How to set view level authorization in Vaadin

I use Vaadin 7, Spring Security, and the Spring -Vaadin-Integration add-on and have configured the authentication bit to work like a charm. When I got to the authorization part, I had some hairy problems. I want to set authorization for viewing without the need to check authorization at the navigation level (for example, in the AppFoundation application).

So, what I want is something like this :

@Component
@Scope("prototype")
@VaadinView(value = ASecuredView.NAME, cached = true)
@Secured("ROLE_ADMIN_PROD")
public class ASecuredView extends GridLayout implements View {
    ...
}

When an unauthorized user tries to enter this view, I want to process AccessDeniedExceptionand present to the user a notification message that explains something in the lines "View is available only to administrators".

I have the correct user role when invoking the view and no exceptions arise when I try to navigate there with an authorized user, so the annotation itself seems to work as it should.

The problem is that I cannot catch an AccessDeniedException.

I tried several different methods to solve this problem, but to no avail. Here are some of them:

• I created CustomAccessDeniedHandler, there was no exception.
• I tried a simple tag access-denied-handler, but the exception is still not caught.
• I tried to "throw" the exception using org.springframework.web.servlet.handler.SimpleMappingExceptionResolver, but still the same behavior.
• I tried annotation @PreFilterbut it did not work.
• I tried using handleSecuredAnnotations(around) Aspect, but even that didn't work!

Am I getting it wrong?

, / ? ?

Spring -security.xml. . , :

<global-method-security secured-annotations="enabled" />

<!-- Spring-Security -->
<http auto-config="true" use-expressions="true" disable-url-rewriting="true">
    <form-login authentication-success-handler-ref="authenticationSuccessHandler" />
    <intercept-url pattern="/**" access="isAuthenticated()" />
    <logout success-handler-ref="logoutSuccessHandler" invalidate-session="true" logout-url="/logout" />
    <access-denied-handler ref="customAccessDeniedHandler" />
</http>

<authentication-manager>
    <authentication-provider ref="activeDirectoryAuthenticationProvider" />
</authentication-manager>

<beans:bean id="activeDirectoryAuthenticationProvider" class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
    <beans:constructor-arg value="someserver.com" />
    <beans:constructor-arg value="ldap://ldaplb.someserver.com:389" />
    <beans:property name="userDetailsContextMapper" ref="customUserDetailsContextMapper" />
    <beans:property name="convertSubErrorCodesToExceptions" value="true" />
</beans:bean>

<beans:bean id="customAccessDeniedHandler" class="com.some.path.web.CustomAccessDeniedHandler" />
<beans:bean id="customUserDetailsContextMapper" class="com.some.path.web.CustomUserDetailsContextMapper" />

<beans:bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
    <beans:property name="defaultErrorView" value="uncaughtException" />
    <beans:property name="excludedExceptions" value="org.springframework.security.access.AccessDeniedException" />

    <beans:property name="exceptionMappings">
        <beans:props>
            <beans:prop key=".DataAccessException">dataAccessFailure</beans:prop>
            <beans:prop key=".NoSuchRequestHandlingMethodException">resourceNotFound</beans:prop>
            <beans:prop key=".TypeMismatchException">resourceNotFound</beans:prop>
            <beans:prop key=".MissingServletRequestParameterException">resourceNotFound</beans:prop>
        </beans:props>
    </beans:property>
</beans:bean>

<aop:config>
    <aop:aspect id="securedAspect" ref="securityFeedbackAspect">
        <aop:around pointcut="@annotation(org.springframework.security.access.annotation.Secured)" method="handleSecuredAnnotations" />
    </aop:aspect>
</aop:config>