Is there a way to secure a forward URL?
To be clear, I've an error handler:
@Component
public class MyAuthenticationFailureHandler implements
AuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest request,
HttpServletResponse response, AuthenticationException exception)
throws IOException, ServletException {
if (exception.getClass().isAssignableFrom(
MyException.class)) {
MyException myException = (MyException) exception;
RequestDispatcher dispatcher = request.getRequestDispatcher("/signup/exception");
request.setAttribute("userID", myException.getUserID());
dispatcher.forward(request, response);
}
}
}
and a web controller:
@Controller
@RequestMapping("/signup")
public class SignupController {
@RequestMapping("/exception")
public ModelAndView signup() {
ModelAndView model = new ModelAndView(new InternalResourceView("/WEB-INF/jsp/signup.jsp", true));
return model;
}
}
I'd like that the route http://{hostname:port}/signup/exception
will be accessible only as forward from my own handler, not directly (by writing URL and params on browser bar).
Add an attribute like
request.setAttribute("isForwarded","True")
in handler and check that attribute inside your controller.
If yes, go ahead else redirect to appropriate page.
I didn't test it, but I know that servlet containers refuse to answer to request relative to WEB-INF, but that you can forward to jsp servlets under WEB-INF. May be you could try to use an url like /WEB-INF/signup/exception ?
Alternatively, I think you're using Spring Security. I do not think that security filters are applied to forwarded requests. What gives the following intercept-url ?
<intercept-url pattern="/signup/exception" access="denyAll" />
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.