自定义HTTP 403页面在Spring Security中不起作用
[英]Custom HTTP 403 page not working in Spring Security
问题描述
I want to replace the default access denied page: 
我想替换默认的拒绝访问页面:
With my custom page and my approach was this: 使用我的自定义页面和我的方法是这样的:
@Configuration
@EnableWebSecurity
public class SecurityContextConfigurer extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement().maximumSessions(1)
.sessionRegistry(sessionRegistry()).expiredUrl("/");
http.authorizeRequests().antMatchers("/").permitAll()
.antMatchers("/register").permitAll()
.antMatchers("/security/checkpoint/for/admin/**").hasRole("ADMIN")
.antMatchers("/rest/users/**").hasRole("ADMIN").anyRequest()
.authenticated().and().formLogin().loginPage("/")
.defaultSuccessUrl("/welcome").permitAll().and().logout()
.logoutUrl("/logout");
}
@Bean
public SessionRegistry sessionRegistry() {
return new SessionRegistryImpl();
}
@Bean
public AuthenticationProvider daoAuthenticationProvider() {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(userDetailsService);
return daoAuthenticationProvider;
}
@Bean
public ProviderManager providerManager() {
List<AuthenticationProvider> arg0 = new CopyOnWriteArrayList<AuthenticationProvider>();
arg0.add(daoAuthenticationProvider());
return new ProviderManager(arg0);
}
@Bean(name = "myAuthenticationManagerBean")
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return providerManager();
}
@Bean
public ExceptionTranslationFilter exceptionTranslationFilter() {
ExceptionTranslationFilter exceptionTranslationFilter =
new ExceptionTranslationFilter(new CustomAuthenticationEntryPoint());
exceptionTranslationFilter.setAccessDeniedHandler(accessDeniedHandler());
return exceptionTranslationFilter;
}
@Bean
public AccessDeniedHandlerImpl accessDeniedHandler() {
AccessDeniedHandlerImpl accessDeniedHandlerImpl = new
AccessDeniedHandlerImpl();
accessDeniedHandlerImpl.setErrorPage("/page_403.jsp");
System.out.println("ACCESS DENIED IS CALLED......");
return accessDeniedHandlerImpl;
}
private class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint{
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authenticationException) throws IOException,
ServletException {
response.sendError(HttpServletResponse.SC_FORBIDDEN,
"Access denied.");
}
}
}
But with this config above I'm still not getting the job done and seeing the same 但是通过上面这个配置,我仍然没有完成工作并且看到了相同的结果
Are there more bean which must be injected for this purpose? 是否有更多的豆必须注入这个目的?
2 个解决方案
解决方案1
3 已采纳 2016-05-04 14:08:58
Disclaimer : this is not only solution, but a working one. 免责声明 :这不仅是解决方案,而且是一个有效的解决方案。
In this case my approach would be as simple as possible which is add this method in your SecurityContext 在这种情况下,我的方法将尽可能简单,即在SecurityContext中添加此方法
@Override
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement().maximumSessions(1)
.sessionRegistry(sessionRegistry()).expiredUrl("/");
http.authorizeRequests().antMatchers("/").permitAll()
.antMatchers("/register").permitAll()
.antMatchers("/security/checkpoint/for/admin/**").hasRole("ADMIN")
.antMatchers("/rest/users/**").hasRole("ADMIN").anyRequest()
.authenticated().and().formLogin().loginPage("/")
.defaultSuccessUrl("/welcome").permitAll().and().logout()
.logoutUrl("/logout").and()
.exceptionHandling().accessDeniedPage("/page_403");//this is what you have to do here to get job done.
}
Reference: Custom 403 Page in Spring Security . 参考: Spring Security中的自定义403页面 。
解决方案2
1 2016-05-04 14:07:38
As @M. 作为@M。 Deinum pointed out, you should tell Spring Security how to incorporate these beans. Deinum指出,您应该告诉Spring Security如何合并这些bean。 Anyway, there is a much simpler way for what you're trying to achieve: 无论如何,对于你想要实现的目标,有一种更简单的方法:
@Configuration
@EnableWebSecurity
public class SecurityContextConfigurer extends WebSecurityConfigurerAdapter {
// Rest omitted
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// The usual stuff
.exceptionHandling()
.accessDeniedPage("/page_403.jsp")
.authenticationEntryPoint((request, response, authException) -> {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
});
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
自定义登录页面的 403 错误 Spring 安全 - 403 Error for Custom Login Page Spring Security
在失败的自定义 spring 安全表达式上将 http 403 更改为 401 - Change http 403 to 401 on failed custom spring security expression
通过java代码配置弹簧安全性的自定义403错误页面 - custom 403 error page with spring security configured via java code
Spring Security自定义登录页面不起作用 - Spring Security Custom login page is not working
Spring Boot + REST + Spring Security: how to generate a custom JSON response for HTTP 403 - Spring Boot + REST + Spring Security: how to generate a custom JSON response for HTTP 403
Spring 安全总是返回 HTTP 403 - Spring security always returns HTTP 403
HTTP状态403 - 拒绝访问Spring安全性 - HTTP Status 403 - Access is denied Spring security
spring 安全 HTTP 状态 403 - 访问被拒绝 - spring security HTTP Status 403 - Access Denied
Spring Security-j_spring_security_check-HTTP状态403 - Spring Security - j_spring_security_check - HTTP status 403
Spring 使用自定义登录页面登录后安全 Thyemleaf 页面 403 - Spring Security Thyemleaf page 403 after login using custom login page
相关标签