如何处理spring boot注解中的403禁用错误？

Question

我在spring boot中遇到了处理403禁用问题的问题。因为我的类已经处理过了，所以扩展WebSecurityConfigurerAdapter来定制.It给了我禁止的输出。它应该重定向到403url，但它不工作。我是初学者，不知道哪里错了。

public class WebAppInitializer implements WebApplicationInitializer {
    @Override
    public void onStartup(ServletContext servletContext)
            throws ServletException {
        AnnotationConfigWebApplicationContext ctx = new AnnotationConfigWebApplicationContext();

        ctx.register(SecurityConfiguration.class);  
        ctx.setServletContext(servletContext);  
        //ctx.register(SecurityConfiguration.class);
        DispatcherServlet dispatcherServlet = new DispatcherServlet(ctx);
        dispatcherServlet.setThrowExceptionIfNoHandlerFound(true);


        Dynamic dynamic = servletContext.addServlet("dispatcher", dispatcherServlet);  
        dynamic.addMapping("/data/*");  

        dynamic.setLoadOnStartup(1);
    }
}

和我的AppConfig类

package com.portal.spring.config;

import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

@Configuration
@ComponentScan("com.portal")
@EnableWebMvc
public class AppConfig extends WebMvcConfigurerAdapter {
}

和安全配置

package com.portal.spring.config;
import java.util.logging.Logger;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    private static final Logger log= Logger.getLogger( SecurityConfiguration.class.getName() ); 

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.exceptionHandling().accessDeniedHandler(new AccessDenyHandler());
        }
}

和accessdenyhandler

package com.portal.spring.config;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;

public class AccessDenyHandler implements AccessDeniedHandler {

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response,
            AccessDeniedException arg2) throws IOException, ServletException {
        response.sendRedirect("//403");  
    }
}

Answer 1

这是我的AccessDenied处理程序。我已经显式委托了Spring实现，但我有一些与AccessDeniedHandler相关的东西需要处理。这段代码没有包含在下面的代码中，因为它是特定于应用程序的。其他代码，如SecurityConfig，与我使用的代码类似

public class MyAccessDeniedHandler implements AccessDeniedHandler {

    private AccessDeniedHandlerImpl accessDeniedHandlerImpl = new AccessDeniedHandlerImpl();

    public void handle(HttpServletRequest request, HttpServletResponse response,
            AccessDeniedException accessDeniedException) throws IOException, ServletException {

        //Some CSRF related code 

        // Then call accessDeniedHandlerImpl.handle to handle request
        accessDeniedHandlerImpl.handle(request, response, accessDeniedException);
    }

    /**
     * The error page to use. Must begin with a "/" and is interpreted relative to the current context root.
     *
     * @param errorPage the dispatcher path to display
     *
     * @throws IllegalArgumentException if the argument doesn't comply with the above limitations
     * @see AccessDeniedHandlerImpl#setErrorPage(String)
     */
    public void setErrorPage(String errorPage) {
        // You can set custom error page here 
        accessDeniedHandlerImpl.setErrorPage(errorPage);
    }
}