我使用Vaadin 7,Spring Security和Spring-Vaadin-Integration插件,并配置了身份验证位,使其像魅力一样工作。 当我到达授权部分时,我遇到了一些毛茸茸的麻烦。 我想为每个View 设置授权,而无需在导航级别检查授权(例如在AppFoundation插件中)。
所以,我想要的是这样的:
@Component
@Scope("prototype")
@VaadinView(value = ASecuredView.NAME, cached = true)
@Secured("ROLE_ADMIN_PROD")
public class ASecuredView extends GridLayout implements View {
...
}
当未经授权的用户尝试进入此视图时,我想要处理AccessDeniedException
并向用户显示一条通知消息,该消息解释了&#34行中的内容;该视图只能由管理员访问&# 34。
当我调用视图时,我确实拥有正确的用户角色,当我尝试使用授权用户进行导航时,不会抛出任何异常,因此注释本身似乎正常工作。
问题是我无法捕获AccessDeniedException。
我尝试了几种不同的方法来解决这个问题,但无济于事。以下是其中一些:
CustomAccessDeniedHandler
,没有抓到任何异常。 access-denied-handler
标记,但仍未捕获异常。org.springframework.web.servlet.handler.SimpleMappingExceptionResolver
的例外情况,但行为仍然相同。@PreFilter
注释,但它没有用。handleSecuredAnnotations
(左右)Aspect,但即使这样也行不通!我是以错误的方式接近这个吗?
也许有更简单/更好的方法来实现这一目标?怎么样?
这是我的spring-security.xml。我会提供整个shabang。请注意,我也分别尝试了不同的方法:
<global-method-security secured-annotations="enabled" />
<!-- Spring-Security -->
<http auto-config="true" use-expressions="true" disable-url-rewriting="true">
<form-login authentication-success-handler-ref="authenticationSuccessHandler" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<logout success-handler-ref="logoutSuccessHandler" invalidate-session="true" logout-url="/logout" />
<access-denied-handler ref="customAccessDeniedHandler" />
</http>
<authentication-manager>
<authentication-provider ref="activeDirectoryAuthenticationProvider" />
</authentication-manager>
<beans:bean id="activeDirectoryAuthenticationProvider" class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<beans:constructor-arg value="someserver.com" />
<beans:constructor-arg value="ldap://ldaplb.someserver.com:389" />
<beans:property name="userDetailsContextMapper" ref="customUserDetailsContextMapper" />
<beans:property name="convertSubErrorCodesToExceptions" value="true" />
</beans:bean>
<beans:bean id="customAccessDeniedHandler" class="com.some.path.web.CustomAccessDeniedHandler" />
<beans:bean id="customUserDetailsContextMapper" class="com.some.path.web.CustomUserDetailsContextMapper" />
<beans:bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
<beans:property name="defaultErrorView" value="uncaughtException" />
<beans:property name="excludedExceptions" value="org.springframework.security.access.AccessDeniedException" />
<beans:property name="exceptionMappings">
<beans:props>
<beans:prop key=".DataAccessException">dataAccessFailure</beans:prop>
<beans:prop key=".NoSuchRequestHandlingMethodException">resourceNotFound</beans:prop>
<beans:prop key=".TypeMismatchException">resourceNotFound</beans:prop>
<beans:prop key=".MissingServletRequestParameterException">resourceNotFound</beans:prop>
</beans:props>
</beans:property>
</beans:bean>
<aop:config>
<aop:aspect id="securedAspect" ref="securityFeedbackAspect">
<aop:around pointcut="@annotation(org.springframework.security.access.annotation.Secured)" method="handleSecuredAnnotations" />
</aop:aspect>
</aop:config>
答案 0 :(得分:2)
我最终在MainUI类中实现了一个ErrorHandler。我确信有更好的方法来解决这个问题,但我找不到任何方法。
public class MainUI extends UI implements ErrorHandler {
private static final long serialVersionUID = 1L;
@Override
protected void init(VaadinRequest request) {
VaadinSession.getCurrent().setErrorHandler(this);
@SuppressWarnings("unused")
DiscoveryNavigator navigator = new DiscoveryNavigator(this, this);
}
@Override
public void error(com.vaadin.server.ErrorEvent event) {
if (event.getThrowable() instanceof AccessDeniedException) {
AccessDeniedException accessDeniedException = (AccessDeniedException) event.getThrowable();
Notification.show(accessDeniedException.getMessage(), Notification.Type.ERROR_MESSAGE);
getUI().getNavigator().navigateTo(FirstView.NAME);
return;
}
// connector event
if (event.getThrowable().getCause().getCause().getCause() instanceof AccessDeniedException) {
AccessDeniedException accessDeniedException = (AccessDeniedException) event.getThrowable().getCause().getCause().getCause();
Notification.show(accessDeniedException.getMessage(), Notification.Type.ERROR_MESSAGE);
getUI().getNavigator().navigateTo(FirstView.NAME);
return;
}
}
}