[英]How to handle 403 forbidden error in spring boot annotation?
我在春季啟動時遇到403處理禁止問題的問題。 因為我已經通過我的類處理它來擴展WebSecurityConfigurerAdapter來自定義。它正在給我輸出禁止。 它應該重定向到403 url,但它無法正常工作。 我是初學者,不知道哪里錯了。
public class WebAppInitializer implements WebApplicationInitializer {
@Override
public void onStartup(ServletContext servletContext)
throws ServletException {
AnnotationConfigWebApplicationContext ctx = new AnnotationConfigWebApplicationContext();
ctx.register(SecurityConfiguration.class);
ctx.setServletContext(servletContext);
//ctx.register(SecurityConfiguration.class);
DispatcherServlet dispatcherServlet = new DispatcherServlet(ctx);
dispatcherServlet.setThrowExceptionIfNoHandlerFound(true);
Dynamic dynamic = servletContext.addServlet("dispatcher", dispatcherServlet);
dynamic.addMapping("/data/*");
dynamic.setLoadOnStartup(1);
}
}
和我的AppConfig課程
package com.portal.spring.config;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
@ComponentScan("com.portal")
@EnableWebMvc
public class AppConfig extends WebMvcConfigurerAdapter {
}
和安全配置
package com.portal.spring.config;
import java.util.logging.Logger;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private static final Logger log= Logger.getLogger( SecurityConfiguration.class.getName() );
@Override
protected void configure(HttpSecurity http) throws Exception {
http.exceptionHandling().accessDeniedHandler(new AccessDenyHandler());
}
}
和accessdenyhandler
package com.portal.spring.config;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
public class AccessDenyHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest request, HttpServletResponse response,
AccessDeniedException arg2) throws IOException, ServletException {
response.sendRedirect("//403");
}
}
這是我的AccessDenied處理程序。 我已經明確委托Spring AccessDeniedHandler實現,但我有一些我需要處理的CSRF相關的東西。 該部分不包含在下面的代碼中,因為它是特定於應用程序的。 像SecurityConfig這樣的其他代碼與我使用的類似
public class MyAccessDeniedHandler implements AccessDeniedHandler {
private AccessDeniedHandlerImpl accessDeniedHandlerImpl = new AccessDeniedHandlerImpl();
public void handle(HttpServletRequest request, HttpServletResponse response,
AccessDeniedException accessDeniedException) throws IOException, ServletException {
//Some CSRF related code
// Then call accessDeniedHandlerImpl.handle to handle request
accessDeniedHandlerImpl.handle(request, response, accessDeniedException);
}
/**
* The error page to use. Must begin with a "/" and is interpreted relative to the current context root.
*
* @param errorPage the dispatcher path to display
*
* @throws IllegalArgumentException if the argument doesn't comply with the above limitations
* @see AccessDeniedHandlerImpl#setErrorPage(String)
*/
public void setErrorPage(String errorPage) {
// You can set custom error page here
accessDeniedHandlerImpl.setErrorPage(errorPage);
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.