如何在spring boot注釋中處理403 forbidden錯誤？

Question

我在春季啟動時遇到403處理禁止問題的問題。 因為我已經通過我的類處理它來擴展WebSecurityConfigurerAdapter來自定義。它正在給我輸出禁止。 它應該重定向到403 url，但它無法正常工作。 我是初學者，不知道哪里錯了。

public class WebAppInitializer implements WebApplicationInitializer {
    @Override
    public void onStartup(ServletContext servletContext)
            throws ServletException {
        AnnotationConfigWebApplicationContext ctx = new AnnotationConfigWebApplicationContext();

        ctx.register(SecurityConfiguration.class);  
        ctx.setServletContext(servletContext);  
        //ctx.register(SecurityConfiguration.class);
        DispatcherServlet dispatcherServlet = new DispatcherServlet(ctx);
        dispatcherServlet.setThrowExceptionIfNoHandlerFound(true);


        Dynamic dynamic = servletContext.addServlet("dispatcher", dispatcherServlet);  
        dynamic.addMapping("/data/*");  

        dynamic.setLoadOnStartup(1);
    }
}

和我的AppConfig課程

package com.portal.spring.config;

import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

@Configuration
@ComponentScan("com.portal")
@EnableWebMvc
public class AppConfig extends WebMvcConfigurerAdapter {
}

和安全配置

package com.portal.spring.config;
import java.util.logging.Logger;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    private static final Logger log= Logger.getLogger( SecurityConfiguration.class.getName() ); 

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.exceptionHandling().accessDeniedHandler(new AccessDenyHandler());
        }
}

和accessdenyhandler

package com.portal.spring.config;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;

public class AccessDenyHandler implements AccessDeniedHandler {

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response,
            AccessDeniedException arg2) throws IOException, ServletException {
        response.sendRedirect("//403");  
    }
}

Answer 1

這是我的AccessDenied處理程序。 我已經明確委托Spring AccessDeniedHandler實現，但我有一些我需要處理的CSRF相關的東西。 該部分不包含在下面的代碼中，因為它是特定於應用程序的。 像SecurityConfig這樣的其他代碼與我使用的類似

public class MyAccessDeniedHandler implements AccessDeniedHandler {

    private AccessDeniedHandlerImpl accessDeniedHandlerImpl = new AccessDeniedHandlerImpl();

    public void handle(HttpServletRequest request, HttpServletResponse response,
            AccessDeniedException accessDeniedException) throws IOException, ServletException {

        //Some CSRF related code 

        // Then call accessDeniedHandlerImpl.handle to handle request
        accessDeniedHandlerImpl.handle(request, response, accessDeniedException);
    }

    /**
     * The error page to use. Must begin with a "/" and is interpreted relative to the current context root.
     *
     * @param errorPage the dispatcher path to display
     *
     * @throws IllegalArgumentException if the argument doesn't comply with the above limitations
     * @see AccessDeniedHandlerImpl#setErrorPage(String)
     */
    public void setErrorPage(String errorPage) {
        // You can set custom error page here 
        accessDeniedHandlerImpl.setErrorPage(errorPage);
    }
}