spring security http无权访问 页面跳转(求助)
程序员文章站
2024-02-01 13:10:16
...
最近在做spring-security权限控制,http里配置intercept-url进行权限控制的时候,当用户无权访问该页面的时候显示空白页,我想跳转到指定页面,在网上找了一下都说是配置access-denied-page即可跳转到指定页面,可我按此方法还是显示空白页,那位大侠用过此框架的,希望站出来说两句。在此万分感谢。。。,代码如下:
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans" xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd"><!--
FilterChainProxy会按顺序来调用这些filter,使这些filter能享用Spring Ioc的功能,
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON 定义url比较前先转为小写
PATTERN_TYPE_APACHE_ANT 定义使用Apache ant的匹配模式
--><bean id="springSecurityFilterChain" class="org.springframework.security.util.FilterChainProxy"><property name="filterInvocationDefinitionSource"><value></value></property></bean><!--
异常处理filter(异常转换过滤器),主要是处理AccessDeniedException和AuthenticationException,
将给每个异常找到合适的"去向"
--><bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter"><property name="accessDeniedHandler" ref="accessDeniedHandler"></property><property name="authenticationEntryPoint" ref="authenticationEntryPoint"></property></bean><!-- 处理AccessDeniedException --><bean id="accessDeniedHandler" class="org.springframework.security.ui.AccessDeniedHandlerImpl"><property name="errorPage" value="/403.jsp"></property></bean><bean id="authenticationEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint"><property name="loginFormUrl" value="/login.html"></property><property name="forceHttps" value="false"></property></bean><authentication-manager alias="authenticationManagerAlias"></authentication-manager><bean id="accessDecisionManager" class="com.shului.tuan.webapp.security.CustomAccessDecisionManager"><property name="allowIfAllAbstainDecisions" value="false"></property><property name="decisionVoters"><list><bean class="org.springframework.security.vote.RoleVoter"></bean><bean class="org.springframework.security.vote.AuthenticatedVoter"></bean></list></property></bean><bean id="authenticationProcessingFilter" class="com.shului.tuan.webapp.filter.CustomAuthenticationFilter"><custom-filter before="AUTHENTICATION_PROCESSING_FILTER"></custom-filter><property name="filterProcessesUrl" value="/j_spring_security_check"></property><property name="alwaysUseDefaultTargetUrl" value="true"></property><property name="defaultTargetUrl" value="/manage/admin/index.html"></property><property name="authenticationFailureUrl" value="/login.html?error=true"></property><property name="authenticationManager" ref="authenticationManagerAlias"></property></bean><bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint"><property name="loginFormUrl" value="/403.jsp"></property><property name="forceHttps" value="false"></property></bean><!--
auto-config:包含<form-login />、<http-basic />、<logout />三项默认配置,如果自己配置则覆盖默认配置
access-denied-page:出错(eg没有权限)后跳转的页面,没有该属性,则抛出403错误-访问指定资源被禁止
access-decision-manager-ref="accessDecisionManager":当角色名前缀不是ROLE_时,需要自定义访问策略管理器
--><http auto-config="false" lowercase-comparisons="false" access-denied-page="/403.jsp" entry-point-ref="authenticationProcessingFilterEntryPoint"><intercept-url pattern="/admin/*.html*" access="ROLE_ADMIN,ROLE_ADMIN_YHGLY"></intercept-url><intercept-url pattern="/admin/**/*.html*" access="ROLE_ADMIN"></intercept-url><intercept-url pattern="/sales/*.html*" access="ROLE_SALES"></intercept-url><intercept-url pattern="/sales/**/*.html*" access="ROLE_SALES"></intercept-url><intercept-url pattern="/login.html*" access="ROLE_ANONYMOUS,ROLE_ADMIN_0,ROLE_SALES,ROLE_SUPPLIER,ROLE_USER"></intercept-url><form-login login-page="/login.html" default-target-url="/index.jsp" authentication-failure-url="/403.jsp"></form-login><logout logout-success-url="/login.html"></logout><remember-me user-service-ref="userDao" key="e37f4b31-0c45-11dd-bd0b-0800200c9a66"></remember-me><!-- --><anonymous></anonymous></http><authentication-provider user-service-ref="userDao"><password-encoder ref="passwordEncoder"></password-encoder></authentication-provider><!-- Override the default password-encoder (SHA) by uncommenting the following and changing the class --><!-- <bean id="passwordEncoder" class="org.springframework.security.providers.encoding.ShaPasswordEncoder"/> --><global-method-security jsr250-annotations="enabled" secured-annotations="enabled"><protect-pointcut expression="execution(* com.shului.tuan.service.UserManager.getDataCount(..))" access="ROLE_ADMIN,ROLE_ADMIN_0,ROLE_SALES"></protect-pointcut><protect-pointcut expression="execution(* *..service.UserManager.removeUser(..))" access="ROLE_ADMIN"></protect-pointcut></global-method-security></beans>