Programmatic security check is not redirecting user to 403 page

[rmpestano]

Issue overview

The programmatic security check here works but doesn't redirect user to 403 page as configured in web.xml here.

Current behavior

The page freezes when a non admin user tries to delete a car in car-form page.

Expected behavior

Users without ADMIN_ROLE should be redirected to 403 page when trying to delete a car in car-form page.

[aLeXcBa1990]

Hi @rmpestano.
I thing I can fix this, but can I give some suggestion?

[rmpestano]

Hi, yes any advice is very welcome!

Thank you in advance.

[aLeXcBa1990]

I think it's unnecessary to redirect to 403, we could:

1. Hide the button delete to not ADMIN users.
2. Launch a faces message informing that only ADMIN users can do it.
3. Both previous for security.

[rmpestano]

I prefer to keep the same behavior we have in admin-starter-security, is it possible?

[aLeXcBa1990]

Ok. I will try to fix that.

[rmpestano]

Any idea @persapiens?

[aLeXcBa1990]

Hi @rmpestano

I've been doing some tests with admin-starter-springboot-security.
After some attempts I built the project almost successfully.
I found some issues at AdminFilter.java , which is handling the session through from AdminSession.java .

There the problems began:

1. I am almost certain that issu issue3 is related

2. The project runs in the tests in the IDE but when mounting the war in Tomcat I have the following error:
   com.github.adminfaces.template.exception.CustomExceptionHandler.goToErrorPage
   java.lang.IllegalStateException: No WebApplicationContext found: no ContextLoaderListener registered?

3. When trying to use SecurityContextHolder.getContext().GetAuthentication().GetName() to verify if the user is registered, I get an error, which I think is related to issue454, since AdminServletContextListener initializes javax.servlet.ServletContextListener instead of org.springframework.web.context.ContextLoaderListener

I would like to contribute admin-starter-springboot-security. with a functional example with a database but this error has been delayed for a few days, I hope you can help me

[aLeXcBa1990]

Hi again @rmpestano

I tell you that by reviewing adminfaces/admin-starter-springboot-security#4 and following the instructions of this page I can run the project in production

Very soon I will be updating adminfaces/admin-starter-springboot-security with everything I have been able to learn

regards