通过java代码配置弹簧安全性的自定义403错误页面

Question

问

通过java代码配置弹簧安全性的自定义403错误页面

和乐大同2011_999 发布于 2023-01-09 14:46

任何人都知道如何在spring security中配置自定义的403页面？在Web上看,我得到的所有结果都是XML配置,我使用的是Java配置.那是我的SecurityConfig:

@Configuration
@ComponentScan(value="com")
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return new CustomAuthenticationManager();
    }

    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf()
                .disable()
            .authorizeRequests()
                .antMatchers("/resources/**", "/publico/**").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/acesso/login").permitAll()
                .loginProcessingUrl("/login").permitAll()
                .usernameParameter("login")
                .passwordParameter("senha")
                .successHandler(new CustomAuthenticationSuccessHandler())
                .failureHandler(new CustomAuthenticationFailureHandler())
                .and()
            .logout()
                .logoutUrl("/logout")
                .logoutSuccessUrl("/acesso/login").permitAll();
    }

}

我也有AccessDeniedHandler的自定义实现:

public class CustomAccessDeniedHandler implements AccessDeniedHandler {

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException arg2) throws IOException, ServletException {
        response.sendRedirect(request.getContextPath() + "/erro/no_permit");
    }

}

Marco López.. 7

如果我是对的,为了个性化页面403,您可以使用此服务器实现的模型.

Spring Security:自定义403拒绝访问页面

例:

AppConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers("/resources/**", "/signup").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin()
            .loginPage("/login")
            .permitAll()
            .and()
            .exceptionHandling().accessDeniedPage("/403")
            .and()
            .logout().logoutUrl("/logout").logoutSuccessUrl("/")
            .and()
            .rememberMe()
            .and()
            .csrf().disable();
}

HomeController.java

@RequestMapping("/403")
public String accessDenied() {
    return "errors/403";
}

而.html将是一个自定义页面,其中包含一些消息403.

1 个回答

如果我是对的,为了个性化页面403,您可以使用此服务器实现的模型.

Spring Security:自定义403拒绝访问页面

例:

AppConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers("/resources/**", "/signup").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin()
            .loginPage("/login")
            .permitAll()
            .and()
            .exceptionHandling().accessDeniedPage("/403")
            .and()
            .logout().logoutUrl("/logout").logoutSuccessUrl("/")
            .and()
            .rememberMe()
            .and()
            .csrf().disable();
}

HomeController.java

@RequestMapping("/403")
public String accessDenied() {
    return "errors/403";
}

而.html将是一个自定义页面,其中包含一些消息403.

2023-01-09 14:48 回答

香港冫耐思得

撰写答案