這裏是我的這個解決方案:
@Configuration
public class WebCtxConfig implements BeanPostProcessor {
@Override
public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
if (bean instanceof SessionManagementFilter) {
SessionManagementFilter filter = (SessionManagementFilter) bean;
filter.setInvalidSessionStrategy(new InvalidSessionStrategy() {
@Override
public void onInvalidSessionDetected(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
});
}
return bean;
}
@Override
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
return bean;
}
}
查看源代碼,它似乎並不可定製:https://github.com/grails-plugins/grails-spring-security-core /blob/144b235e1c45e3de7178089e7be0b478d0ce512c/src/java/grails/plugin/springsecurity/web/access/AjaxAwareAccessDeniedHandler.java –
嗯,這是令人失望的。 – Gregg
沒有什麼可以阻止你用你自己的實現這個特性的默認實現來代替它。可能還會提出一個很好的pull請求(: –