Greg Bowyer(Migrated from SEC-1103) said:
The ExceptionTranslationFilter currently does not handle JspException, this means that when a security exception occurs it is not trapped by the filter, and the security handling is never correctly fired.
Greg Bowyer said:
Attached is a patch that solves the above issue
Luke Taylor said:
This is essentially a view-specific issue and not a bug since the ThrowableAnalyzer is customizable specifically to allow you to handle this kind of behaviour from the view layer. We’d prefer to restrict the web module dependencies to the servlet API.