任何人都知道如何在spring security中配置自定义的403页面?在Web上看,我得到的所有结果都是XML配置,我使用的是Java配置。那是我的SecurityConfig:
@Configuration
@ComponentScan(value="com")
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return new CustomAuthenticationManager();
}
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/resources/**", "/publico/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/acesso/login").permitAll()
.loginProcessingUrl("/login").permitAll()
.usernameParameter("login")
.passwordParameter("senha")
.successHandler(new CustomAuthenticationSuccessHandler())
.failureHandler(new CustomAuthenticationFailureHandler())
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/acesso/login").permitAll();
}
}
我也有AccessDeniedHandler的自定义实现:
public class CustomAccessDeniedHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException arg2) throws IOException, ServletException {
response.sendRedirect(request.getContextPath() + "/erro/no_permit");
}
}
答案 0 :(得分:6)
如果我是对的,为了个性化页面403,您可以使用此服务器实现的模型。
Spring Security : Customize 403 Access Denied Page
示例:
AppConfig.java
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**", "/signup").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.exceptionHandling().accessDeniedPage("/403")
.and()
.logout().logoutUrl("/logout").logoutSuccessUrl("/")
.and()
.rememberMe()
.and()
.csrf().disable();
}
HomeController.java
@RequestMapping("/403")
public String accessDenied() {
return "errors/403";
}
.html,将是一个带有消息403的自定义页面。