[英]Spring security : Access denied handler doesn't work (xml config + preauthorize annotation on controller method)
拒绝访问处理程序不起作用。 spring 配置被拆分成许多 xml 文件
<http auto-config='false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint" >
<access-denied-handler error-page='/accessdenied.htm" />
<intercept-url pattern="/login.htm" access="permitAll"/>
<intercept-url pattern='/editprocedure.htm" access="hasAuthority('CAPABILITY_ADD')"/>
</http>
access-denied-handler 适用于 xml 配置(如<intercept-url pattern="/addjob.htm" access="hasAuthority('JOB_ADD')"/>
),但是当我使用预授权注释时它不会!
...
<security:global-method-security pre-post-annotations="enabled"/>
...
....
@RequestMapping(value="/adminarea.htm")
@PreAuthorize("hasAuthority('ADMIN_AREA')")
protected ModelAndView referenceData() throws Exception
{....}
....
谢谢大家 :)
经过调查,我找到了解决我的问题的方法:
谢谢
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.