Question

我有来自AbstractRequestCycleListener的自定义类：

package com.rudiwijaya.rcommerce.security;

import java.util.List;

import org.apache.wicket.Session;
import org.apache.wicket.core.request.handler.PageProvider;
import org.apache.wicket.core.request.handler.RenderPageRequestHandler;
import org.apache.wicket.core.request.handler.RenderPageRequestHandler.RedirectPolicy;
import org.apache.wicket.request.IRequestHandler;
import org.apache.wicket.request.Url;
import org.apache.wicket.request.cycle.AbstractRequestCycleListener;
import org.apache.wicket.request.cycle.RequestCycle;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDeniedException;

import com.google.common.base.Throwables;
import com.google.common.collect.Iterables;
import com.rudiwijaya.rcommerce.WicketSession;
import com.rudiwijaya.rcommerce.pages.AccessDeniedPage;

public class NotAuthorizedRequestCycleListener extends AbstractRequestCycleListener {

    private static final Logger log = LoggerFactory.getLogger(NotAuthorizedRequestCycleListener.class);

    @Override
    public IRequestHandler onException(RequestCycle cycle, Exception ex) {
        // Since our actual exception is wrapped, we need to find based on the chain
        final List<Throwable> chain = Throwables.getCausalChain(ex);
        final AccessDeniedException notAuthorizedException = Iterables.getFirst(
                Iterables.filter(chain, AccessDeniedException.class), null);
        if (notAuthorizedException != null) {
            final Url url = cycle.getRequest().getClientUrl();
            log.debug("Got exception " + notAuthorizedException.getClass().getName() + " on " + url, ex);
            final WicketSession wSession = (WicketSession) Session.get();
            wSession.error("Anda tidak memilik akses.");
            wSession.dirty();
            return new RenderPageRequestHandler(new PageProvider(AccessDeniedPage.class), RedirectPolicy.NEVER_REDIRECT);
        } else {
            return super.onException(cycle, ex);
        }
    }

}

在init()的{{1}}方法中，我添加了：

AuthenticatedWebApplication

如何在wicket getRequestCycleListeners().add(new NotAuthorizedRequestCycleListener());中捕获AccessDeniedException春季安全性？

我的观点是显示自定义访问被拒绝页面并保留网址，在Wicket命令中如下：

AbstractRequestCycleListener

Answer 1

很可能Spring Security过滤器在WicketFilter之前执行，因此Wicket没有机会做任何事情。

您可能需要自定义AuthenticationEntryPoint才能通过Spring Security API处理此类故障。

AccessDeniedException SpringRequestCycleListener wicket无法捕获Spring安全性

1 个答案: