1. 首頁
  2. 問答
  3. 彈簧安全 - 拒絕訪問處理程序

彈簧安全 - 拒絕訪問處理程序

2013-10-22 80 views
3

我在Spring Security中遇到了一些問題,並且無法訪問拒絕處理程序。彈簧安全 - 拒絕訪問處理程序

Spring安全性正在工作,但當我訪問/ admin沒有所需的權限(ROLE_ADMIN),Spring Security只是重定向到根頁面,這是我的登錄表單頁面。

我希望能夠將用戶重定向到/存取遭拒或/存取遭拒=真應該載入登錄頁面,並顯示以下消息:「權限被拒絕 - 請登錄」

彈簧security.xml文件? :

<beans:beans 
    xmlns:security="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
        http://www.springframework.org/schema/security 
        http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 


    <security:http> 
     <security:intercept-url pattern='/home' access='ROLE_USER,ROLE_ADMIN' /> 
     <security:intercept-url pattern='/admin*' access='ROLE_ADMIN' /> 
     <security:form-login login-page='/' default-target-url='/home' authentication-failure-url='/?error=true' /> 
     <security:logout logout-success-url='/' /> 
     <security:access-denied-handler error-page="/accessdenied"/> 
    </security:http> 
    <security:authentication-manager> 
     <security:authentication-provider> 
      <security:user-service> 
       <security:user name='a' password='a' authorities='ROLE_ADMIN,ROLE_USER' /> 
       <security:user name='u' password='u' authorities='ROLE_USER' /> 
      </security:user-service> 
     </security:authentication-provider> 
    </security:authentication-manager> 
</beans:beans>

的web.xml:

<?xml version="1.0" encoding="UTF-8"?> 
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> 

    <!-- The definition of the Root Spring Container shared by all Servlets and Filters --> 
    <context-param> 
     <param-name>contextConfigLocation</param-name> 
     <param-value> 
     /WEB-INF/spring/root-context.xml 
     /WEB-INF/spring/spring-security.xml 
     </param-value> 
    </context-param> 

    <!-- Creates the Spring Container shared by all Servlets and Filters --> 
    <listener> 
     <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
    </listener> 

    <!-- Processes application requests --> 
    <servlet> 
     <servlet-name>appServlet</servlet-name> 
     <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
     <init-param> 
      <param-name>contextConfigLocation</param-name> 
      <param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value> 
     </init-param> 
     <load-on-startup>1</load-on-startup> 
    </servlet> 

    <servlet-mapping> 
     <servlet-name>appServlet</servlet-name> 
     <url-pattern>/</url-pattern> 
    </servlet-mapping> 

    <!-- Spring Security --> 
    <filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
    </filter> 
    <filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
    </filter-mapping> 
    <welcome-file-list> 
    <welcome-file>login.jsp</welcome-file> 
    </welcome-file-list> 

</web-app>

LoginController.java 進口java.util.Locale中;

import org.slf4j.Logger; 
import org.slf4j.LoggerFactory; 
import org.springframework.stereotype.Controller; 
import org.springframework.ui.Model; 
import org.springframework.web.bind.annotation.RequestMapping; 
import org.springframework.web.bind.annotation.RequestMethod; 

@Controller 
public class LoginController { 

    private static final Logger logger = LoggerFactory.getLogger(LoginController.class); 

    /** 
    * Simply selects the home view to render by returning its name. 
    */ 
    @RequestMapping(value = "/", method = RequestMethod.GET) 
    public String home(Locale locale, Model model) 
    { 
     logger.info("Welcome home! The client locale is {}.", locale); 

     return "login"; 
    } 

    @RequestMapping(value = "/accessdenied", method = RequestMethod.GET) 
    public String accessDenied(Locale locale, Model model) 
    { 
     logger.info("Welcome home! The client locale is {}.", locale); 

     model.addAttribute("message", "Permission denied - please login"); 

     return "login"; 
    } 
}

我曾嘗試一些指南包括以下內容,沒有它的工作:

http://www.mkyong.com/spring-security/customize-http-403-access-denied-page-in-spring-security/ access denied page using spring security not working How to redirect to access-denied-page with spring security

任何幫助將不勝感激。

來源

2013-10-22 Emil C

回答

2

可否請您檢查日誌和你的情況確認的AuthenticationException是越來越拋出或訪問/管理頁面時出現AccessDeniedException。

此外,您還訪問管理頁面與正確的登錄沒有管理員權限,或者你沒有登錄訪問它?

Editted:

  1. 你能加入,當你有一個正確的登錄訪問/管理(不具有管理員私法)一些日誌語句或調試檢查,是方法存取遭拒()獲取調用?
  2. 你也可以分享你的登錄JSP,你可能沒有顯示消息PARAM正確
  3. 當用戶沒有要求的私法但它是一個有效的用戶則accessDeniedHandler被調用時,你可以看到在調試日誌
    4. 這樣的事情

訪問被拒絕(用戶不是匿名的);委託給 AccessDeniedHandler

AccessDeniedHndler將請求轉發到的errorPage(它不是一個重定向)

來源

2013-10-23 10:00:33 coder

+0

沒有任何異常被拋出。我現在試圖訪問管理頁面,其中正確的登錄沒有管理員權限,也沒有登錄。我仍然被重定向到登錄頁面。 –

+0

謝謝,它現在正在工作。你絕對正確,問題出在login.jsp頁面。如果用戶嘗試訪問/ home或/ admin而沒有以有效用戶/管理員的身份登錄,可以爲用戶顯示一條消息嗎? –

0

使用Spring ExceptionTranslationFilter將幫助您獲得所需的輸出。你可以給它一個嘗試

過濾器匹配添加到您的所有要求

然後注入的ExceptionTranslationFilter如下

<bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter"> 
    <property name="authenticationEntryPoint" ref="authenticationEntryPoint" /> 
    <property name="accessDeniedHandler"> 
     <bean class="org.springframework.security.web.access.AccessDeniedHandlerImpl"> 
      <property name="errorPage" value="/login/denied.action"/> 
     </bean> 
    </property> 
</bean>

來源

2013-10-22 12:25:34

+0

我已嘗試做之前,這裏以下答案:http://stackoverflow.com/questions/9244238 /如何重定向到訪問拒絕頁面與彈簧安全/ 9254613#9254613但它不適合我。 –

相關問題

 相關問題