现在我对Spring Security 3.07 + STRUTS 2 +异常问题感到困惑,我使用的是Spring Security 3.07 + STRUTS 2 + ibatis2, 为了处理Exception,我使用了Struts 2 Global Exceptipo并定制了一个拦截器, 如果我不使用spring security 3,它工作正常,它可以处理任何类型的异常或错误并给出消息: 这是struts.xml:
<interceptors>
<interceptor name="myexception"
class="com.itownet.isms.core.exception.ExceptionInteceptor"></interceptor>
<interceptor-stack name="paramsStack">
<interceptor-ref name="store">
<param name="operationMode">AUTOMATIC</param>
</interceptor-ref>
<interceptor-ref name="params">
<param name="excludeParams">.*\\u0023.*</param>
</interceptor-ref>
<interceptor-ref name="paramsPrepareParamsStack" />
<interceptor-ref name="myexception"></interceptor-ref>
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="paramsStack" />
<global-results>
<result name="error">/jsp/error/error.jsp</result>
<result name="globalError" type="redirect">
<param name="location">/home/home!error.action</param>
<param name="errorMsg">${errorMsg}</param>
</result>
</global-results>
<global-exception-mappings>
<exception-mapping result="globalError" exception="java.lang.Exception"></exception-mapping>
<exception-mapping result="globalError" exception="org.springframework.dao.DataAccessException"></exception-mapping>
<exception-mapping result="globalError" exception="java.lang.RuntimeException"></exception-mapping>
<exception-mapping result="globalError" exception="com.itownet.isms.core.exception.ServiceException"></exception-mapping>
</global-exception-mappings>
但是当我使用spring security时,例如,在这里:
public class MyAccessDecisionManager实现AccessDecisionManager {
public void decide(Authentication authentication, Object object,
Collection<ConfigAttribute> configAttributes) throws AccessDeniedException,
InsufficientAuthenticationException, RuntimeException,ServiceException {
user = this.userService.get(userId);
}
如你所知,如果db没有准备就可能抛出一些异常,并且会抛出RuntimeException.But我想知道Spring安全性如何处理DataAccess Exception和RuntimeException? 首先,我想要自定义ExceptionTranslationFilter: 公共类MyExceptionTranslationFilter扩展ExceptionTranslationFilter { protected void sendStartAuthentication(HttpServletRequest req, HttpServletResponse resp,FilterChain链, AuthenticationException reason)抛出ServletException, IOException { boolean isAjax =“XMLHttpRequest”.equals(req .getHeader( “X-请求-随着”));
if (isAjax) {
String jsonObject = "{\"message\":\"Please login first.\","
+ "\"access-denied\":true,\"cause\":\"AUTHENTICATION_FAILURE\"}";
String contentType = "application/json";
resp.setContentType(contentType);
PrintWriter out = resp.getWriter();
out.print(jsonObject);
out.flush();
out.close();
return;
}
super.sendStartAuthentication(req, resp, chain, reason);
}
<beans:bean id="exceptionTranslator"
class="com.itownet.isms.security.MyExceptionTranslationFilter">
<beans:property name="accessDeniedHandler" ref="accessDeniedHandler" />
<beans:property name="authenticationEntryPoint"
ref="authenticationProcessingFilterEntryPoint" />
</beans:bean>
但是当我调试时,我发现ExceptionTranslationFilter不会处理dataacess异常和runtimeexception! ExceptionTranslationFilter只处理两个异常AuthenticationException和AccessDeniedException以及这两个异常的自定义处理程序,那么任何其他类型的异常甚至运行时异常呢? 所以我找不到任何想法,我自己的struts2自定义拦截器将不会被调用!当然 它无法处理春季安全的例外!任何好主意?