当发生超时后调用Servlet方法(控制器)时,Spring Security 3.1重定向到登录不起作用
[英]Spring Security 3.1 redirect to login doesn't work when a call a Servlet Method (Controller) after Timeout occurs
问题描述
The problem is similar: Spring Security 3.1 redirect to login doesn't work 
问题是相似的: Spring Security 3.1重定向到登录不起作用
I use Spring 3.1 with Spring Mvc and Spring Security. 我将Spring 3.1与Spring Mvc和Spring Security结合使用。
Here, app-security-config. 在这里,app-security-config。
<security:http auto-config="true" use-expressions="true">
<security:form-login login-page="/login.jsp"
login-processing-url="/j_spring_security_check"
default-target-url="/pages/index.jsp"
always-use-default-target="true"
authentication-failure-url="/login.jsp?login_error=1"/>
<security:access-denied-handler ref="accessDeniedHandler"/>
<!-- Session Invalida-->
<security:logout invalidate-session="true" logout-success-url="/login.jsp" delete-cookies="JSESSIONID" />
<!-- Interceptadores -->
<!-- security:intercept-url pattern="/expire.jsp*" filters="none"/-->
<!-- security:intercept-url pattern="/login.jsp*" access="ROLE_ANONYMOUS" requires-channel="https"/-->
<security:intercept-url pattern="/expire.jsp" access="permitAll" />
<security:intercept-url pattern="/AccessDenied.jsp*" access="permitAll" />
<security:intercept-url pattern="/scripts/*" access="permitAll" />
<security:intercept-url pattern="/styles/*" access="permitAll" />
<security:intercept-url pattern="/images/*" access="permitAll" />
<security:intercept-url pattern="/login.jsp" access="permitAll" requires-channel="https"/>
<security:intercept-url pattern="/pages/**" access="hasAnyRole(${role.autenticated})" requires-channel="https"/>
<security:http-basic/>
<!-- Establece maximas sesiones para un usuarios -->
<security:session-management session-fixation-protection="none" >
<security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</security:session-management>
<!-- Establece maximas sesiones para un usuarios -->
<!-- security:session-management invalid-session-url="/expire.jsp" session-fixation-protection="none" >
<security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" expired-url="/expire.jsp"/>
</security:session-management-->
<!-- security:session-management invalid-session-url="/login.jsp?login_error=2" session-authentication-error-url="/login.jsp?login_error=3" session-fixation-protection="none" >
<security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" expired-url="/login.jsp?login_error=4"/>
</security:session-management-->
<security:port-mappings>
<security:port-mapping http='8080' https="8443"/>
</security:port-mappings>
</security:http>
<beans:bean id="accessDeniedHandler" class="ar.com.firstdata.upploader.web.mvc.controller.AccessDeniedController">
<beans:property name="accessDeniedUrl" value="/AccessDenied.jsp"> </beans:property>
</beans:bean>
a web.xml 一个web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:META-INF/spring/*-config.xml</param-value>
</context-param>
<jsp-config>
<taglib>
<taglib-uri>sitemesh-page</taglib-uri>
<taglib-location>/tld/sitemesh-page.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>sitemesh-decorator</taglib-uri>
<taglib-location>/tld/sitemesh-decorator.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>/spring</taglib-uri>
<taglib-location>/META-INF/spring.tld</taglib-location>
</taglib>
</jsp-config>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<!-- SiteMesh -->
<filter>
<filter-name>sitemesh</filter-name>
<filter-class>com.opensymphony.sitemesh.webapp.SiteMeshFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>sitemesh</filter-name>
<url-pattern>*.html</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>sitemesh</filter-name>
<url-pattern>*.htm</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>sitemesh</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>
</listener>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<session-config>
<session-timeout>1</session-timeout>
</session-config>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>*.app</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
The problen only occurs when try to access some action ending calling a controller method: 仅当尝试访问一些结束调用控制器方法的操作时,才出现问题:
<bean id="urlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<props>
<prop key="/pages/findConfData.app">configurationController</prop>
<prop key="/pages/readLoadXML.app">configurationController</prop>
<prop key="/pages/addElementToList.app">configurationController</prop>
<prop key="/pages/eraseElementToList.app">configurationController</prop>
<prop key="/pages/persistXMLfiletransfer.app">configurationController</prop>
<prop key="/pages/findLoggedUser.app">configurationController</prop>
</props>
</property>
</bean>
and as I say, the the behavior is similar to that disclosed by @spauny, in the log appears: "Access is denied (user is anonymous); redirecting to authentication entry point", after the AccessDeniedException and nothing happens,... 并且正如我所说的,该行为类似于@spauny所公开的行为,在日志中显示:“访问被拒绝(用户为匿名用户;重定向到身份验证入口点”),在AccessDeniedException之后没有任何反应,...
