我有一个JSF + Spring的应用程序。 我正在使用spring security并且我正常工作。但是当我尝试在没有身份验证的情况下访问安全页面时,而不是将我重定向到被拒绝的页面,我只显示403 Forbidden页面。 我不知道applicationContext或web.xml上是否有任何缺失,这是我的代码:
applicationContext的一部分:
<sec:http access-denied-page="/denied.xhtml" auto-config="true" use-expressions="false" >
<sec:form-login login-page="/login.xhtml" default-target-url="/" authentication-failure-url="/denied.xhtml"
login-processing-url="/static/j_spring_security_check"
/>
<sec:intercept-url pattern="/PANEL/**" access="ROLE_GENERALT"></sec:intercept-url>
<sec:logout invalidate-session="true" logout-url="/index.xhtml"/>
</sec:http>
<sec:global-method-security secured-annotations="enabled" jsr250-annotations="enabled"></sec:global-method-security>
和web.xml:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:/appContext.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
答案 0 :(得分:12)
您需要为发生AccessDeniedException时ExceptionTranslationFilter使用的accessDeniedHandler设置errorpage属性
请参阅此信息以获取信息link
<bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter">
<property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
<property name="accessDeniedHandler" ref="accessDeniedHandler"/>
</bean>
<bean id="accessDeniedHandler" class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
<property name="errorPage" value="/denied.xhtml"/>
</bean>
或者,您可以将其添加到您的web.xml
<error-page>
<error-code>403</error-code>
<location>/pages/denied.xhtml</location>
</error-page>