在我的基于Spring的应用程序中,访问被拒绝页面存在问题。 这是一个错误:
java.lang.NullPointerException
com.finalProject.controller.MainController.accessDenied(MainController.java:88)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
这是我的控制器文件的一部分:
@RequestMapping(value = "/403", method = RequestMethod.POST)
public ModelAndView accessDenied() {
ModelAndView model = new ModelAndView();
//check if user is login
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (!(auth instanceof AnonymousAuthenticationToken)) {
UserDetails userDetail = (UserDetails) auth.getPrincipal();
System.out.println(userDetail);
model.addObject("username", userDetail.getUsername());
}
model.setViewName("403");
return model;
}
这是发生错误的行:
UserDetails userDetail = (UserDetails) auth.getPrincipal();
这是我的spring-security.xml
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/user/**" access="hasAnyRole('ROLE_ADMIN' , 'ROLE_USER')" />
<!-- access denied page -->
<access-denied-handler error-page="/403" />
<form-login
login-page="/login"
default-target-url="/welcome"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" delete-cookies="JSESSIONID" />
<!-- enable csrf protection -->
<csrf/>
</http>
请任何帮助