This is te situation: if I spend the time set out in web.xml 这是一种情况:如果我花时间在web.xml中列出
<session-config>
<session-timeout>1</session-timeout>
</session-config>
and I invoke a page restricted (under "/pages/**") redirects me to login page well... BUT when a try to invoke some action which ends up calling a controller method -suppose delete a row in a list- 并且我调用受限制的页面(在“ / pages / **”下)将我重定向到登录页面...但是,当尝试调用某些最终导致调用控制器方法的操作时-假设删除列表中的行-
<prop key="/pages/eraseElementToList.app">configurationController</prop>
@RequestMapping(method = RequestMethod.POST)
public final ModelAndView eraseElementToList(HttpServletRequest request,
HttpServletResponse response) throws Exception {
I just get an ActionDenied Exception in log and that's it... no redirects me to a login page. 我只是在日志中收到一个ActionDenied异常,仅此而已...没有将我重定向到登录页面。
Update 1 04/25 19:43:27 DEBUG hannel.ChannelProcessingFilter - Request: FilterInvocation: URL: /pages/persistXMLfiletransfer.app; 更新1 04/25 19:43:27 DEBUG hannel.ChannelProcessingFilter-请求:FilterInvocation:URL:/pages/persistXMLfiletransfer.app; ConfigAttributes: [REQUIRES_SECURE_CHANNEL] 04/25 19:43:27 DEBUG .security.web.FilterChainProxy - /pages/persistXMLfiletransfer.app at position 2 of 12 in additional filter chain; ConfigAttributes:[REQUIRES_SECURE_CHANNEL] 04/25 19:43:27 DEBUG .security.web.FilterChainProxy-/pages/persistXMLfiletransfer.app在附加过滤器链中的12中位于位置2; firing Filter: 'ConcurrentSessionFilter' 04/25 19:43:27 DEBUG .security.web.FilterChainProxy - /pages/persistXMLfiletransfer.app at position 3 of 12 in additional filter chain; 触发过滤器:'ConcurrentSessionFilter'04/25 19:43:27 DEBUG .security.web.FilterChainProxy-/pages/persistXMLfiletransfer.app在附加过滤器链中12的位置3; firing Filter: 'SecurityContextPersistenceFilter' 04/25 19:43:27 DEBUG ssionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT 04/25 19:43:27 DEBUG ssionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@521f809b. 触发筛选器:'SecurityContextPersistenceFilter'04/25 19:43:27 DEBUG ssionSecurityContextRepository-HttpSession返回了SPRING_SECURITY_CONTEXT的空对象04/25 19:43:27 DEBUG ssionSecurityContextRepository-HttpSession:org.apache.catalina.session没有可用的SecurityContext。 StandardSessionFacade @ 521f809b。 A new one will be created. 将创建一个新的。 04/25 19:43:27 DEBUG .security.web.FilterChainProxy - /pages/persistXMLfiletransfer.app at position 4 of 12 in additional filter chain; 04/25 19:43:27调试.security.web.FilterChainProxy-/pages/persistXMLfiletransfer.app在附加过滤器链中的12的位置4; firing Filter: 'LogoutFilter' 04/25 19:43:27 DEBUG .security.web.FilterChainProxy - /pages/persistXMLfiletransfer.app at position 5 of 12 in additional filter chain; 触发过滤器:'LogoutFilter'04/25 19:43:27 DEBUG .security.web.FilterChainProxy-/pages/persistXMLfiletransfer.app在其他过滤器链中位于12的位置5; firing Filter: 'UsernamePasswordAuthenticationFilter' 04/25 19:43:27 DEBUG .security.web.FilterChainProxy - /pages/persistXMLfiletransfer.app at position 6 of 12 in additional filter chain; 触发过滤器:'UsernamePasswordAuthenticationFilter'04/25 19:43:27 DEBUG .security.web.FilterChainProxy-/pages/persistXMLfiletransfer.app在附加过滤器链中的12的位置6; firing Filter: 'BasicAuthenticationFilter' 04/25 19:43:27 DEBUG .security.web.FilterChainProxy - /pages/persistXMLfiletransfer.app at position 7 of 12 in additional filter chain; 触发过滤器:'BasicAuthenticationFilter'04/25 19:43:27 DEBUG .security.web.FilterChainProxy-/pages/persistXMLfiletransfer.app在附加过滤器链中12的位置7; firing Filter: 'RequestCacheAwareFilter' 