1. 首頁
  2. 問答
  3. 定製HTTP 403頁不在春季安全工作

定製HTTP 403頁不在春季安全工作

2016-05-04 24 views
4

我想替換默認拒絕訪問頁面:定製HTTP 403頁不在春季安全工作

HTTP 403

隨着我的自定義頁面,我的方法是這樣的:

@Configuration 
@EnableWebSecurity 
public class SecurityContextConfigurer extends WebSecurityConfigurerAdapter { 

    @Autowired 
private UserDetailsService userDetailsService; 

@Override 
public void configure(WebSecurity web) throws Exception { 
    web.ignoring().antMatchers("/resources/**"); 
} 

@Override 
protected void configure(HttpSecurity http) throws Exception { 

    http.sessionManagement().maximumSessions(1) 
      .sessionRegistry(sessionRegistry()).expiredUrl("/"); 
    http.authorizeRequests().antMatchers("/").permitAll() 
      .antMatchers("/register").permitAll() 
      .antMatchers("/security/checkpoint/for/admin/**").hasRole("ADMIN") 
      .antMatchers("/rest/users/**").hasRole("ADMIN").anyRequest() 
      .authenticated().and().formLogin().loginPage("/") 
      .defaultSuccessUrl("/welcome").permitAll().and().logout() 
      .logoutUrl("/logout"); 
} 

@Bean 
public SessionRegistry sessionRegistry() { 
    return new SessionRegistryImpl(); 
} 

@Bean 
public AuthenticationProvider daoAuthenticationProvider() { 
    DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider(); 
    daoAuthenticationProvider.setUserDetailsService(userDetailsService); 

    return daoAuthenticationProvider; 

} 

@Bean 
public ProviderManager providerManager() { 

    List<AuthenticationProvider> arg0 = new CopyOnWriteArrayList<AuthenticationProvider>(); 
    arg0.add(daoAuthenticationProvider()); 

    return new ProviderManager(arg0); 

} 

@Bean(name = "myAuthenticationManagerBean") 
@Override 
public AuthenticationManager authenticationManagerBean() throws Exception { 
    return super.authenticationManagerBean(); 
} 

@Override 
protected AuthenticationManager authenticationManager() throws Exception { 
    return providerManager(); 
} 

    @Bean 
    public ExceptionTranslationFilter exceptionTranslationFilter() { 
     ExceptionTranslationFilter exceptionTranslationFilter = 
       new ExceptionTranslationFilter(new CustomAuthenticationEntryPoint()); 
     exceptionTranslationFilter.setAccessDeniedHandler(accessDeniedHandler()); 

     return exceptionTranslationFilter; 
    } 
    @Bean 
    public AccessDeniedHandlerImpl accessDeniedHandler() { 
     AccessDeniedHandlerImpl accessDeniedHandlerImpl = new 
       AccessDeniedHandlerImpl(); 
     accessDeniedHandlerImpl.setErrorPage("/page_403.jsp"); 
     System.out.println("ACCESS DENIED IS CALLED......"); 
     return accessDeniedHandlerImpl; 
    } 

    private class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint{ 

     @Override 
     public void commence(HttpServletRequest request, HttpServletResponse response, 
       AuthenticationException authenticationException) throws IOException, 
       ServletException { 

      response.sendError(HttpServletResponse.SC_FORBIDDEN, 
        "Access denied."); 
     } 

    } 

}

但隨着以上配置我仍然沒有完成工作,看到相同的

HTTP 403

是否有更多的豆必須注入此目的?

來源

2016-05-04 Logical Error

+1

哪個更清楚地表明你沒有配置任何東西,只有幾個bean。只需添加bean並不會對你有所幫助,你也可以通過複雜的方式來簡化操作(參見答案和參考指南)。 –

回答

3

免責聲明:這不僅是解決方案,而是一個正在運行的。

在這種情況下,我的做法是儘可能簡單這是您的SecurityContext

@Override 
protected void configure(HttpSecurity http) throws Exception { 

    http.sessionManagement().maximumSessions(1) 
      .sessionRegistry(sessionRegistry()).expiredUrl("/"); 
    http.authorizeRequests().antMatchers("/").permitAll() 
      .antMatchers("/register").permitAll() 
      .antMatchers("/security/checkpoint/for/admin/**").hasRole("ADMIN") 
      .antMatchers("/rest/users/**").hasRole("ADMIN").anyRequest() 
      .authenticated().and().formLogin().loginPage("/") 
      .defaultSuccessUrl("/welcome").permitAll().and().logout() 
      .logoutUrl("/logout").and() 
      .exceptionHandling().accessDeniedPage("/page_403");//this is what you have to do here to get job done. 
}

參考添加這個方法:Custom 403 Page in Spring Security

來源

2016-05-04 14:08:58

1

作爲@M。 Deinum指出,你應該告訴Spring Security如何整合這些bean。無論如何,有一個你想達到什麼樣的一個更簡單的方法:

@Configuration 
@EnableWebSecurity 
public class SecurityContextConfigurer extends WebSecurityConfigurerAdapter { 
    // Rest omitted 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http 
       // The usual stuff 
       .exceptionHandling() 
        .accessDeniedPage("/page_403.jsp") 
        .authenticationEntryPoint((request, response, authException) -> { 
         response.sendError(HttpServletResponse.SC_FORBIDDEN); 
        }); 
    } 
}

來源

2016-05-04 14:07:38

相關問題

 相關問題