stackoom
  简体   繁体   中英

custom 403 error page with spring security configured via java code

 原文  2014-06-12 22:12:54       java/ spring/ spring-mvc/ spring-security

Question

Anyone knows how to configure a customized 403 page in spring security? Looking in the web, all the results I get it's with XML configuration, and I am using Java configuration. That's my SecurityConfig: 

@Configuration
@ComponentScan(value="com")
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return new CustomAuthenticationManager();
    }

    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf()
                .disable()
            .authorizeRequests()
                .antMatchers("/resources/**", "/publico/**").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/acesso/login").permitAll()
                .loginProcessingUrl("/login").permitAll()
                .usernameParameter("login")
                .passwordParameter("senha")
                .successHandler(new CustomAuthenticationSuccessHandler())
                .failureHandler(new CustomAuthenticationFailureHandler())
                .and()
            .logout()
                .logoutUrl("/logout")
                .logoutSuccessUrl("/acesso/login").permitAll();
    }

}

I have a custom implementation for AccessDeniedHandler too: 

public class CustomAccessDeniedHandler implements AccessDeniedHandler {

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException arg2) throws IOException, ServletException {
        response.sendRedirect(request.getContextPath() + "/erro/no_permit");
    }

}

1 answers

solution1
 6 ACCPTED  2014-06-12 22:20:04

If I'm right, to personalize the page 403, you could use the model implemented by this server.

Spring Security : Customize 403 Access Denied Page

Example:

AppConfig.java 

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers("/resources/**", "/signup").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin()
            .loginPage("/login")
            .permitAll()
            .and()
            .exceptionHandling().accessDeniedPage("/403")
            .and()
            .logout().logoutUrl("/logout").logoutSuccessUrl("/")
            .and()
            .rememberMe()
            .and()
            .csrf().disable();
}

HomeController.java 

@RequestMapping("/403")
public String accessDenied() {
    return "errors/403";
}

And the .html, would be a custom page with some message 403.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question 403 Error for Custom Login Page Spring Security Custom HTTP 403 page not working in Spring Security CSRF/Spring Security - 403 Error After Login via AJAX Error 403 when I tried open page with spring security Spring Security 403 error when access with role JAVA Spring security error 403 handling: login page for unauthorized, 403 error for authorized user Spring Security error in displaying custom page Spring Security Thyemleaf page 403 after login using custom login page 403 Forbidden on custom authentication in Spring Security Spring Security Custom Authentication Provider 403 response
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM