欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

spring security http无权访问 页面跳转(求助)

程序员文章站 2024-02-01 13:10:16
...
最近在做spring-security权限控制,http里配置intercept-url进行权限控制的时候,当用户无权访问该页面的时候显示空白页,我想跳转到指定页面,在网上找了一下都说是配置access-denied-page即可跳转到指定页面,可我按此方法还是显示空白页,那位大侠用过此框架的,希望站出来说两句。在此万分感谢。。。,代码如下: <?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans" xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd"><!-- FilterChainProxy会按顺序来调用这些filter,使这些filter能享用Spring Ioc的功能, CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON 定义url比较前先转为小写 PATTERN_TYPE_APACHE_ANT 定义使用Apache ant的匹配模式 --><bean id="springSecurityFilterChain" class="org.springframework.security.util.FilterChainProxy"><property name="filterInvocationDefinitionSource"><value></value></property></bean><!-- 异常处理filter(异常转换过滤器),主要是处理AccessDeniedException和AuthenticationException, 将给每个异常找到合适的"去向" --><bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter"><property name="accessDeniedHandler" ref="accessDeniedHandler"></property><property name="authenticationEntryPoint" ref="authenticationEntryPoint"></property></bean><!-- 处理AccessDeniedException --><bean id="accessDeniedHandler" class="org.springframework.security.ui.AccessDeniedHandlerImpl"><property name="errorPage" value="/403.jsp"></property></bean><bean id="authenticationEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint"><property name="loginFormUrl" value="/login.html"></property><property name="forceHttps" value="false"></property></bean><authentication-manager alias="authenticationManagerAlias"></authentication-manager><bean id="accessDecisionManager" class="com.shului.tuan.webapp.security.CustomAccessDecisionManager"><property name="allowIfAllAbstainDecisions" value="false"></property><property name="decisionVoters"><list><bean class="org.springframework.security.vote.RoleVoter"></bean><bean class="org.springframework.security.vote.AuthenticatedVoter"></bean></list></property></bean><bean id="authenticationProcessingFilter" class="com.shului.tuan.webapp.filter.CustomAuthenticationFilter"><custom-filter before="AUTHENTICATION_PROCESSING_FILTER"></custom-filter><property name="filterProcessesUrl" value="/j_spring_security_check"></property><property name="alwaysUseDefaultTargetUrl" value="true"></property><property name="defaultTargetUrl" value="/manage/admin/index.html"></property><property name="authenticationFailureUrl" value="/login.html?error=true"></property><property name="authenticationManager" ref="authenticationManagerAlias"></property></bean><bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint"><property name="loginFormUrl" value="/403.jsp"></property><property name="forceHttps" value="false"></property></bean><!-- auto-config:包含<form-login />、<http-basic />、<logout />三项默认配置,如果自己配置则覆盖默认配置 access-denied-page:出错(eg没有权限)后跳转的页面,没有该属性,则抛出403错误-访问指定资源被禁止 access-decision-manager-ref="accessDecisionManager":当角色名前缀不是ROLE_时,需要自定义访问策略管理器 --><http auto-config="false" lowercase-comparisons="false" access-denied-page="/403.jsp" entry-point-ref="authenticationProcessingFilterEntryPoint"><intercept-url pattern="/admin/*.html*" access="ROLE_ADMIN,ROLE_ADMIN_YHGLY"></intercept-url><intercept-url pattern="/admin/**/*.html*" access="ROLE_ADMIN"></intercept-url><intercept-url pattern="/sales/*.html*" access="ROLE_SALES"></intercept-url><intercept-url pattern="/sales/**/*.html*" access="ROLE_SALES"></intercept-url><intercept-url pattern="/login.html*" access="ROLE_ANONYMOUS,ROLE_ADMIN_0,ROLE_SALES,ROLE_SUPPLIER,ROLE_USER"></intercept-url><form-login login-page="/login.html" default-target-url="/index.jsp" authentication-failure-url="/403.jsp"></form-login><logout logout-success-url="/login.html"></logout><remember-me user-service-ref="userDao" key="e37f4b31-0c45-11dd-bd0b-0800200c9a66"></remember-me><!-- --><anonymous></anonymous></http><authentication-provider user-service-ref="userDao"><password-encoder ref="passwordEncoder"></password-encoder></authentication-provider><!-- Override the default password-encoder (SHA) by uncommenting the following and changing the class --><!-- <bean id="passwordEncoder" class="org.springframework.security.providers.encoding.ShaPasswordEncoder"/> --><global-method-security jsr250-annotations="enabled" secured-annotations="enabled"><protect-pointcut expression="execution(* com.shului.tuan.service.UserManager.getDataCount(..))" access="ROLE_ADMIN,ROLE_ADMIN_0,ROLE_SALES"></protect-pointcut><protect-pointcut expression="execution(* *..service.UserManager.removeUser(..))" access="ROLE_ADMIN"></protect-pointcut></global-method-security></beans>