我在 Spring Boot 中处理 403 禁止问题时遇到问题。正如我已经通过扩展 WebSecurityConfigurerAdapter 来自定义的类来处理它一样。它给了我作为禁止的输出。它应该重定向到 403 url,但它不起作用。我是初学者,不知道哪里错了。
public class WebAppInitializer implements WebApplicationInitializer {
@Override
public void onStartup(ServletContext servletContext)
throws ServletException {
AnnotationConfigWebApplicationContext ctx = new AnnotationConfigWebApplicationContext();
ctx.register(SecurityConfiguration.class);
ctx.setServletContext(servletContext);
//ctx.register(SecurityConfiguration.class);
DispatcherServlet dispatcherServlet = new DispatcherServlet(ctx);
dispatcherServlet.setThrowExceptionIfNoHandlerFound(true);
Dynamic dynamic = servletContext.addServlet("dispatcher", dispatcherServlet);
dynamic.addMapping("/data/*");
dynamic.setLoadOnStartup(1);
}
}
和我的AppConfig类
package com.portal.spring.config;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
@ComponentScan("com.portal")
@EnableWebMvc
public class AppConfig extends WebMvcConfigurerAdapter {
}
和安全配置
package com.portal.spring.config;
import java.util.logging.Logger;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private static final Logger log= Logger.getLogger( SecurityConfiguration.class.getName() );
@Override
protected void configure(HttpSecurity http) throws Exception {
http.exceptionHandling().accessDeniedHandler(new AccessDenyHandler());
}
}
和accessdenyhandler
package com.portal.spring.config;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
public class AccessDenyHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest request, HttpServletResponse response,
AccessDeniedException arg2) throws IOException, ServletException {
response.sendRedirect("//403");
}
}
最佳答案
这是我的 AccessDenied 处理程序。我已明确委托(delegate)给 Spring AccessDeniedHandler 实现,但我有一些与 CSRF 相关的内容需要处理。该部分未包含在下面的代码中,因为它是特定于应用程序的。其他代码(例如 SecurityConfig)与我使用的类似
public class MyAccessDeniedHandler implements AccessDeniedHandler {
private AccessDeniedHandlerImpl accessDeniedHandlerImpl = new AccessDeniedHandlerImpl();
public void handle(HttpServletRequest request, HttpServletResponse response,
AccessDeniedException accessDeniedException) throws IOException, ServletException {
//Some CSRF related code
// Then call accessDeniedHandlerImpl.handle to handle request
accessDeniedHandlerImpl.handle(request, response, accessDeniedException);
}
/**
* The error page to use. Must begin with a "/" and is interpreted relative to the current context root.
*
* @param errorPage the dispatcher path to display
*
* @throws IllegalArgumentException if the argument doesn't comply with the above limitations
* @see AccessDeniedHandlerImpl#setErrorPage(String)
*/
public void setErrorPage(String errorPage) {
// You can set custom error page here
accessDeniedHandlerImpl.setErrorPage(errorPage);
}
}
关于java - 如何处理Spring Boot注释中的403禁止错误?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37740456/