04/25 19:43:27 DEBUG vedrequest.DefaultSavedRequest - pathInfo: both null (property equals) 04/25 19:43:27 DEBUG vedrequest.DefaultSavedRequest - queryString: both null (property equals) 04/25 19:43:27 DEBUG vedrequest.DefaultSavedRequest - requestURI: arg1=/UppAudioFilesWebApp/pages/persistXMLfiletransfer.app; 触发筛选器:'RequestCacheAwareFilter'04/25 19:43:27调试vedrequest.DefaultSavedRequest-pathInfo:两者均为null(属性等于)04/25 19:43:27调试vedrequest.DefaultSavedRequest-queryString:两者均为null(属性等于)04 / 25 19:43:27调试vedrequest.DefaultSavedRequest-requestURI:arg1 = / UppAudioFilesWebApp / pages / persistXMLfiletransfer.app; arg2=/UppAudioFilesWebApp/pages/persistXMLfiletransfer.app (property equals) 04/25 19:43:27 DEBUG vedrequest.DefaultSavedRequest - serverPort: arg1=8443; arg2 = / UppAudioFilesWebApp / pages / persistXMLfiletransfer.app(属性等于)04/25 19:43:27调试vedrequest.DefaultSavedRequest-serverPort:arg1 = 8443; arg2=8443 (property equals) 04/25 19:43:27 DEBUG vedrequest.DefaultSavedRequest - requestURL: arg1=/UppAudioFilesWebApp/pages/persistXMLfiletransfer.app; arg2 = 8443(属性等于)04/25 19:43:27调试vedrequest.DefaultSavedRequest-requestURL:arg1 = / UppAudioFilesWebApp / pages / persistXMLfiletransfer.app; arg2=/UppAudioFilesWebApp/pages/persistXMLfiletransfer.app (property equals) 04/25 19:43:27 DEBUG vedrequest.DefaultSavedRequest - scheme: arg1=https; arg2 = / UppAudioFilesWebApp / pages / persistXMLfiletransfer.app(属性等于)04/25 19:43:27调试vedrequest.DefaultSavedRequest-方案:arg1 = https; arg2=https (property equals) 04/25 19:43:27 DEBUG vedrequest.DefaultSavedRequest - serverName: arg1=localhst; arg2 = https(属性等于)04/25 19:43:27调试vedrequest.DefaultSavedRequest-serverName:arg1 = localhst; arg2=localhst (property equals) 04/25 19:43:27 DEBUG vedrequest.DefaultSavedRequest - contextPath: arg1=/UppAudioFilesWebApp; arg2 = localhst(属性等于)04/25 19:43:27调试vedrequest.DefaultSavedRequest-contextPath:arg1 = / UppAudioFilesWebApp; arg2=/UppAudioFilesWebApp (property equals) 04/25 19:43:27 DEBUG vedrequest.DefaultSavedRequest - servletPath: arg1=/pages/persistXMLfiletransfer.app; arg2 = / UppAudioFilesWebApp(属性等于)04/25 19:43:27调试vedrequest.DefaultSavedRequest-servletPath:arg1 = / pages / persistXMLfiletransfer.app; arg2=/pages/persistXMLfiletransfer.app (property equals) 04/25 19:43:27 DEBUG equest.HttpSessionRequestCache - Removing DefaultSavedRequest from session if present 04/25 19:43:27 DEBUG .security.web.FilterChainProxy - /pages/persistXMLfiletransfer.app at position 8 of 12 in additional filter chain; arg2 = / pages / persistXMLfiletransfer.app(属性等于)04/25 19:43:27 DEBUG equest.HttpSessionRequestCache-从会话中删除DefaultSavedRequest(如果存在)04/25 19:43:27 DEBUG .security.web.FilterChainProxy-/ pages / persistXMLfiletransfer.app在附加过滤器链中位于12的位置8; firing Filter: 'SecurityContextHolderAwareRequestFilter' 04/25 19:43:27 DEBUG .security.web.FilterChainProxy - /pages/persistXMLfiletransfer.app at position 9 of 12 in additional filter chain; 触发过滤器:'SecurityContextHolderAwareRequestFilter'04/25 19:43:27 DEBUG .security.web.FilterChainProxy-/pages/persistXMLfiletransfer.app在附加过滤器链中的12的位置9; firing Filter: 'AnonymousAuthenticationFilter' 04/25 19:43:27 DEBUG .AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; 触发过滤器:'AnonymousAuthenticationFilter'04/25 19:43:27 DEBUG .AnonymousAuthenticationFilter-填充的SecurityContextHolder具有匿名令牌:'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc:主体:匿名用户; Credentials: [PROTECTED]; 凭证:[受保护]; Authenticated: true; 已验证:true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; 详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@b364:RemoteIpAddress:0:0:0:0:0:0:0:1; SessionId: 63C5BB1C1CD8981AAF23D71C5521FB9B; 会话编号:63C5BB1C1CD8981AAF23D71C5521FB9B; Granted Authorities: ROLE_ANONYMOUS' 04/25 19:43:27 DEBUG .security.web.FilterChainProxy - /pages/persistXMLfiletransfer.app at position 10 of 12 in additional filter chain; 授予的权限:ROLE_ANONYMOUS'04/25 19:43:27 DEBUG .security.web.FilterChainProxy-/pages/persistXMLfiletransfer.app在附加过滤器链中位于12的位置10; firing Filter: 'SessionManagementFilter' 04/25 19:43:27 DEBUG .security.web.FilterChainProxy - /pages/persistXMLfiletransfer.app at position 11 of 12 in additional filter chain; 触发过滤器:'SessionManagementFilter'04/25 19:43:27 DEBUG .security.web.FilterChainProxy-/pages/persistXMLfiletransfer.app在附加过滤器链中位于12的位置11; firing Filter: 'ExceptionTranslationFilter' 04/25 19:43:27 DEBUG .security.web.FilterChainProxy - /pages/persistXMLfiletransfer.app at position 12 of 12 in additional filter chain; 触发过滤器:'ExceptionTranslationFilter'04/25 19:43:27 DEBUG .security.web.FilterChainProxy-/pages/persistXMLfiletransfer.app在附加过滤器链中的12的位置12; firing Filter: 'FilterSecurityInterceptor' 04/25 19:43:27 DEBUG web.util.AntPathRequestMatcher - Checking match of request : '/pages/persistxmlfiletransfer.app'; 触发过滤器:“ FilterSecurityInterceptor” 04/25 19:43:27调试web.util.AntPathRequestMatcher-检查请求是否匹配:“ / pages / persistxmlfiletransfer.app”; against '/expire.jsp' 04/25 19:43:27 DEBUG web.util.AntPathRequestMatcher - Checking match of request : '/pages/persistxmlfiletransfer.app'; 针对'/expire.jsp'04/25 19:43:27调试web.util.AntPathRequestMatcher-检查请求是否匹配:'/pages/persistxmlfiletransfer.app'; against '/accessdenied.jsp*' 04/25 19:43:27 DEBUG web.util.AntPathRequestMatcher - Checking match of request : '/pages/persistxmlfiletransfer.app'; 针对'/accessdenied.jsp*'04/25 19:43:27调试web.util.AntPathRequestMatcher-检查请求是否匹配:'/pages/persistxmlfiletransfer.app'; against '/scripts/ ' 04/25 19:43:27 DEBUG web.util.AntPathRequestMatcher - Checking match of request : '/pages/persistxmlfiletransfer.app'; 针对'/ scripts / '04 / 25 19:43:27调试web.util.AntPathRequestMatcher-检查请求是否匹配:'/pages/persistxmlfiletransfer.app'; against '/styles/ ' 04/25 19:43:27 DEBUG web.util.AntPathRequestMatcher - Checking match of request : '/pages/persistxmlfiletransfer.app'; 针对'/ styles / '04 / 25 19:43:27调试web.util.AntPathRequestMatcher-检查请求是否匹配:'/pages/persistxmlfiletransfer.app'; against '/images/*' 04/25 19:43:27 DEBUG web.util.AntPathRequestMatcher - Checking match of request : '/pages/persistxmlfiletransfer.app'; 针对'/ images / *'04/25 19:43:27 DEBUG web.util.AntPathRequestMatcher-检查请求是否匹配:'/pages/persistxmlfiletransfer.app'; against '/login.jsp' 04/25 19:43:27 DEBUG web.util.AntPathRequestMatcher - Checking match of request : '/pages/persistxmlfiletransfer.app'; 针对'/login.jsp'04/25 19:43:27调试web.util.AntPathRequestMatcher-检查请求是否匹配:'/pages/persistxmlfiletransfer.app'; against '/pages/**' 04/25 19:43:27 DEBUG cept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /pages/persistXMLfiletransfer.app; 针对'/ pages / **'04/25 19:43:27调试cept.FilterSecurityInterceptor-安全对象:FilterInvocation:URL:/pages/persistXMLfiletransfer.app; Attributes: [hasAnyRole('ROLE_TOMCAT', 'ROLE_ADMNI')] 04/25 19:43:27 DEBUG cept.