HOME or /LOGIN? I also found out the DefaultAcceleratorAccessDeniedHandler and made the following declaration on my spring-security-config.xml without sucess:

bean id="defaultAcceleratorAccessDeniedHandler" class="de.hybris.platform.acceleratorstorefrontcommons.security.impl.DefaultAcceleratorAccessDeniedHandler"
property name="errorPage" value="403"

Have anyone sucessfully customized a HTTP 403 page on Hybris Commerce?

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
raghavendra_desu
Product and Topic Expert
Product and Topic Expert
‎2018 Mar 02 12:01 PM
0 Likes

Hi ,

I hope you are trying to override login failure scenario only, if yes have you tried overriding loginAuthenticationFailureHandler bean from spring-security-config.xml file which should help you.

Regards, Raghavendra.

Former Member
‎2018 Mar 02 3:12 PM
0 Likes

Hi. I work with him. Actually what we want is to display a more friendly message when a HTTP 403 happens when someone execute POST without being authenticated (CSRF error).

Accepted Solutions (0)

Answers (2)

Answers (2)

bhavirisetty
Active Participant
‎2018 Mar 05 2:03 PM
0 Likes

Hi,

I would recommend below approach,

Write a controller for /accsessDenied and configure below one in web.xml.

 <error-page>
     <error-code>403</error-code>
     <location>/accessDenied</location>
 </error-page>

Your controller method should return a custom-403.jsp

Thanks

Show replies
Show replies
Former Member
‎2018 Mar 05 1:45 PM
0 Likes

I was able to change the behavior of the HTTP 403 CSRF page changing the return in the class CSRFHandlerInterceptor.

Show replies
Show replies
Ask a Question