问题:
@PreAuthorize当不允许方法调用时,得到405而不支持Request方法'POST'。
案例:
如果@PreAuthorize结果为真,则一切正常,但如果返回false(不允许),则出现错误:405不支持请求方法'POST'。我希望收到拒绝访问页面。
安全配置:
@Configuration
@EnableWebSecurity
@ComponentScan
@EnableGlobalMethodSecurity(securedEnabled=true, prePostEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
@Autowired
@Qualifier("authenticationProvider")
AuthenticationProvider authenticationProvider;
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider);
}
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**"); // #3
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterAfter(ajaxTimeoutRedirectFilter, ExceptionTranslationFilter.class)
.authorizeRequests()
.antMatchers("/resources/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll()
.and()
.exceptionHandling().accessDeniedPage("/denied");
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
WebMvcConfig:
@Configuration
@ComponentScan
@EnableWebMvc
@EnableGlobalMethodSecurity(securedEnabled=true,prePostEnabled=true)
public class WebMvcConfig extends WebMvcConfigurerAdapter
{
// My config
}
我的控制器:_
@Secured("ROLE_SAVE")
@PreAuthorize("((#myModel.cod== 'A') and hasRole('ROLE_AUTH'))")
@RequestMapping(value = "/save", method = RequestMethod.POST)
public String save(@Valid @ModelAttribute MyModel myModel,
BindingResult br, RedirectAttributes redirectAttrs) {
... my code ...
}
为什么我收到错误405帖子不支持?