春天的华夫饼自定义错误页面

时间:2014-10-29 09:58:36

标签: java spring spring-security waffle

我正在使用华夫饼1.7 +弹簧4 +弹簧安全3.2 +百里香。我的问题是,当后备表单日志记录失败时,我无法提供自定义错误页面。这是我的配置: @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/**") .authenticated() .and() .exceptionHandling() .authenticationEntryPoint(negotiateSecurityFilterEntryPoint()) .accessDeniedPage("/access-denied") .and() .addFilterBefore(waffleNegotiateSecurityFilter(), BasicAuthenticationFilter.class); }

当用户使用关闭SNPENGO并输入错误凭据的浏览器时,将显示默认系统500页面,其中包含以下信息:

com.sun.jna.platform.win32.Win32Exception: The logon attempt failed. waffle.windows.auth.impl.WindowsAuthProviderImpl.acceptSecurityToken(WindowsAuthProviderImpl.java:134) waffle.servlet.spi.NegotiateSecurityFilterProvider.doFilter(NegotiateSecurityFilterProvider.java:103) waffle.servlet.spi.SecurityFilterProviderCollection.doFilter(SecurityFilterProviderCollection.java:130) ...

如何提供自定义页面(access-denied.html thymeleaf模板)?到目前为止,我已经尝试了http://spring.io/blog/2013/11/01/exception-handling-in-spring-mvc的所有内容,但没有成功。

2 个答案:

答案 0 :(得分:1)

您可以尝试创建DelegatingNegotiateSecurityFilter并设置AuthenticationFailureHandler

DelegatingNegotiateSecurityFilter bean配置示例:

<bean id="waffleNegotiateSecurityFilter"
    class="waffle.spring.DelegatingNegotiateSecurityFilter"
    >
    <property name="allowGuestLogin" value="false" />
    <property name="Provider" ref="waffleSecurityFilterProviderCollection" />
    <property name="authenticationManager" ref="authenticationManager" />
    <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
    <property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
    <property name="accessDeniedHandler" ref="accessDeniedHandler" />
    <property name="defaultGrantedAuthority">
        <null />
    </property>
</bean>
  • AuthenticationManager允许服务提供商授权委托人。
  • authenticationSuccessHandler允许服务提供商进一步填充Authentication对象。
  • 如果AuthenticationManager抛出AuthenticationFailureHandler
    • ,则会调用AuthenticationException
  • 如果AuthenticationManager抛出AccessDeniedHandler
    • ,则会调用AccessDeniedException

我希望这会有所帮助......

答案 1 :(得分:0)

在深入研究Spring文档并跟踪实际问题之后我能够在以下内容中解决这个问题&#34;丑陋&#34;办法。 1.禁用/ access-denied页面的安全性以防止无限重定向循环2.包装华夫饼过滤器以捕获所有异常并重定向它

有没有人有更好的解决方案?

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .antMatchers("/access-denied")
            .permitAll()
            .and()
            .authorizeRequests()
            .antMatchers("/**")
            .authenticated()
            .and()
            .exceptionHandling()
            .authenticationEntryPoint(negotiateSecurityFilterEntryPoint())
            .accessDeniedPage("/access-denied")
            .and()
            .addFilterBefore(waffleNegotiateSecurityFilter(),
                    BasicAuthenticationFilter.class);
}

public class WaffleWrapperSecurityBean extends GenericFilterBean {
    @NotNull
    private final GenericFilterBean wrappedFilter;
    public WaffleWrapperSecurityBean(GenericFilterBean filter) {
        wrappedFilter = filter;
    }
    @Override
    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        try {
            wrappedFilter.doFilter(request, response, chain);
        } catch (Exception e) {
            ((HttpServletResponse) response)
                    .sendRedirect("access-denied?message="
                            + e.getLocalizedMessage());
        }
    }
    @Override
    public void destroy() {
        wrappedFilter.destroy();
    }
}
// controller code ommited
相关问题
最新问题