任何人都知道如何在spring security中配置自定义的403页面?在Web上看,我得到的所有结果都是XML配置,我使用的是Java配置.那是我的SecurityConfig:
@Configuration @ComponentScan(value="com") @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return new CustomAuthenticationManager(); } protected void configure(HttpSecurity http) throws Exception { http .csrf() .disable() .authorizeRequests() .antMatchers("/resources/**", "/publico/**").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/acesso/login").permitAll() .loginProcessingUrl("/login").permitAll() .usernameParameter("login") .passwordParameter("senha") .successHandler(new CustomAuthenticationSuccessHandler()) .failureHandler(new CustomAuthenticationFailureHandler()) .and() .logout() .logoutUrl("/logout") .logoutSuccessUrl("/acesso/login").permitAll(); } }
我也有AccessDeniedHandler的自定义实现:
public class CustomAccessDeniedHandler implements AccessDeniedHandler { @Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException arg2) throws IOException, ServletException { response.sendRedirect(request.getContextPath() + "/erro/no_permit"); } }
Marco López.. 7
如果我是对的,为了个性化页面403,您可以使用此服务器实现的模型.
Spring Security:自定义403拒绝访问页面
例:
AppConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/resources/**", "/signup").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .permitAll() .and() .exceptionHandling().accessDeniedPage("/403") .and() .logout().logoutUrl("/logout").logoutSuccessUrl("/") .and() .rememberMe() .and() .csrf().disable(); }
HomeController.java
@RequestMapping("/403") public String accessDenied() { return "errors/403"; }
而.html将是一个自定义页面,其中包含一些消息403.
如果我是对的,为了个性化页面403,您可以使用此服务器实现的模型.
Spring Security:自定义403拒绝访问页面
例:
AppConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/resources/**", "/signup").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .permitAll() .and() .exceptionHandling().accessDeniedPage("/403") .and() .logout().logoutUrl("/logout").logoutSuccessUrl("/") .and() .rememberMe() .and() .csrf().disable(); }
HomeController.java
@RequestMapping("/403") public String accessDenied() { return "errors/403"; }
而.html将是一个自定义页面,其中包含一些消息403.