在我的項目中實現了spring security的實現,但我在定義重定向時遇到問題。當訪問被鎖定時,我需要將該用戶重定向到特定的URL。春季安全錯誤嘗試重定向「訪問被拒絕」
當我把標籤「access-denied-handler」我希望他重定向到bean上定義的頁面,但不會發生。
安全的context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- Method Security -->
<security:global-method-security pre-post-annotations="enabled">
<security:expression-handler ref="expressionHandler" />
</security:global-method-security>
<bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
<property name="permissionEvaluator" ref="permissionEvaluator"/>
</bean>
<bean id="permissionEvaluator" class="net.pontoall.hemisphere.security.HemispherePermissionEvaluator"/>
<!-- Publicos -->
<security:http pattern="/layouts/**" security="none" />
<security:http pattern="/messages/**" security="none" />
<security:http pattern="/test/**" security="none" />
<security:http pattern="/resources/**" security="none" />
<security:http pattern="/login/**" security="none" />
<security:http pattern="/install/**" security="none" />
<security:http pattern="/cobredireto/**" security="none" />
<security:http pattern="/hotsite/**" security="none" />
<security:http pattern="/captcha.jpg" security="none" />
<security:http auto-config="true" use-expressions="true">
<security:access-denied-handler ref="HemisphereAccessDeniedHandler"/>
<security:intercept-url pattern="/**" access="isAuthenticated()" />
<security:form-login login-page="/login" default-target-url="/home"
authentication-failure-url="/login?logout=true"
authentication-success-handler-ref="authenticationSuccessHandler"
authentication-failure-handler-ref="authenticationFailureHandler"/>
<security:logout logout-url="/j_spring_security_logout" invalidate-session="true" success-handler-ref="logoutHandler"/>
</security:http>
<!-- Authentication Manager -->
<security:authentication-manager alias="authenticationManager">
<!-- Custom Authentication provider -->
<security:authentication-provider ref="hemisphereAuthenticationProvider"/>
</security:authentication-manager>
<bean id="hemisphereAuthenticationProvider" class="net.pontoall.hemisphere.security.HemisphereAuthenticationProvider">
<property name="userDetailsService" ref="userDetailService"/>
</bean>
<bean id="authenticationSuccessHandler" class="net.pontoall.hemisphere.security.HemisphereAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/home" />
<property name="alwaysUseDefaultTargetUrl" value="no" />
</bean>
<bean id="authenticationFailureHandler" class="net.pontoall.hemisphere.security.HemisphereAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/login" />
</bean>
<bean id="logoutHandler" class="net.pontoall.hemisphere.security.HemisphereLogoutHandler"/>
<bean id="HemisphereAccessDeniedHandler" class="net.pontoall.hemisphere.security.HemisphereAccessDeniedHandler">
<property name="errorPage" value="/error/permissao"/>
</bean>
豆爪哇 - HemisphereAccessDeniedHandler.java:
public class HemisphereAccessDeniedHandler implements AccessDeniedHandler {
private String errorPage;
public String getErrorPage() {
return errorPage;
}
public void setErrorPage(String errorPage) {
if (errorPage == "") {
errorPage = "/";
}
this.errorPage = errorPage;
}
@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
// Set the 403 status code.
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
response.sendRedirect(errorPage);
}
}
我試過但沒有工作,我正在調試它沒有進入課堂。 –