如何在spring boot注释中处理403 forbidden错误?

时间:2016-06-10 05:23:23

标签: java spring-boot annotations wildfly

我在春季启动时遇到403处理禁止问题的问题。因为我已经通过我的类处理它来扩展WebSecurityConfigurerAdapter来自定义。它正在给我输出禁止。它应该重定向到403 url,但它无法正常工作。我是初学者,不知道它的错误。

public class WebAppInitializer implements WebApplicationInitializer {
    @Override
    public void onStartup(ServletContext servletContext)
            throws ServletException {
        AnnotationConfigWebApplicationContext ctx = new AnnotationConfigWebApplicationContext();

        ctx.register(SecurityConfiguration.class);  
        ctx.setServletContext(servletContext);  
        //ctx.register(SecurityConfiguration.class);
        DispatcherServlet dispatcherServlet = new DispatcherServlet(ctx);
        dispatcherServlet.setThrowExceptionIfNoHandlerFound(true);


        Dynamic dynamic = servletContext.addServlet("dispatcher", dispatcherServlet);  
        dynamic.addMapping("/data/*");  

        dynamic.setLoadOnStartup(1);
    }
}

和我的AppConfig类

package com.portal.spring.config;

import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

@Configuration
@ComponentScan("com.portal")
@EnableWebMvc
public class AppConfig extends WebMvcConfigurerAdapter {
}

和安全配置

package com.portal.spring.config;
import java.util.logging.Logger;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    private static final Logger log= Logger.getLogger( SecurityConfiguration.class.getName() ); 

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.exceptionHandling().accessDeniedHandler(new AccessDenyHandler());
        }
}

和accessdenyhandler 

package com.portal.spring.config;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;

public class AccessDenyHandler implements AccessDeniedHandler {

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response,
            AccessDeniedException arg2) throws IOException, ServletException {
        response.sendRedirect("//403");  
    }
}

1 个答案:

答案 0 :(得分:0)

这是My AccessDenied Handler。我已经明确委托Spring AccessDeniedHandler实现,但我有一些我需要处理的CSRF相关的东西。该部分不包含在下面的代码中,因为它是特定于应用程序的。其他代码如SecurityConfig与我使用的类似

public class MyModule : IModule
{
    private readonly IUnityContainer _container;
    public MyModule(IUnityContainer Container) { _container = Container; }

    public void Initialize()
    {
        var regionManager = _container.Resolve<RegionManager>();
        regionManager.RegisterViewWithRegion("MainToolbar",
                                             () => new Button
                                                   {
                                                       Content = "My Button",
                                                       Command = new DelegateCommand(/*  */)
                                                   });
    }
}
相关问题
最新问题