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; 属性:[hasAnyRole('ROLE_TOMCAT','ROLE_ADMNI')] 04/25 19:43:27调试cept.FilterSecurityInterceptor-先前已认证:org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc:委托人:onymousUser; Credentials: [PROTECTED]; 凭证:[受保护]; Authenticated: true; 已验证:true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; 详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@b364:RemoteIpAddress:0:0:0:0:0:0:0:1; SessionId: 63C5BB1C1CD8981AAF23D71C5521FB9B; 会话编号:63C5BB1C1CD8981AAF23D71C5521FB9B; Granted Authorities: ROLE_ANONYMOUS 04/25 19:43:27 DEBUG y.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@1304ff98, returned: -1 04/25 19:43:27 DEBUG ess.ExceptionTranslationFilter - Access is denied (user is anonymous); 授予的权限:ROLE_ANONYMOUS 04/25 19:43:27调试y.access.vote.AffirmativeBased-选民:org.springframework.security.web.access.expression.WebExpressionVoter@1304ff98,返回:-1 04/25 19:43: 27 DEBUG ess.ExceptionTranslationFilter-访问被拒绝(用户是匿名的); redirecting to authentication entry point org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:205) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:114) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.session.SessionManagementFilter.doFilter(Se 重定向到身份验证入口点org.springframework.security.access.AccessDeniedException:在org.springframework.security.access.intercept的org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)处拒绝访问。 org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:114)处的AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:205) org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:323)的org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)的FilterSecurityInterceptor.java:83) org.springframework.security.web.session.SessionManagementFilter.doFilter(Se.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:323) ssionManagementFilter.java:101) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:323)上的org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)上的ssionManagementFilter.java:101)
1 个解决方案
解决方案1
1 2014-04-26 11:50:37
The most likely explanation here is that you have a Spring ExceptionHandler which is trapping the AccessDeniedException and preventing Spring Security from acting on it. 这里最可能的解释是您有一个Spring ExceptionHandler ,它正在捕获AccessDeniedException并阻止Spring Security对其执行操作。 This is quite a common problem if you are using secured annotations somewhere (though you haven't mentioned this anywhere in your question). 如果您在某处使用安全注释,这是一个很常见的问题(尽管您在问题的任何地方都没有提到此问题)。
Also it should be clear from the stacktrace which mentions the exception that it is not being handled by Spring Security (always post the stacktrace). 另外,应该从stacktrace中清楚地看到,其中提到了异常,Spring Security没有对其进行处理(始终发布stacktrace)。 Also please recheck the log more carefully to differentiate between the two cases. 另外,请更仔细地重新检查日志,以区分这两种情况。 If you see "redirecting to authentication entry point" then that means Spring Security is receiving the exception and you should see the login page. 如果您看到“重定向到身份验证入口点”,则表明Spring Security正在接收异常,您应该看到登录页面。 You won't see that if the exception handler is used. 如果使用异常处理程序,您将看不到。
If this is the problem, you can either make your @ExceptionHandler annotations more specific so that they don't trap this exception, or you can create a specific @ExceptionHandler(AccessDeniedException.class) one and simply rethrow the exception in it. 如果这是问题所在,则可以使@ExceptionHandler批注更加具体,以使它们不会捕获此异常,或者可以创建一个特定的@ExceptionHandler(AccessDeniedException.class)并在其中重新抛出该异常。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.