[ https://issues.apache.org/jira/browse/DELTASPIKE-449?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13841300#comment-13841300 ]
Rainer Schön commented on DELTASPIKE-449: ----------------------------------------- I came across the same issue. In my opinion, it could be solved by providing an additional security interceptor, say ExceptionHandlingAwareSecurityInterceptor. This interceptor catches the AccessDenied exception and fires a ExceptionToCatchEven instead: {quote} @Dependent // important, otherwise it gets not installed in CDI 1.1 when bean-discovery-mode="annotated", alternatively you must set "all" @SecurityInterceptorBinding @Interceptor public class ExceptionHandlingAwareSecurityInterceptor implements Serializable { private static final long serialVersionUID = 1L; @Inject private SecurityStrategy securityStrategy; {color:red} @Inject private Event<ExceptionToCatchEvent> exEvt; {color} @AroundInvoke public Object filterDeniedInvocations(InvocationContext invocationContext) throws Exception { Object retval = null; try { retval = securityStrategy.execute(invocationContext); } catch (AccessDeniedException e) { {color:red}exEvt.fire(new ExceptionToCatchEvent(e));{color} } return retval; } } {quote} I implemented the idea above in my test environment (same package names as the original interceptor of course) and it works as expected. > ExceptionHandler not invoked for AccessDeniedException > ------------------------------------------------------ > > Key: DELTASPIKE-449 > URL: https://issues.apache.org/jira/browse/DELTASPIKE-449 > Project: DeltaSpike > Issue Type: New Feature > Components: Security-Module > Affects Versions: 0.5 > Environment: Glassfish 4 / Weld 2.0.4 > Reporter: John Schneider > Assignee: Jason Porter > > When an > org.apache.deltaspike.security.api.authorization.AccessDeniedException is > thrown, a valid ExceptionHandler method is not invoked. -- This message was sent by Atlassian JIRA (v6.1#6144)