First is a request, could you give us a search bar to forum? Thank you.
Second is my question. I try to use the @RolesRequired annotation and it’s worked, but redirect me to 404 page instead of 403. Can you tell me is a bug or a normal way of work? The @ServletSecurity(@HttpConstraint(rolesAllowed… Servlet solution send me to 403 page. I use rewrite-2.0.8.
Also, to answer your question, yes. This is to be expected. The @RolesRequired adds a condition that must be satisfied in order for that Rule/mapping to trigger. If it does not trigger, it will not send a 403. This would need to be another rule, but possible that could be enhanced.
@Christian would need to answer that question, I think.
@lincoln: Yeah, that is correctly. @RolesRequired is just a condition. If the condition does not match, the rule won’t be evaluated, usually resulting in a 404. To be honest, I’m not sure how we could improve that.
I tried to understand and analize your codes and tried to made a RewriteProvider. That was half the battle. I could solve the Provider redirect me to login page, that’s fine. But when I try to send to 403 page and after login from there, can’t access meg and load again the 403 page. (I think the request cannot be forwarded to 403 because it was aborted.) If you could make a Flow to event, what send to 403 page, like 301, could it work?
I attach the source of Provider.