Spring Boot在自定义错误页面

时间:2017-06-13 09:40:35

标签: spring-boot spring-security

我有一个带有HttpSecurity的Spring Boot应用程序,如下所示。

代码

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
        .csrf().disable()
        .authorizeRequests()
            .antMatchers("/*").permitAll()  
            .antMatchers("/static/**").permitAll()          
            .antMatchers("/user/**").hasAnyRole("ADMIN", "USER")
            .antMatchers("/admin/**").hasAnyRole("ADMIN")
            .antMatchers("/**").denyAll()
            .and()
        .formLogin()
            .loginPage("/login").permitAll()
            .usernameParameter("email")
            .defaultSuccessUrl("/user/uploads")
            .and()
        .logout()
            .logoutSuccessUrl("/login?logout")
            .permitAll();               
}

我添加了docs.spring.io website(文件结构)上显示的自定义错误页面(403)。

最后,我创建了一个小的403.html文件:

<!DOCTYPE html>
<html lang="en" layout:decorator="layout/main">

<body>
    <div layout:fragment="content">
        <h1>403 - Permission Denied</h1>     

        <p>You do not have permission to retrieve the URL or link you requested.</p>

        <p>Please contact the administrator of the referring page, if you think this was a mistake.</p>

        <p>If you did this on purpose: behave and go back to the <a href="/adminconsole/">Homepage</a>.</p>

    </div>

</body>

</html>

这样做:如果用户登录并尝试访问/ admin /页面,他将看到自定义403页面。

问题

但是由于某种原因,用户也退出了!如果我将URL从Access Denied页面更改为/ user / uploads(我允许将其视为已登录用户),它会将我重定向回登录页面。

问题

当他/她看到自定义403页面时,如何确保用户未注销?

修改

添加了Spring Security调试日志。它由3个动作组成:

  • 登录网站
  • 转到禁止的/admin/users.html页面
  • 点击自定义403页面中的“主页”链接

日志:

2017-06-13 14:55:41.874  INFO 7144 --- [nio-8080-exec-1] Spring Security Debugger                 : 

************************************************************

Request received for GET '/static/js/passwordChanging.js':

org.apache.catalina.connector.RequestFacade@146c683

servletPath:/static/js/passwordChanging.js
pathInfo:null
headers: 
host: localhost:8080
user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate
referer: http://localhost:8080/adminconsole/
cookie: JSESSIONID=F690AA15EEAAF2DC9BD35E7CCFA5E94F
connection: keep-alive


Security filter chain: [
  WebAsyncManagerIntegrationFilter
  SecurityContextPersistenceFilter
  HeaderWriterFilter
  LogoutFilter
  UsernamePasswordAuthenticationFilter
  RequestCacheAwareFilter
  SecurityContextHolderAwareRequestFilter
  AnonymousAuthenticationFilter
  SessionManagementFilter
  ExceptionTranslationFilter
  FilterSecurityInterceptor
]


************************************************************


2017-06-13 14:55:41.879  INFO 7144 --- [nio-8080-exec-5] Spring Security Debugger                 : 

************************************************************

Request received for GET '/static/js/login.js':

org.apache.catalina.connector.RequestFacade@108c693

servletPath:/static/js/login.js
pathInfo:null
headers: 
host: localhost:8080
user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate
referer: http://localhost:8080/adminconsole/
cookie: JSESSIONID=F690AA15EEAAF2DC9BD35E7CCFA5E94F
connection: keep-alive


Security filter chain: [
  WebAsyncManagerIntegrationFilter
  SecurityContextPersistenceFilter
  HeaderWriterFilter
  LogoutFilter
  UsernamePasswordAuthenticationFilter
  RequestCacheAwareFilter
  SecurityContextHolderAwareRequestFilter
  AnonymousAuthenticationFilter
  SessionManagementFilter
  ExceptionTranslationFilter
  FilterSecurityInterceptor
]


************************************************************


2017-06-13 14:55:41.964  INFO 7144 --- [nio-8080-exec-3] Spring Security Debugger                 : 

************************************************************

Request received for GET '/static/js/utils.js':

org.apache.catalina.connector.RequestFacade@108c693

servletPath:/static/js/utils.js
pathInfo:null
headers: 
host: localhost:8080
user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate
referer: http://localhost:8080/adminconsole/
cookie: JSESSIONID=F690AA15EEAAF2DC9BD35E7CCFA5E94F
connection: keep-alive


Security filter chain: [
  WebAsyncManagerIntegrationFilter
  SecurityContextPersistenceFilter
  HeaderWriterFilter
  LogoutFilter
  UsernamePasswordAuthenticationFilter
  RequestCacheAwareFilter
  SecurityContextHolderAwareRequestFilter
  AnonymousAuthenticationFilter
  SessionManagementFilter
  ExceptionTranslationFilter
  FilterSecurityInterceptor
]


************************************************************

0 个答案:

没有答案
相关问题
最新问题