Spring Security教程(9)---- 自定义AccessDeniedHandler
来源:互联网 发布:虾囧笑话源码v4.0 编辑:程序博客网 时间:2024/05/26 09:57
在Spring默认的AccessDeniedHandler中只有对页面请求的处理,而没有对Ajax的处理。而在项目开发是Ajax又是我们要常用的技术,所以我们可以通过自定义AccessDeniedHandler来处理Ajax请求。我们在Spring默认的AccessDeniedHandlerImpl上稍作修改就可以了。
- public class DefaultAccessDeniedHandler implements AccessDeniedHandler {
- /* (non-Javadoc)
- * @see org.springframework.security.web.access.AccessDeniedHandler#handle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.springframework.security.access.AccessDeniedException)
- */
- private String errorPage;
- //~ Methods ========================================================================================================
- public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException)
- throws IOException, ServletException {
- boolean isAjax = ControllerTools.isAjaxRequest(request);
- if(isAjax){
- Message msg = MessageManager.exception(accessDeniedException);
- ControllerTools.print(response, msg);
- }else if (!response.isCommitted()) {
- if (errorPage != null) {
- // Put exception into request scope (perhaps of use to a view)
- request.setAttribute(WebAttributes.ACCESS_DENIED_403, accessDeniedException);
- // Set the 403 status code.
- response.setStatus(HttpServletResponse.SC_FORBIDDEN);
- // forward to error page.
- RequestDispatcher dispatcher = request.getRequestDispatcher(errorPage);
- dispatcher.forward(request, response);
- } else {
- response.sendError(HttpServletResponse.SC_FORBIDDEN, accessDeniedException.getMessage());
- }
- }
- }
- /**
- * The error page to use. Must begin with a "/" and is interpreted relative to the current context root.
- *
- * @param errorPage the dispatcher path to display
- *
- * @throws IllegalArgumentException if the argument doesn't comply with the above limitations
- */
- public void setErrorPage(String errorPage) {
- if ((errorPage != null) && !errorPage.startsWith("/")) {
- throw new IllegalArgumentException("errorPage must begin with '/'");
- }
- this.errorPage = errorPage;
- }
- }
最后在配置文件中配置下
- <sec:http auto-config="true" access-decision-manager-ref="accessDecisionManager">
- <sec:access-denied-handler ref="accessDeniedHandler"/>
- <sec:session-management invalid-session-url="/login.jsp" />
- <sec:intercept-url pattern="/app.jsp" access="AUTH_LOGIN"/>
- <sec:intercept-url pattern="/**" access="AUTH_GG_FBGBGG"/>
- <sec:form-login login-page="/login.jsp" authentication-failure-url="/login.jsp"
- default-target-url="/index.jsp"/>
- </sec:http>
- <!-- 自定义权限不足处理程序 -->
- <bean id="accessDeniedHandler" class="com.zrhis.system.security.RequestAccessDeniedHandler">
- <property name="errorPage" value="/WEB-INF/error/403.jsp"></property>
- </bean>
0 0
- Spring Security教程(9)---- 自定义AccessDeniedHandler
- Spring Security教程(9)---- 自定义AccessDeniedHandler
- Spring Security教程(9)---- 自定义AccessDeniedHandler
- Spring Security教程(9)---- 自定义AccessDeniedHandler
- Spring security AccessDeniedHandler 不被调用
- 自定义AccessDeniedHandler
- Spring Security教程(3)---- 自定义登录页面
- Spring Security教程(3)---- 自定义登录页面
- Spring Security教程(3)---- 自定义登录页面
- Spring Security教程(3)---- 自定义登录页面
- Spring Security教程(8)---- 自定义决策管理器及修改权限前缀
- Spring Security教程(8)---- 自定义决策管理器及修改权限前缀
- Spring Security教程(8)---- 自定义决策管理器及修改权限前缀
- Spring Security教程(8)---- 自定义决策管理器及修改权限前缀
- Spring Security教程第四部分-自定义登录页面
- Spring Security教程之自定义Spring Security默认的403页面
- spring security详解教程
- spring security 教程入门
- js 如何将某个属性设置成隐藏的
- http2的调试方法
- 【线段树-区间求最值】HDOJ Billboard 2795
- 玩转Visual Studio了解vc++各种类型的工程
- 解决Android Studio卡在building *** gradle project info
- Spring Security教程(9)---- 自定义AccessDeniedHandler
- Aizu-0558 Cheese
- [PHP] WVCP
- 河南省第八届ACM A.挑战密室 详细题解
- appium ios 问题归类
- java抽象类
- CSS清除浮动的4种方法
- Xcode7 使用NSURL发送HTTP请求报错
- R0注入DLL到R3进程